Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libsodium-1.0.18/builds/msvc/resource.h
Examining data/libsodium-1.0.18/builds/msvc/version.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_auth/crypto_auth.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512256/auth_hmacsha512256.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_easy.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_seal.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ristretto255.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/fe_25_5/base.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/fe_25_5/base2.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/fe_25_5/constants.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/fe_25_5/fe.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/fe_51/base.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/fe_51/base2.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/fe_51/constants.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_core/hchacha20/core_hchacha20.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_core/hsalsa20/core_hsalsa20.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_core/hsalsa20/ref2/core_hsalsa20_ref2.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_core/salsa/ref/core_salsa_ref.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/generichash_blake2.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ref.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-sse41.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-sse41.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ssse3.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ssse3.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-load-avx2.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-load-sse2.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-load-sse41.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/generichash_blake2b.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/crypto_generichash.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_hash/crypto_hash.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_hash/sha256/cp/hash_sha256_cp.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_hash/sha256/hash_sha256.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_hash/sha512/cp/hash_sha512_cp.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_hash/sha512/hash_sha512.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_kdf/blake2b/kdf_blake2b.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_kdf/crypto_kdf.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/crypto_onetimeauth.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-core.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-core.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-avx2.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-avx512f.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-ref.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-ssse3.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blake2b-long.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blake2b-long.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blamka-round-avx2.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blamka-round-avx512f.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blamka-round-ref.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blamka-round-ssse3.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2id.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/crypto_pwhash.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/crypto_scalarmult.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/consts_namespace.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/curve25519_sandy2x.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/curve25519_sandy2x.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_invert.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_namespace.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe_frombytes_sandy2x.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base_namespace.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_namespace.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/scalarmult_curve25519.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/scalarmult_curve25519.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/ristretto255/ref10/scalarmult_ristretto255_ref10.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_secretbox/crypto_secretbox.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_shorthash/crypto_shorthash.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphash24_ref.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphash_ref.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_shorthash/siphash24/shorthash_siphash24.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_shorthash/siphash24/shorthash_siphashx24.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_sign/crypto_sign.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/keypair.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/open.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign_ed25519_ref10.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/sign_ed25519.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-avx2.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-avx2.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-ssse3.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-ssse3.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/dolbeau/u0.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/dolbeau/u1.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/dolbeau/u4.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/dolbeau/u8.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/ref/chacha20_ref.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/ref/chacha20_ref.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/stream_chacha20.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/stream_chacha20.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/crypto_stream.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/ref/salsa20_ref.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/ref/salsa20_ref.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/stream_salsa20.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/stream_salsa20.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6/salsa20_xmm6.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6/salsa20_xmm6.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6int/salsa20_xmm6int-avx2.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6int/salsa20_xmm6int-avx2.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6int/salsa20_xmm6int-sse2.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6int/salsa20_xmm6int-sse2.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6int/u0.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6int/u1.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6int/u4.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6int/u8.h
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/ref/stream_salsa2012_ref.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/stream_salsa2012.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208_ref.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/stream_salsa208.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/xchacha20/stream_xchacha20.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/xsalsa20/stream_xsalsa20.c
Examining data/libsodium-1.0.18/src/libsodium/crypto_verify/sodium/verify.c
Examining data/libsodium-1.0.18/src/libsodium/include/sodium.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/core.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_aead_aes256gcm.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_aead_xchacha20poly1305.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_auth.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_auth_hmacsha256.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_auth_hmacsha512.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_auth_hmacsha512256.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_box.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_box_curve25519xchacha20poly1305.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_box_curve25519xsalsa20poly1305.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_core_ed25519.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_core_hchacha20.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_core_hsalsa20.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_core_ristretto255.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_core_salsa20.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_core_salsa2012.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_core_salsa208.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_generichash.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_generichash_blake2b.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_hash.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_hash_sha256.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_hash_sha512.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf_blake2b.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_onetimeauth.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_argon2i.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_argon2id.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_scalarmult.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_scalarmult_curve25519.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_scalarmult_ed25519.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_scalarmult_ristretto255.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretbox.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretbox_xchacha20poly1305.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretbox_xsalsa20poly1305.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_shorthash.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_shorthash_siphash24.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_sign.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_sign_ed25519.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_sign_edwards25519sha512batch.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_chacha20.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_salsa20.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_salsa2012.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_salsa208.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_xchacha20.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_xsalsa20.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_verify_16.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_verify_32.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_verify_64.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/export.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/private/chacha20_ietf_ext.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10_fe_25_5.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/private/implementations.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/private/mutex.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/private/sse2_64_32.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/randombytes.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/randombytes_internal_random.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/randombytes_sysrandom.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/runtime.h
