Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libcoap2-4.2.1/src/block.c
Examining data/libcoap2-4.2.1/src/coap_notls.c
Examining data/libcoap2-4.2.1/src/coap_time.c
Examining data/libcoap2-4.2.1/src/coap_hashkey.c
Examining data/libcoap2-4.2.1/src/net.c
Examining data/libcoap2-4.2.1/src/coap_io.c
Examining data/libcoap2-4.2.1/src/mem.c
Examining data/libcoap2-4.2.1/src/encode.c
Examining data/libcoap2-4.2.1/src/coap_session.c
Examining data/libcoap2-4.2.1/src/coap_tinydtls.c
Examining data/libcoap2-4.2.1/src/str.c
Examining data/libcoap2-4.2.1/src/address.c
Examining data/libcoap2-4.2.1/src/subscribe.c
Examining data/libcoap2-4.2.1/src/pdu.c
Examining data/libcoap2-4.2.1/src/resource.c
Examining data/libcoap2-4.2.1/src/coap_gnutls.c
Examining data/libcoap2-4.2.1/src/coap_event.c
Examining data/libcoap2-4.2.1/src/coap_openssl.c
Examining data/libcoap2-4.2.1/src/option.c
Examining data/libcoap2-4.2.1/src/async.c
Examining data/libcoap2-4.2.1/src/uri.c
Examining data/libcoap2-4.2.1/src/coap_debug.c
Examining data/libcoap2-4.2.1/tests/test_pdu.h
Examining data/libcoap2-4.2.1/tests/test_encode.h
Examining data/libcoap2-4.2.1/tests/test_wellknown.h
Examining data/libcoap2-4.2.1/tests/test_options.h
Examining data/libcoap2-4.2.1/tests/test_sendqueue.h
Examining data/libcoap2-4.2.1/tests/test_options.c
Examining data/libcoap2-4.2.1/tests/test_sendqueue.c
Examining data/libcoap2-4.2.1/tests/test_tls.h
Examining data/libcoap2-4.2.1/tests/test_uri.c
Examining data/libcoap2-4.2.1/tests/test_tls.c
Examining data/libcoap2-4.2.1/tests/test_wellknown.c
Examining data/libcoap2-4.2.1/tests/test_error_response.h
Examining data/libcoap2-4.2.1/tests/testdriver.c
Examining data/libcoap2-4.2.1/tests/test_session.h
Examining data/libcoap2-4.2.1/tests/test_pdu.c
Examining data/libcoap2-4.2.1/tests/test_session.c
Examining data/libcoap2-4.2.1/tests/test_error_response.c
Examining data/libcoap2-4.2.1/tests/test_encode.c
Examining data/libcoap2-4.2.1/tests/test_uri.h
Examining data/libcoap2-4.2.1/examples/coap-rd.c
Examining data/libcoap2-4.2.1/examples/coap-server.c
Examining data/libcoap2-4.2.1/examples/client.c
Examining data/libcoap2-4.2.1/examples/etsi_iot_01.c
Examining data/libcoap2-4.2.1/examples/tiny.c
Examining data/libcoap2-4.2.1/examples/getopt.c
Examining data/libcoap2-4.2.1/examples/coap_list.h
Examining data/libcoap2-4.2.1/include/coap2/coap_dtls.h
Examining data/libcoap2-4.2.1/include/coap2/coap_forward_decls.h
Examining data/libcoap2-4.2.1/include/coap2/option.h
Examining data/libcoap2-4.2.1/include/coap2/net.h
Examining data/libcoap2-4.2.1/include/coap2/coap_mutex.h
Examining data/libcoap2-4.2.1/include/coap2/pdu.h
Examining data/libcoap2-4.2.1/include/coap2/coap_hashkey.h
Examining data/libcoap2-4.2.1/include/coap2/coap_io.h
Examining data/libcoap2-4.2.1/include/coap2/bits.h
Examining data/libcoap2-4.2.1/include/coap2/resource.h
Examining data/libcoap2-4.2.1/include/coap2/encode.h
Examining data/libcoap2-4.2.1/include/coap2/coap_session_internal.h
Examining data/libcoap2-4.2.1/include/coap2/address.h
Examining data/libcoap2-4.2.1/include/coap2/uthash.h
Examining data/libcoap2-4.2.1/include/coap2/str.h
Examining data/libcoap2-4.2.1/include/coap2/block.h
Examining data/libcoap2-4.2.1/include/coap2/coap.h
Examining data/libcoap2-4.2.1/include/coap2/coap_subscribe_internal.h
Examining data/libcoap2-4.2.1/include/coap2/async.h
Examining data/libcoap2-4.2.1/include/coap2/mem.h
Examining data/libcoap2-4.2.1/include/coap2/coap_internal.h
Examining data/libcoap2-4.2.1/include/coap2/libcoap.h
Examining data/libcoap2-4.2.1/include/coap2/uri.h
Examining data/libcoap2-4.2.1/include/coap2/subscribe.h
Examining data/libcoap2-4.2.1/include/coap2/coap_event.h
Examining data/libcoap2-4.2.1/include/coap2/utlist.h
Examining data/libcoap2-4.2.1/include/coap2/prng.h
Examining data/libcoap2-4.2.1/include/coap2/coap_debug.h
Examining data/libcoap2-4.2.1/include/coap2/coap_session.h
Examining data/libcoap2-4.2.1/include/coap2/coap_time.h
FINAL RESULTS:
data/libcoap2-4.2.1/include/coap2/coap_debug.h:115:63: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
const char *format, ...) __attribute__ ((format(printf, 2, 3)));
data/libcoap2-4.2.1/include/coap2/uthash.h:427:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0)
data/libcoap2-4.2.1/src/coap_debug.c:32:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define fprintf(fd, ...) LWIP_PLATFORM_DIAG((__VA_ARGS__))
data/libcoap2-4.2.1/src/coap_debug.c:256:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define fprintf(fd, ...) { (void)fd; PRINTF(__VA_ARGS__); }
data/libcoap2-4.2.1/src/coap_debug.c:260:11: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define vfprintf(fd, ...) { (void)fd; vprintf(__VA_ARGS__); }
data/libcoap2-4.2.1/src/coap_debug.c:260:41: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define vfprintf(fd, ...) { (void)fd; vprintf(__VA_ARGS__); }
data/libcoap2-4.2.1/src/coap_debug.c:262:11: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define vfprintf(fd, ...) { (void)fd; PRINTF(__VA_ARGS__); }
data/libcoap2-4.2.1/src/coap_debug.c:776:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf( message, sizeof(message), format, ap);
data/libcoap2-4.2.1/src/coap_debug.c:798:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(log_fd, format, ap);
