Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libosmo-sccp-1.3.0+dfsg1/examples/internal.h
Examining data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_demo_user.c
Examining data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_server.c
Examining data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/mtp/mtp_level3.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/mtp/mtp_pcap.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sccp/sccp.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sccp/sccp_types.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/m2ua_types.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/mtp_sap.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/osmo_ss7.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/protocol/m3ua.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/protocol/mtp.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/protocol/sua.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/sccp_helpers.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/sccp_sap.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/sigtran_sap.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/xua_msg.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/xua_types.h
Examining data/libosmo-sccp-1.3.0+dfsg1/src/ipa.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/m3ua.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/mtp_pcap.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_hmrt.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp2sua.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_internal.h
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_sap.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_sclc.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_scoc.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_scrc.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_types.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_user.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_vty.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sua.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/xua_as_fsm.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/xua_as_fsm.h
Examining data/libosmo-sccp-1.3.0+dfsg1/src/xua_asp_fsm.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/xua_asp_fsm.h
Examining data/libosmo-sccp-1.3.0+dfsg1/src/xua_default_lm_fsm.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/xua_internal.h
Examining data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/xua_rkm.c
Examining data/libosmo-sccp-1.3.0+dfsg1/stp/stp_main.c
Examining data/libosmo-sccp-1.3.0+dfsg1/tests/m2ua/m2ua_test.c
Examining data/libosmo-sccp-1.3.0+dfsg1/tests/mtp/mtp_parse_test.c
Examining data/libosmo-sccp-1.3.0+dfsg1/tests/sccp/sccp_test.c
Examining data/libosmo-sccp-1.3.0+dfsg1/tests/ss7/ss7_test.c
Examining data/libosmo-sccp-1.3.0+dfsg1/tests/vty/ss7_asp_vty_test.c
Examining data/libosmo-sccp-1.3.0+dfsg1/tests/xua/sccp_test_data.c
Examining data/libosmo-sccp-1.3.0+dfsg1/tests/xua/sccp_test_data.h
Examining data/libosmo-sccp-1.3.0+dfsg1/tests/xua/xua_test.c
FINAL RESULTS:
data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sccp/sccp.h:104:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
struct sccp_system *system;
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:229:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
rc = sscanf(str, fmtstr, &component[0], &component[1], &component[2]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:268:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, len, fmtstr,
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_hmrt.c:163:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
l = snprintf(pos, sizeof(buf) - (pos - buf), fmt, ## args); \
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:252:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf + printed, size - printed, fmt, ap);
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:490:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf+strlen(buf), fmt, ap);
data/libosmo-sccp-1.3.0+dfsg1/tests/sccp/sccp_test.c:426:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("FAILURE in %s:%d: " x, __FILE__, __LINE__, ## args); \
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_demo_user.c:183:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "cl:r:L:R:C:")) != -1) {
data/libosmo-sccp-1.3.0+dfsg1/stp/stp_main.c:105:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hDc:V", long_options, &option_index);
data/libosmo-sccp-1.3.0+dfsg1/tests/vty/ss7_asp_vty_test.c:83:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hc:d:Dc:sTVe:",
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_demo_user.c:164:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*port = atoi(portstr);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_demo_user.c:217:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
local_pc = atoi(optarg);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_demo_user.c:225:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
remote_pc = atoi(optarg);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:34:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_called_addr.ssn = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:44:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int conn_id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:58:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int conn_id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:72:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int conn_id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:97:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int conn_id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/osmo_ss7.h:359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *host[OSMO_SOCK_MAX_ADDRS];
data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/sccp_sap.h:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digits[32];
data/libosmo-sccp-1.3.0+dfsg1/src/ipa.c:90:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, src_len);
data/libosmo-sccp-1.3.0+dfsg1/src/m3ua.c:339:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_part->dat, data_hdr, sizeof(*data_hdr));
data/libosmo-sccp-1.3.0+dfsg1/src/m3ua.c:340:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_part->dat+sizeof(*data_hdr), data, data_len);
data/libosmo-sccp-1.3.0+dfsg1/src/m3ua.c:443:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(npar->info_string, info_ie->dat, info_ie->len);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:147:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_PC_STR_LEN];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:151:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "%u");
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:157:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "%u");
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:163:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "%u");
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:281:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_PC_STR_LEN];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:289:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_PC_STR_LEN];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:299:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int masklen = atoi(in+1);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:839:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:1211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostbuf_l[64], hostbuf_r[64];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:1378:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufloc[512], bufrem[512];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:1853:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[32];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:1859:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostbuf[INET6_ADDRSTRLEN];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:1861:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portbuf[16];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:1869:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
asp->cfg.remote.port = atoi(portbuf);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:2037:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_hmrt.c:65:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(upmsg->l2h, data_ie->dat+sizeof(*data_hdr), data_ie->len - sizeof(*data_hdr));