Examining data/libsodium-1.0.18/src/libsodium/include/sodium/utils.h
Examining data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c
Examining data/libsodium-1.0.18/src/libsodium/randombytes/randombytes.c
Examining data/libsodium-1.0.18/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c
Examining data/libsodium-1.0.18/src/libsodium/sodium/codecs.c
Examining data/libsodium-1.0.18/src/libsodium/sodium/core.c
Examining data/libsodium-1.0.18/src/libsodium/sodium/runtime.c
Examining data/libsodium-1.0.18/src/libsodium/sodium/utils.c
Examining data/libsodium-1.0.18/src/libsodium/sodium/version.c
Examining data/libsodium-1.0.18/test/default/aead_aes256gcm.c
Examining data/libsodium-1.0.18/test/default/aead_aes256gcm2.c
Examining data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c
Examining data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c
Examining data/libsodium-1.0.18/test/default/aead_xchacha20poly1305.c
Examining data/libsodium-1.0.18/test/default/auth.c
Examining data/libsodium-1.0.18/test/default/auth2.c
Examining data/libsodium-1.0.18/test/default/auth3.c
Examining data/libsodium-1.0.18/test/default/auth5.c
Examining data/libsodium-1.0.18/test/default/auth6.c
Examining data/libsodium-1.0.18/test/default/auth7.c
Examining data/libsodium-1.0.18/test/default/box.c
Examining data/libsodium-1.0.18/test/default/box2.c
Examining data/libsodium-1.0.18/test/default/box7.c
Examining data/libsodium-1.0.18/test/default/box8.c
Examining data/libsodium-1.0.18/test/default/box_easy.c
Examining data/libsodium-1.0.18/test/default/box_easy2.c
Examining data/libsodium-1.0.18/test/default/box_seal.c
Examining data/libsodium-1.0.18/test/default/box_seed.c
Examining data/libsodium-1.0.18/test/default/chacha20.c
Examining data/libsodium-1.0.18/test/default/cmptest.h
Examining data/libsodium-1.0.18/test/default/codecs.c
Examining data/libsodium-1.0.18/test/default/core1.c
Examining data/libsodium-1.0.18/test/default/core2.c
Examining data/libsodium-1.0.18/test/default/core3.c
Examining data/libsodium-1.0.18/test/default/core4.c
Examining data/libsodium-1.0.18/test/default/core5.c
Examining data/libsodium-1.0.18/test/default/core6.c
Examining data/libsodium-1.0.18/test/default/core_ed25519.c
Examining data/libsodium-1.0.18/test/default/core_ristretto255.c
Examining data/libsodium-1.0.18/test/default/ed25519_convert.c
Examining data/libsodium-1.0.18/test/default/generichash.c
Examining data/libsodium-1.0.18/test/default/generichash2.c
Examining data/libsodium-1.0.18/test/default/generichash3.c
Examining data/libsodium-1.0.18/test/default/hash.c
Examining data/libsodium-1.0.18/test/default/hash3.c
Examining data/libsodium-1.0.18/test/default/kdf.c
Examining data/libsodium-1.0.18/test/default/keygen.c
Examining data/libsodium-1.0.18/test/default/kx.c
Examining data/libsodium-1.0.18/test/default/metamorphic.c
Examining data/libsodium-1.0.18/test/default/misuse.c
Examining data/libsodium-1.0.18/test/default/onetimeauth.c
Examining data/libsodium-1.0.18/test/default/onetimeauth2.c
Examining data/libsodium-1.0.18/test/default/onetimeauth7.c
Examining data/libsodium-1.0.18/test/default/pwhash_argon2i.c
Examining data/libsodium-1.0.18/test/default/pwhash_argon2id.c
Examining data/libsodium-1.0.18/test/default/pwhash_scrypt.c
Examining data/libsodium-1.0.18/test/default/pwhash_scrypt_ll.c
Examining data/libsodium-1.0.18/test/default/randombytes.c
Examining data/libsodium-1.0.18/test/default/scalarmult.c
Examining data/libsodium-1.0.18/test/default/scalarmult2.c
Examining data/libsodium-1.0.18/test/default/scalarmult5.c
Examining data/libsodium-1.0.18/test/default/scalarmult6.c
Examining data/libsodium-1.0.18/test/default/scalarmult7.c
Examining data/libsodium-1.0.18/test/default/scalarmult8.c
Examining data/libsodium-1.0.18/test/default/scalarmult_ed25519.c
Examining data/libsodium-1.0.18/test/default/scalarmult_ristretto255.c
Examining data/libsodium-1.0.18/test/default/secretbox.c
Examining data/libsodium-1.0.18/test/default/secretbox2.c
Examining data/libsodium-1.0.18/test/default/secretbox7.c
Examining data/libsodium-1.0.18/test/default/secretbox8.c
Examining data/libsodium-1.0.18/test/default/secretbox_easy.c
Examining data/libsodium-1.0.18/test/default/secretbox_easy2.c
Examining data/libsodium-1.0.18/test/default/secretstream.c
Examining data/libsodium-1.0.18/test/default/shorthash.c
Examining data/libsodium-1.0.18/test/default/sign.c
Examining data/libsodium-1.0.18/test/default/siphashx24.c
Examining data/libsodium-1.0.18/test/default/sodium_core.c
Examining data/libsodium-1.0.18/test/default/sodium_utils.c
Examining data/libsodium-1.0.18/test/default/sodium_utils2.c
Examining data/libsodium-1.0.18/test/default/sodium_utils3.c
Examining data/libsodium-1.0.18/test/default/sodium_version.c
Examining data/libsodium-1.0.18/test/default/stream.c
Examining data/libsodium-1.0.18/test/default/stream2.c
Examining data/libsodium-1.0.18/test/default/stream3.c
Examining data/libsodium-1.0.18/test/default/stream4.c
Examining data/libsodium-1.0.18/test/default/verify1.c
Examining data/libsodium-1.0.18/test/default/xchacha20.c
Examining data/libsodium-1.0.18/test/quirks/quirks.h
FINAL RESULTS:
data/libsodium-1.0.18/test/default/cmptest.h:161:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#undef printf
data/libsodium-1.0.18/test/default/cmptest.h:162:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf(...) do { } while(0)
data/libsodium-1.0.18/test/default/cmptest.h:208:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#undef printf
data/libsodium-1.0.18/test/default/cmptest.h:209:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf(...) fprintf(fp_res, __VA_ARGS__)
data/libsodium-1.0.18/test/default/cmptest.h:209:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf(...) fprintf(fp_res, __VA_ARGS__)
data/libsodium-1.0.18/src/libsodium/include/sodium/randombytes.h:21:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uint32_t (*random)(void); /* required */
data/libsodium-1.0.18/src/libsodium/randombytes/randombytes.c:25:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#undef random
data/libsodium-1.0.18/src/libsodium/randombytes/randombytes.c:70:28: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return implementation->random();
data/libsodium-1.0.18/src/libsodium/sodium/core.c:72:9: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&_sodium_lock);
data/libsodium-1.0.18/src/libsodium/sodium/core.c:87:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&_sodium_lock);
data/libsodium-1.0.18/test/quirks/quirks.h:5:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#undef random
data/libsodium-1.0.18/test/quirks/quirks.h:24:1: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(unsigned seed)
data/libsodium-1.0.18/test/quirks/quirks.h:26:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/libsodium-1.0.18/test/quirks/quirks.h:30:1: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random(void)
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:56:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char H[16];
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:213:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CRYPTO_ALIGN(16) unsigned char padded[16];
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:520:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CRYPTO_ALIGN(16) unsigned char H[16];
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:521:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CRYPTO_ALIGN(16) unsigned char T[16];
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:522:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CRYPTO_ALIGN(16) unsigned char accum[16];
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:523:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CRYPTO_ALIGN(16) unsigned char fb[16];
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:526:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(H, ctx->H, sizeof H);
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:530:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&n2[0], npub, 3 * 4);
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:536:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fb[0], &x, sizeof x);
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:538:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fb[8], &x, sizeof x);
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:586:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CRYPTO_ALIGN(16) unsigned char outni[8 * 16]; \
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:659:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CRYPTO_ALIGN(16) unsigned char H[16];
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:660:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CRYPTO_ALIGN(16) unsigned char T[16];
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:661:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CRYPTO_ALIGN(16) unsigned char accum[16];
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:662:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CRYPTO_ALIGN(16) unsigned char fb[16];
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:670:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&n2[0], npub, 3 * 4);
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:677:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fb[0], &x, sizeof x);
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:679:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fb[8], &x, sizeof x);
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:682:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(H, ctx->H, sizeof H);
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:756:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CRYPTO_ALIGN(16) unsigned char outni[8 * 16]; \
data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:1076:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:18:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char _pad0[16] = { 0 };
data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:33:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block0[64U];
data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:34:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char slen[8U];
data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:104:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block0[64U];
data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:105:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char slen[8U];