data/libcoap2-4.2.1/examples/client.c:1340:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "NrUa:b:c:e:f:k:m:p:s:t:o:v:A:B:C:O:P:R:T:u:l:K:")) != -1) {
data/libcoap2-4.2.1/examples/coap-rd.c:632:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "A:g:p:v:")) != -1) {
data/libcoap2-4.2.1/examples/coap-server.c:905:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "A:d:c:C:g:h:k:l:nNp:R:v:")) != -1) {
data/libcoap2-4.2.1/examples/etsi_iot_01.c:630:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "A:p:v:")) != -1) {
data/libcoap2-4.2.1/examples/getopt.c:23:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
static int getopt(int argc, char *argv[], char *opts)
data/libcoap2-4.2.1/include/coap2/prng.h:122:26: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define prng_init(Value) srand((unsigned long)(Value))
data/libcoap2-4.2.1/examples/client.c:41:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char _token_data[8];
data/libcoap2-4.2.1/examples/client.c:114:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(file = fopen((char *)output_file.s, "w"))) {
data/libcoap2-4.2.1/examples/client.c:172:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/libcoap2-4.2.1/examples/client.c:190:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/libcoap2-4.2.1/examples/client.c:271:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char addrstr[256];
data/libcoap2-4.2.1/examples/client.c:276:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addrstr, server->s, server->length);
data/libcoap2-4.2.1/examples/client.c:278:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addrstr, "localhost", 9);
data/libcoap2-4.2.1/examples/client.c:296:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, ainfo->ai_addr, len);
data/libcoap2-4.2.1/examples/client.c:368:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/libcoap2-4.2.1/examples/client.c:607:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/libcoap2-4.2.1/examples/client.c:723:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(arg);
data/libcoap2-4.2.1/examples/client.c:761:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char portbuf[2];
data/libcoap2-4.2.1/examples/client.c:763:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _buf[BUFSIZE];
data/libcoap2-4.2.1/examples/client.c:872:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[4]; /* hack: temporarily take encoded bytes */
data/libcoap2-4.2.1/examples/client.c:891:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
obs_seconds = atoi(arg);
data/libcoap2-4.2.1/examples/client.c:905:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
proxy_port = atoi(proxy_port_str);
data/libcoap2-4.2.1/examples/client.c:914:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
proxy_port = atoi(proxy_port_str);
data/libcoap2-4.2.1/examples/client.c:925:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(proxy.s, arg, proxy.length+1);
data/libcoap2-4.2.1/examples/client.c:933:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)the_token.s, arg, the_token.length);
data/libcoap2-4.2.1/examples/client.c:1105:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inputfile = fopen(filename, "r");
data/libcoap2-4.2.1/examples/client.c:1161:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, arg, len);
data/libcoap2-4.2.1/examples/client.c:1170:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, arg, len);
data/libcoap2-4.2.1/examples/client.c:1193:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char client_sni[256];
data/libcoap2-4.2.1/examples/client.c:1234:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(client_sni, "localhost", 9);
data/libcoap2-4.2.1/examples/client.c:1283:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &bind_addr.addr, rp->ai_addr, rp->ai_addrlen );
data/libcoap2-4.2.1/examples/client.c:1323:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char addr[INET6_ADDRSTRLEN];
data/libcoap2-4.2.1/examples/client.c:1329:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_str[NI_MAXSERV] = "0";
data/libcoap2-4.2.1/examples/client.c:1330:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node_str[NI_MAXHOST] = "";
data/libcoap2-4.2.1/examples/client.c:1333:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char user[MAX_USER + 1], key[MAX_KEY];
data/libcoap2-4.2.1/examples/client.c:1350:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wait_seconds = atoi(optarg);
data/libcoap2-4.2.1/examples/client.c:1394:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_file.s, optarg, output_file.length + 1);
data/libcoap2-4.2.1/examples/client.c:1436:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ping_seconds = atoi(optarg);
data/libcoap2-4.2.1/examples/coap-rd.c:57:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char etag[8]; /**< ETag for current description */
data/libcoap2-4.2.1/examples/coap-rd.c:105:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3];
data/libcoap2-4.2.1/examples/coap-rd.c:166:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rd->data.s, data, rd->data.length);
data/libcoap2-4.2.1/examples/coap-rd.c:172:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rd->etag, COAP_OPT_VALUE(etag), rd->etag_len);