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_hmrt.c:151:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:73:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:124:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
inst->cfg.pc_fmt.component_len[0] = atoi(argv[argind++]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:127:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
inst->cfg.pc_fmt.component_len[1] = atoi(argv[argind++]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:132:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
inst->cfg.pc_fmt.component_len[2] = atoi(argv[argind++]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:226:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:316:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rt->cfg.priority = atoi(argv[argind++]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:321:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rt->cfg.qos_class = atoi(argv[argind++]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:401:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:437:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t port = atoi(argv[1]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:461:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t port = atoi(argv[1]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:517:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:534:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int port = atoi(argv[1]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:580:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t remote_port = atoi(argv[1]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:581:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t local_port = atoi(argv[2]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:651:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
asp->cfg.qos_class = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:720:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:721:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:898:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
as->cfg.recovery_timeout_msec = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:908:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
as->cfg.qos_class = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:955:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (as->cfg.proto == OSMO_SS7_ASP_PROT_IPA && atoi(rcontext) != 0) {
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:968:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rkey->context = atoi(rcontext); /* FIXME: input validation */
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:970:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rkey->ssn = ssn ? atoi(ssn) : 0; /* FIXME: input validation */
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1115:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1303:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1307:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip_addr_str[INET6_ADDRSTRLEN];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1543:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entry->addr.ssn = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1575:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ip_addr_backup, &entry->addr.ip, sizeof(entry->addr.ip));
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1605:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ip_addr_backup, &entry->addr.ip, sizeof(entry->addr.ip));
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1667:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entry->addr.gt.gti = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1678:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entry->addr.gt.tt = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1690:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entry->addr.gt.npi = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1702:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entry->addr.gt.nai = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:137:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr->poi, &party->data[read], 2);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:575:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gti, sock->gti, sock->gti_len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:621:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[1], in_data, len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:740:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ref->destination_local_reference, src_ref,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:749:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[2], inp, length);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:786:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&confirm->destination_local_reference,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:788:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&confirm->source_local_reference,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:838:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&req->source_local_reference, src_ref, sizeof(*src_ref));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:853:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[2], l3_data, l3_length);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:906:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dt1->destination_local_reference, dst_ref,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:914:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[1], inp_data, len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:947:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&it->destination_local_reference, &conn->destination_local_reference,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:949:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&it->source_local_reference, &conn->source_local_reference,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:980:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rel->destination_local_reference, dst_ref,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:982:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rel->source_local_reference, src_ref,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:1156:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rlc->destination_local_reference,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:1158:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rlc->source_local_reference,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:1458:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&src_ref, ref, sizeof(*ref));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp2sua.c:420:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, part->dat, part->len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp2sua.c:582:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, data, len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:71:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m->calling_addr, calling_addr, sizeof(*calling_addr));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:72:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m->called_addr, called_addr, sizeof(*called_addr));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:76:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l2h, data, len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:125:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m->calling_addr, calling_addr, sizeof(*calling_addr));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:126:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m->called_addr, called_addr, sizeof(*called_addr));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:132:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l2h, data, len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:165:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l2h, data, len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:198:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m->responding_addr, resp_addr, sizeof(*resp_addr));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:221:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m->responding_addr, resp_addr, sizeof(*resp_addr));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:235:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l2h, data, len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:258:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:264:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "NONE");