data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:178:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block0[64U];
data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:179:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char slen[8U];
data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:180:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char computed_mac[crypto_aead_chacha20poly1305_ABYTES];
data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:258:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block0[64U];
data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:259:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char slen[8U];
data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:260:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char computed_mac[crypto_aead_chacha20poly1305_ietf_ABYTES];
data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:361:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:397:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:20:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char _pad0[16] = { 0 };
data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:35:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block0[64U];
data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:36:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char slen[8U];
data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:78:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block0[64U];
data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:79:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char slen[8U];
data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:80:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char computed_mac[crypto_aead_chacha20poly1305_ietf_ABYTES];
data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:132:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k2[crypto_core_hchacha20_OUTPUTBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:133:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char npub2[crypto_aead_chacha20poly1305_ietf_NPUBBYTES] = { 0 };
data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:137:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(npub2 + 4, npub + crypto_core_hchacha20_INPUTBYTES,
data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:185:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k2[crypto_core_hchacha20_OUTPUTBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:186:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char npub2[crypto_aead_chacha20poly1305_ietf_NPUBBYTES] = { 0 };
data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:190:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(npub2 + 4, npub + crypto_core_hchacha20_INPUTBYTES,
data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:259:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_auth/crypto_auth.c:38:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256.c:31:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256.c:40:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad[64];
data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256.c:41:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char khash[32];
data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256.c:84:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ihash[32];
data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256.c:112:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char correct[32];
data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512.c:31:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512.c:40:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad[128];
data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512.c:41:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char khash[64];
data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512.c:84:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ihash[64];
data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512.c:112:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char correct[64];
data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512256/auth_hmacsha512256.c:33:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[crypto_auth_hmacsha512256_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512256/auth_hmacsha512256.c:59:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out0[64];
data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512256/auth_hmacsha512256.c:62:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, out0, 32);
data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512256/auth_hmacsha512256.c:87:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char correct[32];
data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_easy.c:26:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[crypto_box_BEFORENMBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_easy.c:79:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[crypto_box_BEFORENMBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_seal.c:27:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[crypto_box_NONCEBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_seal.c:28:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char epk[crypto_box_PUBLICKEYBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_seal.c:29:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char esk[crypto_box_SECRETKEYBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_seal.c:35:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, epk, crypto_box_PUBLICKEYBYTES);
data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_seal.c:51:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[crypto_box_NONCEBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c:22:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[64];
data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c:25:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sk, hash, 32);
data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c:45:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char zero[16] = { 0 };
data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c:46:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[32];
data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c:68:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c:125:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c:33:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[crypto_box_curve25519xchacha20poly1305_NONCEBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c:34:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char epk[crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c:35:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char esk[crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c:41:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, epk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c:59:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[crypto_box_curve25519xchacha20poly1305_NONCEBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c:16:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[64];
data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c:19:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sk, hash, 32);
data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c:39:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char zero[16] = { 0 };
data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c:40:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[32];
data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c:75:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c:92:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:84:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[crypto_core_ed25519_HASHBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:118:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:119:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:125:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t_ + crypto_core_ed25519_SCALARBYTES, L,
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:127:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s_, s, crypto_core_ed25519_SCALARBYTES);
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:130:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(neg, t_, crypto_core_ed25519_SCALARBYTES);
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:137:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:138:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:145:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t_ + crypto_core_ed25519_SCALARBYTES, L,
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:147:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s_, s, crypto_core_ed25519_SCALARBYTES);
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:150:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(comp, t_, crypto_core_ed25519_SCALARBYTES);
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:157:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:158:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char y_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:162:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x_, x, crypto_core_ed25519_SCALARBYTES);
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:163:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(y_, y, crypto_core_ed25519_SCALARBYTES);
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:172:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char yn[crypto_core_ed25519_SCALARBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:189:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:191:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, s, sizeof t);
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:193:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, t, crypto_core_ed25519_SCALARBYTES);
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ristretto255.c:73:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[crypto_core_ristretto255_HASHBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:682:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char aslide[256];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:683:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char bslide[256];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:770:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char e[64];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:863:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char e[64];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:915:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const signed char aslide[253] = {
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1019:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ge25519_has_small_order(const unsigned char s[32])
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1054:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[7] = { 0 };