data/libcoap2-4.2.1/examples/coap-rd.c:233:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3];
data/libcoap2-4.2.1/examples/coap-rd.c:378:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rd->data.s, data, rd->data.length);
data/libcoap2-4.2.1/examples/coap-rd.c:384:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rd->etag, coap_opt_value(etag), rd->etag_len);
data/libcoap2-4.2.1/examples/coap-rd.c:412:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loc, RD_ROOT_STR, RD_ROOT_SIZE);
data/libcoap2-4.2.1/examples/coap-rd.c:426:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loc + loc_size, h.s, min(h.length, LOCSIZE - loc_size - 1));
data/libcoap2-4.2.1/examples/coap-rd.c:431:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(loc + loc_size),
data/libcoap2-4.2.1/examples/coap-rd.c:444:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(loc + loc_size),
data/libcoap2-4.2.1/examples/coap-rd.c:476:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 1, ins.s, ins.length);
data/libcoap2-4.2.1/examples/coap-rd.c:492:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 1, rt.s, rt.length);
data/libcoap2-4.2.1/examples/coap-rd.c:525:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _b[LOCSIZE];
data/libcoap2-4.2.1/examples/coap-rd.c:560:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/libcoap2-4.2.1/examples/coap-rd.c:602:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.addr, rp->ai_addr, rp->ai_addrlen);
data/libcoap2-4.2.1/examples/coap-rd.c:623:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[NI_MAXHOST] = "::";
data/libcoap2-4.2.1/examples/coap-rd.c:624:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_str[NI_MAXSERV] = "5683";
data/libcoap2-4.2.1/examples/coap-server.c:111:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[40];
data/libcoap2-4.2.1/examples/coap-server.c:191:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3];
data/libcoap2-4.2.1/examples/coap-server.c:420:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[6]; /* space to hold encoded/decoded uints */
data/libcoap2-4.2.1/examples/coap-server.c:511:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&resource_entry->value->s[offset], data, size);
data/libcoap2-4.2.1/examples/coap-server.c:514:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (resource_entry->value->s, value->s, value->length);
data/libcoap2-4.2.1/examples/coap-server.c:543:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (resource_entry->value->s, data, size);
data/libcoap2-4.2.1/examples/coap-server.c:735:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/libcoap2-4.2.1/examples/coap-server.c:830:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.addr, rp->ai_addr, rp->ai_addrlen);
data/libcoap2-4.2.1/examples/coap-server.c:879:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, arg, len);
data/libcoap2-4.2.1/examples/coap-server.c:890:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[NI_MAXHOST] = "::";
data/libcoap2-4.2.1/examples/coap-server.c:891:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_str[NI_MAXSERV] = "5683";
data/libcoap2-4.2.1/examples/coap-server.c:918:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
support_dynamic = atoi(optarg);
data/libcoap2-4.2.1/examples/etsi_iot_01.c:109:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3];
data/libcoap2-4.2.1/examples/etsi_iot_01.c:189:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _buf[BUFSIZE];
data/libcoap2-4.2.1/examples/etsi_iot_01.c:209:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(test_payload->data, data, len);
data/libcoap2-4.2.1/examples/etsi_iot_01.c:274:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload->data, data, len);
data/libcoap2-4.2.1/examples/etsi_iot_01.c:327:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[70];
data/libcoap2-4.2.1/examples/etsi_iot_01.c:344:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + len, "Uri-Query: ", L);
data/libcoap2-4.2.1/examples/etsi_iot_01.c:348:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + len, coap_opt_value(q), L);
data/libcoap2-4.2.1/examples/etsi_iot_01.c:464:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inputfile = fopen(filename, "r");
data/libcoap2-4.2.1/examples/etsi_iot_01.c:489:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(test_payload->data, "put data here", test_payload->length);
data/libcoap2-4.2.1/examples/etsi_iot_01.c:532:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(test_payload->data, "segsegseg!", test_payload->length);
data/libcoap2-4.2.1/examples/etsi_iot_01.c:602:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.addr, rp->ai_addr, rp->ai_addrlen);
data/libcoap2-4.2.1/examples/etsi_iot_01.c:624:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[NI_MAXHOST] = "::";
data/libcoap2-4.2.1/examples/etsi_iot_01.c:625:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_str[NI_MAXSERV] = "5683";
data/libcoap2-4.2.1/examples/tiny.c:43:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[20];
data/libcoap2-4.2.1/examples/tiny.c:55:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf((char *)buf, "%c%u", enc, COAP_PSEUDOFP_DECODE_8_4(enc));
data/libcoap2-4.2.1/examples/tiny.c:104:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.addr, rp->ai_addr, rp->ai_addrlen);