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:290:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:314:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_sap.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prim_name_buf[128];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_sclc.c:197:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(upmsg->l2h, data_ie->dat, data_ie->len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_sclc.c:243:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(upmsg->l2h, data_ie->dat, data_ie->len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_scoc.c:465:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_scoc.c:749:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(upmsg->l2h, data_ie->dat, data_ie->len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_scoc.c:765:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(upmsg->l2h, data_ie->dat, data_ie->len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_scoc.c:781:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(upmsg->l2h, data_ie->dat, data_ie->len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_scoc.c:792:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(upmsg->l2h, data_ie->dat, data_ie->len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_user.c:447:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_vty.c:60:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_vty.c:89:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_vty.c:90:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ssn = atoi(argv[1]);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_vty.c:123:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_vty.c:151:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
struct osmo_sccp_timer_val set_val = { .s = atoi(argv[1]) };
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_vty.c:170:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_vty.c:238:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:216:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr, &xua->hdr, sizeof(*hdr));
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:227:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dat, part->dat, part->len);
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:262:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, data, len);
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:412:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char class_buf[64];
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:424:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char iei_buf[64];
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:437:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:496:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/libosmo-sccp-1.3.0+dfsg1/src/xua_rkm.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[32];
data/libosmo-sccp-1.3.0+dfsg1/tests/sccp/sccp_test.c:559:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l2h, test_data[current_test].data, length);
data/libosmo-sccp-1.3.0+dfsg1/tests/sccp/sccp_test.c:587:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l3h, test->data + test->payload_start, test->payload_length);
data/libosmo-sccp-1.3.0+dfsg1/tests/sccp/sccp_test.c:863:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l2h, test_data[current_test].data, length);
data/libosmo-sccp-1.3.0+dfsg1/tests/sccp/sccp_test.c:883:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l2h, parse_result[current_test].input, msgb_l2len(msg));
data/libosmo-sccp-1.3.0+dfsg1/tests/vty/ss7_asp_vty_test.c:108:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_set_log_level(osmo_stderr_target, atoi(optarg));
data/libosmo-sccp-1.3.0+dfsg1/tests/xua/xua_test.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digits[23] = "";
data/libosmo-sccp-1.3.0+dfsg1/tests/xua/xua_test.c:507:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l2h, tcase->sccp.bin, tcase->sccp.length);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:48:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const uint8_t *)data, data ? strlen(data)+1 : 0);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:62:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const uint8_t *)data, data ? strlen(data)+1 : 0);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:75:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
osmo_sccp_tx_data(scu, conn_id, (const uint8_t *)data, strlen(data)+1);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:87:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const uint8_t *)data, strlen(data)+1);
data/libosmo-sccp-1.3.0+dfsg1/src/m3ua.c:402:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(npar->info_string)+1,
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:131:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int curlen = strlen(str);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1288:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(entry->addr.gt.digits))
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1404:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(entry->addr.gt.digits))
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1422:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) >= sizeof(entry->name)) {
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1714:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[0]) > sizeof(entry->addr.gt.digits)) {
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:137:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memcpy(&addr->poi, &party->data[read], 2);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:147:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
addr->ssn = party->data[read];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:154:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
addr->gti_data = &party->data[read];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:167:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (room > read) {
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:168:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t type = msgb->l2h[offset + read];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:181:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (room <= read) {
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:184:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
type, read, room, msgb_l2len(msgb));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp2sua.c:94:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int num_digits = strlen(in_digits);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp2sua.c:277:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
odd = strlen(in->gt.digits) & 1;
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:247:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ",");
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:250:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printed = strlen(buf);
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:303:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int num_digits = strlen(gt->digits);
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:315:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msgb_put_u8(msg, strlen(gt->digits));
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:487:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ",");
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:490:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vsprintf(buf+strlen(buf), fmt, ap);
ANALYSIS SUMMARY:
Hits = 164
Lines analyzed = 23976 in approximately 0.62 seconds (38516 lines/second)
Physical Source Lines of Code (SLOC) = 17436
Hits@level = [0] 129 [1] 25 [2] 129 [3] 3 [4] 7 [5] 0
Hits@level+ = [0+] 293 [1+] 164 [2+] 139 [3+] 10 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 16.8043 [1+] 9.40583 [2+] 7.97201 [3+] 0.573526 [4+] 0.401468 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.