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1085:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sc25519_mul(unsigned char s[32], const unsigned char a[32], const unsigned char b[32])
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1085:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sc25519_mul(unsigned char s[32], const unsigned char a[32], const unsigned char b[32])
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1085:76: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sc25519_mul(unsigned char s[32], const unsigned char a[32], const unsigned char b[32])
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1558:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sc25519_muladd(unsigned char s[32], const unsigned char a[32],
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1558:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sc25519_muladd(unsigned char s[32], const unsigned char a[32],
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1559:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char b[32], const unsigned char c[32])
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1559:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char b[32], const unsigned char c[32])
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2061:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sc25519_sqmul(unsigned char s[32], const int n, const unsigned char a[32])
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2061:64: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sc25519_sqmul(unsigned char s[32], const int n, const unsigned char a[32])
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2072:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sc25519_invert(unsigned char recip[32], const unsigned char s[32])
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2072:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sc25519_invert(unsigned char recip[32], const unsigned char s[32])
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2074:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _10[32], _100[32], _11[32], _101[32], _111[32],
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2127:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sc25519_reduce(unsigned char s[64])
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2451:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sc25519_is_canonical(const unsigned char s[32])
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2454:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char L[32] = {
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2529:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ge25519_elligator2(unsigned char s[32], const fe25519 r, const unsigned char x_sign)
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2596:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ge25519_from_uniform(unsigned char s[32], const unsigned char r[32])
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2596:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ge25519_from_uniform(unsigned char s[32], const unsigned char r[32])
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2601:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, r, 32);
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2609:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ge25519_from_hash(unsigned char s[32], const unsigned char h[64])
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2609:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ge25519_from_hash(unsigned char s[32], const unsigned char h[64])
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2611:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fl[32];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2612:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gl[32];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2850:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ristretto255_from_hash(unsigned char s[32], const unsigned char h[64])
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2850:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ristretto255_from_hash(unsigned char s[32], const unsigned char h[64])
data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/generichash_blake2.c:52:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h:23:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, sizeof v);
data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:80:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(P->salt, salt, BLAKE2B_SALTBYTES);
data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:88:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(P->personal, personal, BLAKE2B_PERSONALBYTES);
data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:208:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block, key, keylen); /* key and keylen cannot be 0 */
data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:254:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block, key, keylen); /* key and keylen cannot be 0 */
data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:270:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(S->buf + left, in, fill); /* Fill buffer */
data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:274:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(S->buf, S->buf + BLAKE2B_BLOCKBYTES,
data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:281:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(S->buf + left, in, inlen);
data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:294:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[BLAKE2B_OUTBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:307:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(S->buf, S->buf + BLAKE2B_BLOCKBYTES, S->buflen);
data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:325:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, buffer, outlen); /* outlen <= BLAKE2B_OUTBYTES (64) */
data/libsodium-1.0.18/src/libsodium/crypto_generichash/crypto_generichash.c:88:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_hash/sha256/cp/hash_sha256_cp.c:104:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(S, state, 32);
data/libsodium-1.0.18/src/libsodium/crypto_hash/sha256/cp/hash_sha256_cp.c:184:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->state, sha256_initial_state, sizeof sha256_initial_state);
data/libsodium-1.0.18/src/libsodium/crypto_hash/sha512/cp/hash_sha512_cp.c:120:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(S, state, 64);
data/libsodium-1.0.18/src/libsodium/crypto_hash/sha512/cp/hash_sha512_cp.c:204:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->state, sha512_initial_state, sizeof sha512_initial_state);
data/libsodium-1.0.18/src/libsodium/crypto_kdf/blake2b/kdf_blake2b.c:31:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_kdf_blake2b_derive_from_key(unsigned char *subkey, size_t subkey_len,
data/libsodium-1.0.18/src/libsodium/crypto_kdf/blake2b/kdf_blake2b.c:33:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char ctx[crypto_kdf_blake2b_CONTEXTBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_kdf/blake2b/kdf_blake2b.c:34:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[crypto_kdf_blake2b_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_kdf/blake2b/kdf_blake2b.c:36:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ctx_padded[crypto_generichash_blake2b_PERSONALBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_kdf/blake2b/kdf_blake2b.c:37:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[crypto_generichash_blake2b_SALTBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_kdf/blake2b/kdf_blake2b.c:39:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx_padded, ctx, crypto_kdf_blake2b_CONTEXTBYTES);
data/libsodium-1.0.18/src/libsodium/crypto_kdf/crypto_kdf.c:36:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_kdf_derive_from_key(unsigned char *subkey, size_t subkey_len,
data/libsodium-1.0.18/src/libsodium/crypto_kdf/crypto_kdf.c:38:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char ctx[crypto_kdf_CONTEXTBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_kdf/crypto_kdf.c:39:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[crypto_kdf_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_kdf/crypto_kdf.c:46:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_kdf_keygen(unsigned char k[crypto_kdf_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:13:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:14:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk[crypto_kx_SECRETKEYBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:15:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char seed[crypto_kx_SEEDBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:23:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:24:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk[crypto_kx_SECRETKEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:34:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:35:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tx[crypto_kx_SESSIONKEYBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:36:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:37:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char client_sk[crypto_kx_SECRETKEYBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:38:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:41:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char q[crypto_scalarmult_BYTES];
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:42:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keys[2 * crypto_kx_SESSIONKEYBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:75:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:76:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tx[crypto_kx_SESSIONKEYBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:77:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:78:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char server_sk[crypto_kx_SECRETKEYBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:79:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:82:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char q[crypto_scalarmult_BYTES];
data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:83:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keys[2 * crypto_kx_SESSIONKEYBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/crypto_onetimeauth.c:68:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_onetimeauth_keygen(unsigned char k[crypto_onetimeauth_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.c:108:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char correct[16];
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h:24:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[poly1305_block_size];
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h:29:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
poly1305_init(poly1305_state_internal_t *st, const unsigned char key[32])
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h:140:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