data/libcoap2-4.2.1/include/coap2/address.h:110:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dst, src, sizeof( coap_address_t ) );
data/libcoap2-4.2.1/include/coap2/address.h:122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dst->addr, &src->addr, src->size );
data/libcoap2-4.2.1/include/coap2/coap_hashkey.h:22:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char coap_key_t[4];
data/libcoap2-4.2.1/include/coap2/coap_io.h:221:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char payload[COAP_RXBUFFER_SIZE]; /**< payload */
data/libcoap2-4.2.1/include/coap2/coap_subscribe_internal.h:57:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char token[8]; /**< token used for subscription */
data/libcoap2-4.2.1/include/coap2/prng.h:36:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &v, sizeof(v));
data/libcoap2-4.2.1/include/coap2/prng.h:42:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &v, len);
data/libcoap2-4.2.1/include/coap2/prng.h:53:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &v, sizeof(v));
data/libcoap2-4.2.1/include/coap2/prng.h:59:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &v, len);
data/libcoap2-4.2.1/src/async.c:66:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->token, request->token, s->tokenlen);
data/libcoap2-4.2.1/src/block.c:67:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/libcoap2-4.2.1/src/block.c:153:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/libcoap2-4.2.1/src/coap_debug.c:186:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "(unknown address type)", min(22, len));
data/libcoap2-4.2.1/src/coap_debug.c:281:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5];
data/libcoap2-4.2.1/src/coap_debug.c:342:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[6];
data/libcoap2-4.2.1/src/coap_debug.c:458:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[min(COAP_DEBUG_BUF_SIZE, 1024)]; /* need some space for output creation */
data/libcoap2-4.2.1/src/coap_debug.c:459:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outbuf[COAP_DEBUG_BUF_SIZE];
data/libcoap2-4.2.1/src/coap_debug.c:461:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[min(COAP_DEBUG_BUF_SIZE, 1024)]; /* need some space for output creation */
data/libcoap2-4.2.1/src/coap_debug.c:462:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[COAP_DEBUG_BUF_SIZE];
data/libcoap2-4.2.1/src/coap_debug.c:664:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/libcoap2-4.2.1/src/coap_debug.c:672:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char beta[8];
data/libcoap2-4.2.1/src/coap_debug.c:673:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub[2];
data/libcoap2-4.2.1/src/coap_debug.c:674:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b_beta[8];
data/libcoap2-4.2.1/src/coap_debug.c:675:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b_sub[2];
data/libcoap2-4.2.1/src/coap_debug.c:694:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(beta, "-dev");
data/libcoap2-4.2.1/src/coap_debug.c:700:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(beta, "-beta");
data/libcoap2-4.2.1/src/coap_debug.c:710:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(b_beta, "-dev");
data/libcoap2-4.2.1/src/coap_debug.c:716:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(b_beta, "-beta");
data/libcoap2-4.2.1/src/coap_debug.c:766:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char message[COAP_DEBUG_BUF_SIZE];
data/libcoap2-4.2.1/src/coap_debug.c:768:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[COAP_DEBUG_BUF_SIZE];
data/libcoap2-4.2.1/src/coap_debug.c:783:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[32];
data/libcoap2-4.2.1/src/coap_gnutls.c:321:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g_context->alpn_proto.data, "coap", 4);
data/libcoap2-4.2.1/src/coap_gnutls.c:403:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*username, identity, identity_len);
data/libcoap2-4.2.1/src/coap_gnutls.c:409:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key->data, psk_key, psk_len);
data/libcoap2-4.2.1/src/coap_gnutls.c:425:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dn[256];
data/libcoap2-4.2.1/src/coap_gnutls.c:986:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key->data, buf, psk_len);
data/libcoap2-4.2.1/src/coap_gnutls.c:1065:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, data->pdu, outl);
data/libcoap2-4.2.1/src/coap_gnutls.c:1070:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, data->pdu, data->pdu_len);
data/libcoap2-4.2.1/src/coap_io.c:849:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
data/libcoap2-4.2.1/src/coap_io.c:901:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA(cmsg),
data/libcoap2-4.2.1/src/coap_io.c:954:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA(cmsg),
data/libcoap2-4.2.1/src/coap_io.c:1052:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
data/libcoap2-4.2.1/src/coap_io.c:1129:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&packet->addr_info.local.addr.sin6.sin6_addr,
data/libcoap2-4.2.1/src/coap_io.c:1148:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->addr_info.local.addr.sin6.sin6_addr.s6_addr + 12,
data/libcoap2-4.2.1/src/coap_io.c:1151:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&packet->addr_info.local.addr.sin.sin_addr,
data/libcoap2-4.2.1/src/coap_io.c:1160:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&packet->addr_info.local.addr.sin.sin_addr,
data/libcoap2-4.2.1/src/coap_io.c:1215:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)uip_appdata)[len] = 0;
data/libcoap2-4.2.1/src/coap_io.c:1220:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char addr_str[INET6_ADDRSTRLEN + 8];
data/libcoap2-4.2.1/src/coap_io.c:1229:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&packet->payload, uip_appdata, len);
data/libcoap2-4.2.1/src/coap_io.c:1635:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szError[256];
data/libcoap2-4.2.1/src/coap_io.c:1637:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szError, "Unknown error");
data/libcoap2-4.2.1/src/coap_openssl.c:213:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, data->pdu, outl);
data/libcoap2-4.2.1/src/coap_openssl.c:216:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, data->pdu, data->pdu_len);
data/libcoap2-4.2.1/src/coap_openssl.c:1006:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/libcoap2-4.2.1/src/coap_openssl.c:1212:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(secret, session->context->psk_key, session->context->psk_key_len);
data/libcoap2-4.2.1/src/coap_openssl.c:1462:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sni_tmp, out, outlen);
data/libcoap2-4.2.1/src/coap_openssl.c:1728:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hint[128] = "";
data/libcoap2-4.2.1/src/coap_openssl.c:2022:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cipher[128];
data/libcoap2-4.2.1/src/coap_openssl.c:2139:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hint[128] = "";
data/libcoap2-4.2.1/src/coap_session.c:799:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->psk_identity, identity, identity_len);
data/libcoap2-4.2.1/src/coap_session.c:816:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->psk_key, key, key_len);
data/libcoap2-4.2.1/src/coap_session.c:971:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char addr_str[INET6_ADDRSTRLEN + 8];
data/libcoap2-4.2.1/src/coap_session.c:1050:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szSession[256];
data/libcoap2-4.2.1/src/coap_session.c:1056:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, " <-> ");
data/libcoap2-4.2.1/src/coap_session.c:1068:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, " UDP ");
data/libcoap2-4.2.1/src/coap_session.c:1071:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, " DTLS");
data/libcoap2-4.2.1/src/coap_session.c:1074:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, " TCP ");
data/libcoap2-4.2.1/src/coap_session.c:1077:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, " TLS ");
data/libcoap2-4.2.1/src/coap_session.c:1080:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, " NONE");
data/libcoap2-4.2.1/src/coap_session.c:1089:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szEndpoint[128];
data/libcoap2-4.2.1/src/coap_session.c:1095:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, " UDP");
data/libcoap2-4.2.1/src/coap_session.c:1098:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, " DTLS");
data/libcoap2-4.2.1/src/coap_session.c:1101:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, " NONE");
data/libcoap2-4.2.1/src/coap_tinydtls.c:182:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, psk, psk_len);
data/libcoap2-4.2.1/src/mem.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[COAP_MAX_STRING_SIZE];
data/libcoap2-4.2.1/src/mem.c:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[COAP_MAX_PACKET_SIZE];
data/libcoap2-4.2.1/src/net.c:296:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(identity, session->psk_identity, session->psk_identity_len);
data/libcoap2-4.2.1/src/net.c:297:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psk, session->psk_key, session->psk_key_len);
data/libcoap2-4.2.1/src/net.c:304:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psk, session->context->psk_key, session->context->psk_key_len);
data/libcoap2-4.2.1/src/net.c:322:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psk, ctx->psk_key, ctx->psk_key_len);
data/libcoap2-4.2.1/src/net.c:335:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hint, ctx->psk_hint, ctx->psk_hint_len);
data/libcoap2-4.2.1/src/net.c:355:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->psk_hint, hint, hint_len);
data/libcoap2-4.2.1/src/net.c:371:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->psk_key, key, key_len);
data/libcoap2-4.2.1/src/net.c:1266:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->partial_pdu->token - session->partial_pdu->hdr_size
data/libcoap2-4.2.1/src/net.c:1286:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->read_header + session->partial_read, p, n);
data/libcoap2-4.2.1/src/net.c:1303:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->partial_pdu->token - hdr_size, session->read_header, hdr_size);
data/libcoap2-4.2.1/src/net.c:1820:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/libcoap2-4.2.1/src/option.c:127:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oi->filter, filter, sizeof(coap_opt_filter_t));