poly1305_finish(poly1305_state_internal_t *st, unsigned char mac[16])
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h:30:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[poly1305_block_size];
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h:35:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
poly1305_init(poly1305_state_internal_t *st, const unsigned char key[32])
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h:136:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
poly1305_finish(poly1305_state_internal_t *st, unsigned char mac[16])
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c:75:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:51:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[poly1305_block_size]; /* 32 bytes */
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:64:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, m, 8);
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:83:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, 8);
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:88:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, 4);
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:93:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, 2);
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:103:65: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
poly1305_init_ext(poly1305_state_internal_t *st, const unsigned char key[32],
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t0, key, 8);
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:123:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t1, key + 8, 8);
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:140:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&st->pad[0], key + 16, 8);
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:141:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&st->pad[1], key + 24, 8);
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:803:67: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
poly1305_finish_ext(poly1305_state_internal_t *st, const unsigned char *m,
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:804:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned long long leftover, unsigned char mac[16])
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:809:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CRYPTO_ALIGN(16) unsigned char final[32] = { 0 };
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:848:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&h, &st->pad[0], 16);
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:863:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mac[0], &h0, 8);
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:864:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mac[8], &h1, 8);
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:870:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
poly1305_finish(poly1305_state_internal_t *st, unsigned char mac[16])
data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:931:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char correct[16];
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-core.c:98:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&memory, &base, sizeof memory);
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-core.c:103:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&memory, &base, sizeof memory);
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-core.c:112:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&memory, &aligned, sizeof memory);
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-core.h:76:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->v, src->v, sizeof(uint64_t) * ARGON2_QWORDS_IN_BLOCK);
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[U32_STR_MAXSIZE - 1U];
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:224:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, &tmp[i], (sizeof tmp) - i);
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:249:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, str, pp_len + 1); \
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:256:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[U32_STR_MAXSIZE]; \
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-avx2.c:190:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state, ((instance->region->memory + prev_offset)->v),
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-avx512f.c:195:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state, ((instance->region->memory + prev_offset)->v),
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-ssse3.c:189:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state, ((instance->region->memory + prev_offset)->v),
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2.c:139:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, out, hashlen);
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blake2b-long.c:54:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, out_buffer, crypto_generichash_blake2b_BYTES_MAX / 2);
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blake2b-long.c:60:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in_buffer, out_buffer, crypto_generichash_blake2b_BYTES_MAX);
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blake2b-long.c:64:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, out_buffer, crypto_generichash_blake2b_BYTES_MAX / 2);
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blake2b-long.c:69:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in_buffer, out_buffer, crypto_generichash_blake2b_BYTES_MAX);
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blake2b-long.c:73:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, out_buffer, toproduce);
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:182:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:187:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[crypto_pwhash_argon2i_SALTBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:213:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:279:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_pwhash_argon2i_str_needs_rehash(const char str[crypto_pwhash_argon2i_STRBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:286:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_pwhash_argon2id_str_needs_rehash(const char str[crypto_pwhash_argon2id_STRBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2id.c:178:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_pwhash_argon2id_str(char out[crypto_pwhash_argon2id_STRBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2id.c:183:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[crypto_pwhash_argon2id_SALTBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2id.c:209:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_pwhash_argon2id_str_verify(const char str[crypto_pwhash_argon2id_STRBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/crypto_pwhash.c:148:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_pwhash_str(char out[crypto_pwhash_STRBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/crypto_pwhash.c:157:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_pwhash_str_alg(char out[crypto_pwhash_STRBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/crypto_pwhash.c:175:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_pwhash_str_verify(const char str[crypto_pwhash_STRBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/crypto_pwhash.c:193:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_pwhash_str_needs_rehash(const char str[crypto_pwhash_STRBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c:183:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, setting, prefixlen + saltlen);
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.c:71:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hctx, &PShctx, sizeof(crypto_auth_hmacsha256_state));
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.c:75:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(T, U, 32);
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.c:92:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[i * 32], T, clen);
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c:187:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c:192:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setting[crypto_pwhash_scryptsalsa208sha256_STRSETTINGBYTES + 1U];
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c:241:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c:244:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wanted[crypto_pwhash_scryptsalsa208sha256_STRBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c:271:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c:17:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
has_small_order(const unsigned char s[32])
data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c:52:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[7] = { 0 };
data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c:9:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
_crypto_scalarmult_ed25519_is_inf(const unsigned char s[32])
data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c:24:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
_crypto_scalarmult_ed25519_clamp(unsigned char k[32])
data/libsodium-1.0.18/src/libsodium/crypto_secretbox/crypto_secretbox.c:64:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c:23:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block0[64U];
data/libsodium-1.0.18/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c:24:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char subkey[crypto_stream_salsa20_KEYBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c:89:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block0[64U];
data/libsodium-1.0.18/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c:90:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char subkey[crypto_stream_salsa20_KEYBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c:27:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block0[64U];
data/libsodium-1.0.18/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c:28:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char subkey[crypto_stream_chacha20_KEYBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c:96:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block0[64U];
data/libsodium-1.0.18/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c:97:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char subkey[crypto_stream_chacha20_KEYBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305.c:31:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char subkey[32];
data/libsodium-1.0.18/src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305.c:86:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:24:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char _pad0[16] = { 0 };
data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:37:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:45:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:46:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:60:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(STATE_INONCE(state), out + crypto_core_hchacha20_INPUTBYTES,
data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:70:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char in[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:71:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:75:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(STATE_INONCE(state), in + crypto_core_hchacha20_INPUTBYTES,
data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:86:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char new_key_and_inonce[crypto_stream_chacha20_ietf_KEYBYTES +
data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:118:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[64U];
data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:119:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char slen[8U];
data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:186:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[64U];
data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:187:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char slen[8U];
data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:188:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[crypto_onetimeauth_poly1305_BYTES];
data/libsodium-1.0.18/src/libsodium/crypto_shorthash/crypto_shorthash.c:31:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_shorthash_keygen(unsigned char k[crypto_shorthash_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/keypair.c:35:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seed[32];
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/keypair.c:73:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[crypto_hash_sha512_BYTES];
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/keypair.c:79:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curve25519_sk, h, crypto_scalarmult_curve25519_BYTES);
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c:39:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[64];
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c:40:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hram[64];
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c:41:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[64];
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c:62:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm, sig, 32);
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c:63:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm + 32 + mlen, sig + 32, 32);
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c:76:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[64];
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c:77:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t1[32], t2[32];
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/open.c:21:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[64];
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/open.c:22:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rcheck[32];
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:14:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char DOM2PREFIX[32 + 2] = {
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:28:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
_crypto_sign_ed25519_clamp(unsigned char k[32])
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:39:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Z[32],
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:40:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char sk[64])
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:42:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char B[32] = {
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:48:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char zeros[128] = { 0x00 };
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:49:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char empty_labelset[3] = { 0x02, 0x00, 0x00 };
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:70:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char az[64];
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:71:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[64];
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:72:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hram[64];
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/sign_ed25519.c:80:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ph[crypto_hash_sha512_BYTES];
data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/sign_ed25519.c:92:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ph[crypto_hash_sha512_BYTES];
data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/stream_chacha20.c:155:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/stream_chacha20.c:161:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_stream/crypto_stream.c:46:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_stream_keygen(unsigned char k[crypto_stream_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/ref/salsa20_ref.c:22:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[16];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/ref/salsa20_ref.c:23:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[64];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/ref/salsa20_ref.c:24:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kcopy[32];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/ref/salsa20_ref.c:68:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[16];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/ref/salsa20_ref.c:69:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[64];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/ref/salsa20_ref.c:70:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kcopy[32];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/stream_salsa20.c:72:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/ref/stream_salsa2012_ref.c:17:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[16];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/ref/stream_salsa2012_ref.c:18:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[64];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/ref/stream_salsa2012_ref.c:19:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kcopy[32];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/ref/stream_salsa2012_ref.c:63:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[16];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/ref/stream_salsa2012_ref.c:64:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[64];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/ref/stream_salsa2012_ref.c:65:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kcopy[32];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/stream_salsa2012.c:23:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208_ref.c:17:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[16];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208_ref.c:18:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[64];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208_ref.c:19:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kcopy[32];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208_ref.c:63:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[16];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208_ref.c:64:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[64];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208_ref.c:65:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kcopy[32];
data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/stream_salsa208.c:23:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_stream_salsa208_keygen(unsigned char k[crypto_stream_salsa208_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_stream/xchacha20/stream_xchacha20.c:32:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k2[crypto_core_hchacha20_OUTPUTBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_stream/xchacha20/stream_xchacha20.c:49:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k2[crypto_core_hchacha20_OUTPUTBYTES];
data/libsodium-1.0.18/src/libsodium/crypto_stream/xchacha20/stream_xchacha20.c:66:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[crypto_stream_xchacha20_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/crypto_stream/xsalsa20/stream_xsalsa20.c:11:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char subkey[32];
data/libsodium-1.0.18/src/libsodium/crypto_stream/xsalsa20/stream_xsalsa20.c:26:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char subkey[32];
data/libsodium-1.0.18/src/libsodium/crypto_stream/xsalsa20/stream_xsalsa20.c:63:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_aead_aes256gcm.h:60:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opaque[512];
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_aead_aes256gcm.h:172:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h:89:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h:165:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_aead_xchacha20poly1305.h:85:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_auth.h:39:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_auth_hmacsha256.h:63:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_auth_hmacsha512.h:61:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_auth_hmacsha512256.h:58:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_generichash.h:77:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_generichash_blake2b.h:24:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opaque[384];
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_generichash_blake2b.h:111:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf.h:39:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_kdf_derive_from_key(unsigned char *subkey, size_t subkey_len,
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf.h:41:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char ctx[crypto_kdf_CONTEXTBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf.h:42:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[crypto_kdf_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf.h:46:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_kdf_keygen(unsigned char k[crypto_kdf_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf_blake2b.h:34:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_kdf_blake2b_derive_from_key(unsigned char *subkey, size_t subkey_len,