data/libcoap2-4.2.1/src/option.c:419:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opt, val, length);
data/libcoap2-4.2.1/src/option.c:553:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->data, data, length);
data/libcoap2-4.2.1/src/pdu.c:205:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu->token, data, len);
data/libcoap2-4.2.1/src/pdu.c:294:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload, data, len);
data/libcoap2-4.2.1/src/pdu.c:560:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu->token - hdr_size, data, length);
data/libcoap2-4.2.1/src/resource.c:668:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->token, token->s, min(s->token_length, 8));
data/libcoap2-4.2.1/src/resource.c:705:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[2 * 8 + 1] = "";
data/libcoap2-4.2.1/src/resource.c:905:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char addr[INET6_ADDRSTRLEN+8];
data/libcoap2-4.2.1/src/str.c:35:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->s, data, size);
data/libcoap2-4.2.1/src/uri.c:436:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(URI_DATA(result), uri, length);
data/libcoap2-4.2.1/src/uri.c:468:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, uri->host.s, uri->host.length);
data/libcoap2-4.2.1/src/uri.c:475:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, uri->path.s, uri->path.length);
data/libcoap2-4.2.1/src/uri.c:482:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, uri->query.s, uri->query.length);
data/libcoap2-4.2.1/tests/test_options.c:186:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _data[505];
data/libcoap2-4.2.1/tests/test_options.c:239:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[40];
data/libcoap2-4.2.1/tests/test_options.c:251:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[40];
data/libcoap2-4.2.1/tests/test_options.c:263:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[40];
data/libcoap2-4.2.1/tests/test_options.c:275:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[40];
data/libcoap2-4.2.1/tests/test_options.c:287:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[40];
data/libcoap2-4.2.1/tests/test_options.c:299:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[40];
data/libcoap2-4.2.1/tests/test_options.c:312:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[40];
data/libcoap2-4.2.1/tests/test_options.c:327:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[40];
data/libcoap2-4.2.1/tests/test_options.c:344:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[40] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
data/libcoap2-4.2.1/tests/test_uri.c:146:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[40];
data/libcoap2-4.2.1/tests/test_uri.c:239:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[40];
data/libcoap2-4.2.1/tests/test_uri.c:280:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[40];
data/libcoap2-4.2.1/tests/test_uri.c:357:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof(teststr) + 1];
data/libcoap2-4.2.1/tests/test_uri.c:380:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof(teststr) - 1];
data/libcoap2-4.2.1/tests/test_uri.c:395:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/libcoap2-4.2.1/tests/test_uri.c:416:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof(teststr) + 2];
data/libcoap2-4.2.1/tests/test_uri.c:569:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[40];
data/libcoap2-4.2.1/tests/test_wellknown.c:34:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[40];
data/libcoap2-4.2.1/tests/test_wellknown.c:83:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[10]; /* smaller than teststr */
data/libcoap2-4.2.1/tests/test_wellknown.c:137:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char uris[2 * 1024];
data/libcoap2-4.2.1/tests/test_wellknown.c:139:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[40];
data/libcoap2-4.2.1/tests/test_wellknown.c:192:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3];
data/libcoap2-4.2.1/tests/test_wellknown.c:221:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[TEST_PDU_SIZE];
data/libcoap2-4.2.1/tests/test_wellknown.c:274:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _buf[2 * 1024];
data/libcoap2-4.2.1/examples/client.c:727:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(arg, content_types[i].media_type, strlen(arg)) != 0 ;
data/libcoap2-4.2.1/examples/client.c:769:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(arg);
data/libcoap2-4.2.1/examples/client.c:786:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (coap_split_uri((unsigned char *)arg, strlen(arg), &uri) < 0) {
data/libcoap2-4.2.1/examples/client.c:919:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
proxy.length = strlen(arg);
data/libcoap2-4.2.1/examples/client.c:931:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
the_token.length = min(sizeof(_token_data), strlen(arg));
data/libcoap2-4.2.1/examples/client.c:1002:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
coap_new_optlist(num, strlen(arg), (unsigned char *)arg));
data/libcoap2-4.2.1/examples/client.c:1072:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = check_segment((unsigned char *)text, strlen(text));