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf_blake2b.h:36:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char ctx[crypto_kdf_blake2b_CONTEXTBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf_blake2b.h:37:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[crypto_kdf_blake2b_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:36:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:37:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk[crypto_kx_SECRETKEYBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:38:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char seed[crypto_kx_SEEDBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:42:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:43:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk[crypto_kx_SECRETKEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:47:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:48:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tx[crypto_kx_SESSIONKEYBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:49:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:50:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char client_sk[crypto_kx_SECRETKEYBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:51:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:55:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:56:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tx[crypto_kx_SESSIONKEYBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:57:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:58:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char server_sk[crypto_kx_SECRETKEYBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:59:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_onetimeauth.h:58:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_onetimeauth_keygen(unsigned char k[crypto_onetimeauth_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h:20:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opaque[256];
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h:65:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_onetimeauth_poly1305_keygen(unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash.h:116:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_pwhash_str(char out[crypto_pwhash_STRBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash.h:122:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_pwhash_str_alg(char out[crypto_pwhash_STRBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash.h:128:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_pwhash_str_verify(const char str[crypto_pwhash_STRBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash.h:134:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_pwhash_str_needs_rehash(const char str[crypto_pwhash_STRBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_argon2i.h:101:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_argon2i.h:108:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_argon2i.h:114:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_pwhash_argon2i_str_needs_rehash(const char str[crypto_pwhash_argon2i_STRBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_argon2id.h:101:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_pwhash_argon2id_str(char out[crypto_pwhash_argon2id_STRBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_argon2id.h:108:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_pwhash_argon2id_str_verify(const char str[crypto_pwhash_argon2id_STRBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_argon2id.h:114:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_pwhash_argon2id_str_needs_rehash(const char str[crypto_pwhash_argon2id_STRBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h:90:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h:98:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_pwhash_scryptsalsa208sha256_str_verify(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h:111:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int crypto_pwhash_scryptsalsa208sha256_str_needs_rehash(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretbox.h:65:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretbox_xsalsa20poly1305.h:50:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h:57:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES];
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h:58:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[crypto_stream_chacha20_ietf_NONCEBYTES];
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h:59:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _pad[8];
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h:67:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h:73:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h:74:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h:88:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h:89:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_shorthash.h:34:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_shorthash_keygen(unsigned char k[crypto_shorthash_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream.h:52:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_stream_keygen(unsigned char k[crypto_stream_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_chacha20.h:56:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_chacha20.h:93:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_salsa20.h:54:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_salsa2012.h:46:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_salsa208.h:49:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_stream_salsa208_keygen(unsigned char k[crypto_stream_salsa208_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_xchacha20.h:54:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_stream_xchacha20_keygen(unsigned char k[crypto_stream_xchacha20_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_xsalsa20.h:54:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES])
data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h:67:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&w, src, sizeof w);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h:87:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &w, sizeof w);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h:106:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&w, src, sizeof w);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h:122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &w, sizeof w);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h:139:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&w, src, sizeof w);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h:159:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &w, sizeof w);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h:178:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&w, src, sizeof w);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h:194:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &w, sizeof w);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:109:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int ge25519_has_small_order(const unsigned char s[32]);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:111:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:111:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:113:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ge25519_from_hash(unsigned char s[32], const unsigned char h[64]);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:113:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ge25519_from_hash(unsigned char s[32], const unsigned char h[64]);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:123:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ristretto255_from_hash(unsigned char s[32], const unsigned char h[64]);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:123:65: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ristretto255_from_hash(unsigned char s[32], const unsigned char h[64]);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:130:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_invert(unsigned char recip[32], const unsigned char s[32]);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:130:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_invert(unsigned char recip[32], const unsigned char s[32]);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:132:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_reduce(unsigned char s[64]);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:134:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_mul(unsigned char s[32], const unsigned char a[32],
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:134:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_mul(unsigned char s[32], const unsigned char a[32],
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:135:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char b[32]);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:137:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_muladd(unsigned char s[32], const unsigned char a[32],
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:137:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_muladd(unsigned char s[32], const unsigned char a[32],
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:138:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char b[32], const unsigned char c[32]);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:138:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char b[32], const unsigned char c[32]);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:140:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int sc25519_is_canonical(const unsigned char s[32]);
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10_fe_25_5.h:310:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[32];
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10_fe_25_5.h:328:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[32];
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:215:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[32];
data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:230:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[32];
data/libsodium-1.0.18/src/libsodium/include/sodium/randombytes.h:40:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char seed[randombytes_SEEDBYTES])
data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c:118:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[crypto_stream_chacha20_KEYBYTES];
data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c:119:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rnd32[16U * INTERNAL_RANDOM_BLOCK_SIZE];
data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c:257:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/random", O_RDONLY);
data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c:296:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(*device, O_RDONLY);
data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c:353:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fodder[16];
data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c:363:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fodder[16];
data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c:612:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, &stream.rnd32[stream.rnd32_outleft], sizeof val);