data/libcoap2-4.2.1/examples/client.c:1082:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
decode_segment((unsigned char *)text, strlen(text), buf->s);
data/libcoap2-4.2.1/examples/client.c:1343:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(node_str, optarg, NI_MAXHOST - 1);
data/libcoap2-4.2.1/examples/client.c:1373:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(port_str, optarg, NI_MAXSERV - 1);
data/libcoap2-4.2.1/examples/client.c:1386:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output_file.length = strlen(optarg);
data/libcoap2-4.2.1/examples/client.c:1531:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strlen(addr) != uri.host.length
data/libcoap2-4.2.1/examples/coap-rd.c:635:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr_str, optarg, NI_MAXHOST-1);
data/libcoap2-4.2.1/examples/coap-rd.c:642:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(port_str, optarg, NI_MAXSERV-1);
data/libcoap2-4.2.1/examples/coap-server.c:99:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(INDEX),
data/libcoap2-4.2.1/examples/coap-server.c:908:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr_str, optarg, NI_MAXHOST-1);
data/libcoap2-4.2.1/examples/coap-server.c:951:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(port_str, optarg, NI_MAXSERV-1);
data/libcoap2-4.2.1/examples/etsi_iot_01.c:121:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
coap_add_data(response, strlen(INDEX), (const uint8_t *)INDEX);
data/libcoap2-4.2.1/examples/etsi_iot_01.c:198:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri = coap_new_str_const(buf, strlen((char *)buf));
data/libcoap2-4.2.1/examples/etsi_iot_01.c:633:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr_str, optarg, NI_MAXHOST-1);
data/libcoap2-4.2.1/examples/etsi_iot_01.c:637:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(port_str, optarg, NI_MAXSERV-1);
data/libcoap2-4.2.1/include/coap2/option.h:89:69: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
#error COAP_OPT_FILTER_SHORT + COAP_OPT_FILTER_LONG must be less or equal 16
data/libcoap2-4.2.1/include/coap2/uthash.h:98:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define uthash_strlen(s) strlen(s)
data/libcoap2-4.2.1/src/block.c:257:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(coap_response_phrase(response->code)),
data/libcoap2-4.2.1/src/coap_debug.c:486:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuflen = strlen(outbuf);
data/libcoap2-4.2.1/src/coap_debug.c:490:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuflen = strlen(outbuf);
data/libcoap2-4.2.1/src/coap_debug.c:496:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuflen = strlen(outbuf);
data/libcoap2-4.2.1/src/coap_debug.c:502:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuflen = strlen(outbuf);
data/libcoap2-4.2.1/src/coap_debug.c:589:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuflen = strlen(outbuf);
data/libcoap2-4.2.1/src/coap_debug.c:595:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuflen = strlen(outbuf);
data/libcoap2-4.2.1/src/coap_debug.c:600:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuflen = strlen(outbuf);
data/libcoap2-4.2.1/src/coap_debug.c:607:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuflen = strlen(outbuf);
data/libcoap2-4.2.1/src/coap_debug.c:617:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuflen = strlen(outbuf);
data/libcoap2-4.2.1/src/coap_debug.c:621:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuflen = strlen(outbuf);
data/libcoap2-4.2.1/src/coap_debug.c:625:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuflen = strlen(outbuf);
data/libcoap2-4.2.1/src/coap_debug.c:635:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuflen = strlen(outbuf);
data/libcoap2-4.2.1/src/coap_debug.c:640:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuflen = strlen(outbuf);
data/libcoap2-4.2.1/src/coap_debug.c:645:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuflen = strlen(outbuf);
data/libcoap2-4.2.1/src/coap_debug.c:653:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuflen = strlen(outbuf);
data/libcoap2-4.2.1/src/coap_debug.c:697:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(beta, "");
data/libcoap2-4.2.1/src/coap_debug.c:713:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(b_beta, "");
data/libcoap2-4.2.1/src/coap_gnutls.c:460:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(dn) - 3;
data/libcoap2-4.2.1/src/coap_gnutls.c:941:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(setup_data->client_sni)),
data/libcoap2-4.2.1/src/coap_gnutls.c:970:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
identity_len = strlen(identity);
data/libcoap2-4.2.1/src/coap_openssl.c:255:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return coap_dgram_write(a, pstr, (int)strlen(pstr));
data/libcoap2-4.2.1/src/coap_openssl.c:346:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hint_len = strlen(hint);
data/libcoap2-4.2.1/src/coap_openssl.c:366:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
identity_len = strlen(identity);
data/libcoap2-4.2.1/src/coap_openssl.c:478:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return coap_sock_write(a, pstr, (int)strlen(pstr));
data/libcoap2-4.2.1/src/coap_openssl.c:1019:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ASN1_STRING_length(name->d.dNSName) != (int)strlen (dns_name))
data/libcoap2-4.2.1/src/coap_openssl.c:1032:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(buffer) - 3;
data/libcoap2-4.2.1/src/coap_session.c:795:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (identity && (strlen(identity) > 0)) {
data/libcoap2-4.2.1/src/coap_session.c:796:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t identity_len = strlen(identity);
data/libcoap2-4.2.1/src/coap_session.c:1054:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p);
data/libcoap2-4.2.1/src/coap_session.c:1062:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p);
data/libcoap2-4.2.1/src/coap_session.c:1092:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p);
data/libcoap2-4.2.1/src/net.c:69:34: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
#error FRAC_BITS must be less or equal 8
data/libcoap2-4.2.1/src/net.c:352:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t hint_len = strlen(hint);
data/libcoap2-4.2.1/src/net.c:1547:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(ctx->eptimerfd, &count, sizeof(count));
data/libcoap2-4.2.1/src/net.c:1735:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(phrase) + 1;
data/libcoap2-4.2.1/src/net.c:1807:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
coap_add_data(response, (size_t)strlen(phrase), (const uint8_t *)phrase);
data/libcoap2-4.2.1/src/str.c:49:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var[ofs].length = strlen(string);
data/libcoap2-4.2.1/tests/test_uri.c:23:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = coap_split_uri((unsigned char *)teststr, strlen(teststr), &uri);
data/libcoap2-4.2.1/tests/test_uri.c:46:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = coap_split_uri((unsigned char *)teststr, strlen(teststr), &uri);
data/libcoap2-4.2.1/tests/test_uri.c:69:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = coap_split_uri((unsigned char *)teststr, strlen(teststr), &uri);
data/libcoap2-4.2.1/tests/test_uri.c:91:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = coap_split_uri((unsigned char *)teststr, strlen(teststr), &uri);
data/libcoap2-4.2.1/tests/test_uri.c:101:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = coap_split_uri((unsigned char *)teststr, strlen(teststr), &uri);
data/libcoap2-4.2.1/tests/test_uri.c:124:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = coap_split_uri((unsigned char *)teststr, strlen(teststr), &uri);
data/libcoap2-4.2.1/tests/test_uri.c:159:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = coap_split_uri((unsigned char *)teststr, strlen(teststr), &uri);
data/libcoap2-4.2.1/tests/test_uri.c:188:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = coap_split_uri((unsigned char *)teststr, strlen(teststr), &uri);
data/libcoap2-4.2.1/tests/test_uri.c:202:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = coap_split_uri((unsigned char *)teststr, strlen(teststr), &uri);
data/libcoap2-4.2.1/tests/test_uri.c:216:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = coap_split_uri((unsigned char *)teststr, strlen(teststr), &uri);
data/libcoap2-4.2.1/tests/test_uri.c:251:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = coap_split_uri((unsigned char *)teststr, strlen(teststr), &uri);
data/libcoap2-4.2.1/tests/test_uri.c:289:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = coap_split_uri((unsigned char *)teststr, strlen(teststr), &uri);
data/libcoap2-4.2.1/tests/test_uri.c:360:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = coap_split_query((unsigned char *)teststr, strlen(teststr),
data/libcoap2-4.2.1/tests/test_uri.c:364:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_ASSERT(buf[1] == strlen(teststr) - 13);
data/libcoap2-4.2.1/tests/test_uri.c:366:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_ASSERT_NSTRING_EQUAL(buf+2, teststr, strlen(teststr));
data/libcoap2-4.2.1/tests/test_uri.c:383:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = coap_split_query((unsigned char *)teststr, strlen(teststr),
data/libcoap2-4.2.1/tests/test_uri.c:398:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = coap_split_query((unsigned char *)teststr, strlen(teststr),
data/libcoap2-4.2.1/tests/test_uri.c:419:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = coap_split_query((unsigned char *)teststr, strlen(teststr),
data/libcoap2-4.2.1/tests/test_uri.c:423:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_ASSERT(buf[1] == (((strlen(teststr) - 269) >> 8) & 0xff));
data/libcoap2-4.2.1/tests/test_uri.c:424:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_ASSERT(buf[2] == ((strlen(teststr) - 269) & 0xff));
data/libcoap2-4.2.1/tests/test_uri.c:426:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_ASSERT_NSTRING_EQUAL(buf+3, teststr, strlen(teststr));
ANALYSIS SUMMARY:
Hits = 301
Lines analyzed = 31864 in approximately 1.01 seconds (31601 lines/second)
Physical Source Lines of Code (SLOC) = 21944
Hits@level = [0] 117 [1] 82 [2] 204 [3] 6 [4] 9 [5] 0
Hits@level+ = [0+] 418 [1+] 301 [2+] 219 [3+] 15 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 19.0485 [1+] 13.7167 [2+] 9.97995 [3+] 0.683558 [4+] 0.410135 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.