data/libsodium-1.0.18/src/libsodium/randombytes/randombytes.c:162:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char seed[randombytes_SEEDBYTES])
data/libsodium-1.0.18/src/libsodium/randombytes/randombytes.c:164:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char nonce[crypto_stream_chacha20_ietf_NONCEBYTES] = {
data/libsodium-1.0.18/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c:158:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/random", O_RDONLY);
data/libsodium-1.0.18/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c:197:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(*device, O_RDONLY);
data/libsodium-1.0.18/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c:268:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fodder[16];
data/libsodium-1.0.18/src/libsodium/sodium/utils.c:85:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char canary[CANARY_SIZE];
data/libsodium-1.0.18/src/libsodium/sodium/utils.c:138:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fodder[len];
data/libsodium-1.0.18/src/libsodium/sodium/utils.c:593:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(unprotected_ptr + unprotected_size, canary, sizeof canary);
data/libsodium-1.0.18/src/libsodium/sodium/utils.c:600:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(canary_ptr, canary, sizeof canary);
data/libsodium-1.0.18/src/libsodium/sodium/utils.c:601:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(base_ptr, &unprotected_size, sizeof unprotected_size);
data/libsodium-1.0.18/src/libsodium/sodium/utils.c:654:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&unprotected_size, base_ptr, sizeof unprotected_size);
data/libsodium-1.0.18/src/libsodium/sodium/utils.c:690:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&unprotected_size, base_ptr, sizeof unprotected_size);
data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:7:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char nonce_hex[crypto_aead_aes256gcm_NPUBBYTES * 2 + 1];
data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:11:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char mac_hex[crypto_aead_aes256gcm_ABYTES * 2 + 1];
data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:14:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char firstkey[crypto_aead_chacha20poly1305_KEYBYTES]
data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:18:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char m[MLEN]
data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:20:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char nonce[crypto_aead_chacha20poly1305_NPUBBYTES]
data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:22:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char ad[ADLEN]
data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:137:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, m, MLEN);
data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:189:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char firstkey[crypto_aead_chacha20poly1305_ietf_KEYBYTES]
data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:200:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char nonce[crypto_aead_chacha20poly1305_ietf_NPUBBYTES]
data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:203:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char ad[ADLEN]
data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:215:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m, MESSAGE, MLEN);
data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:318:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, m, MLEN);
data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:7:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char nonce_hex[crypto_aead_chacha20poly1305_ietf_NPUBBYTES * 2 + 1];
data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:11:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char mac_hex[crypto_aead_chacha20poly1305_ietf_ABYTES * 2 + 1];
data/libsodium-1.0.18/test/default/aead_xchacha20poly1305.c:14:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char firstkey[crypto_aead_xchacha20poly1305_ietf_KEYBYTES]
data/libsodium-1.0.18/test/default/aead_xchacha20poly1305.c:25:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char nonce[crypto_aead_xchacha20poly1305_ietf_NPUBBYTES]
data/libsodium-1.0.18/test/default/aead_xchacha20poly1305.c:28:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char ad[ADLEN]
data/libsodium-1.0.18/test/default/aead_xchacha20poly1305.c:41:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m, MESSAGE, MLEN);
data/libsodium-1.0.18/test/default/aead_xchacha20poly1305.c:144:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, m, MLEN);
data/libsodium-1.0.18/test/default/auth.c:6:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char key[32] = "Jefe";
data/libsodium-1.0.18/test/default/auth.c:15:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char a[crypto_auth_BYTES];
data/libsodium-1.0.18/test/default/auth.c:16:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char a2[crypto_auth_hmacsha512_BYTES];
data/libsodium-1.0.18/test/default/auth.c:17:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char a3[crypto_auth_hmacsha512_BYTES];
data/libsodium-1.0.18/test/default/auth2.c:6:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char key[32] = {
data/libsodium-1.0.18/test/default/auth2.c:12:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[50] = { 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
data/libsodium-1.0.18/test/default/auth2.c:20:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char a[32];
data/libsodium-1.0.18/test/default/auth3.c:6:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char key[32] = {
data/libsodium-1.0.18/test/default/auth3.c:12:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[50] = { 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
data/libsodium-1.0.18/test/default/auth3.c:20:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char a[32] = { 0x37, 0x2e, 0xfc, 0xf9, 0xb4, 0x0b, 0x35, 0xc2,
data/libsodium-1.0.18/test/default/auth3.c:28:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char a2[crypto_auth_hmacsha256_BYTES];
data/libsodium-1.0.18/test/default/auth5.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char key[32];
data/libsodium-1.0.18/test/default/auth5.c:6:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[1000];
data/libsodium-1.0.18/test/default/auth5.c:7:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char a[32];
data/libsodium-1.0.18/test/default/auth6.c:6:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char key[32] = "Jefe";
data/libsodium-1.0.18/test/default/auth6.c:9:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char a[64];
data/libsodium-1.0.18/test/default/auth7.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char key[32];
data/libsodium-1.0.18/test/default/auth7.c:6:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[600];
data/libsodium-1.0.18/test/default/auth7.c:7:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char a[64];
data/libsodium-1.0.18/test/default/box.c:5:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char alicesk[32] = {
data/libsodium-1.0.18/test/default/box.c:11:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char bobpk[32] = {
data/libsodium-1.0.18/test/default/box.c:17:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char small_order_p[crypto_box_PUBLICKEYBYTES] = {
data/libsodium-1.0.18/test/default/box.c:23:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6,
data/libsodium-1.0.18/test/default/box.c:29:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char m[163] = {
data/libsodium-1.0.18/test/default/box.c:46:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[163];
data/libsodium-1.0.18/test/default/box.c:51:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[crypto_box_BEFORENMBYTES];
data/libsodium-1.0.18/test/default/box2.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bobsk[32] = { 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a,
data/libsodium-1.0.18/test/default/box2.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char alicepk[32] = { 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7,
data/libsodium-1.0.18/test/default/box2.c:17:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char small_order_p[crypto_box_PUBLICKEYBYTES] = {
data/libsodium-1.0.18/test/default/box2.c:23:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6,
data/libsodium-1.0.18/test/default/box2.c:29:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[163] = {
data/libsodium-1.0.18/test/default/box2.c:46:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char m[163];
data/libsodium-1.0.18/test/default/box2.c:51:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[crypto_box_BEFORENMBYTES];
data/libsodium-1.0.18/test/default/box7.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char alicesk[crypto_box_SECRETKEYBYTES];
data/libsodium-1.0.18/test/default/box7.c:6:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char alicepk[crypto_box_PUBLICKEYBYTES];
data/libsodium-1.0.18/test/default/box7.c:7:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bobsk[crypto_box_SECRETKEYBYTES];
data/libsodium-1.0.18/test/default/box7.c:8:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bobpk[crypto_box_PUBLICKEYBYTES];
data/libsodium-1.0.18/test/default/box7.c:9:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char n[crypto_box_NONCEBYTES];
data/libsodium-1.0.18/test/default/box8.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char alicesk[crypto_box_SECRETKEYBYTES];
data/libsodium-1.0.18/test/default/box8.c:6:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char alicepk[crypto_box_PUBLICKEYBYTES];
data/libsodium-1.0.18/test/default/box8.c:7:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bobsk[crypto_box_SECRETKEYBYTES];
data/libsodium-1.0.18/test/default/box8.c:8:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bobpk[crypto_box_PUBLICKEYBYTES];
data/libsodium-1.0.18/test/default/box8.c:9:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char n[crypto_box_NONCEBYTES];
data/libsodium-1.0.18/test/default/box_easy.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char alicesk[32] = { 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5,
data/libsodium-1.0.18/test/default/box_easy.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bobpk[32] = { 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1,
data/libsodium-1.0.18/test/default/box_easy.c:17:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6,
data/libsodium-1.0.18/test/default/box_easy.c:22:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char m[131] = {
data/libsodium-1.0.18/test/default/box_easy.c:36:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[147 + crypto_box_MACBYTES];
data/libsodium-1.0.18/test/default/box_easy2.c:5:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char small_order_p[crypto_box_PUBLICKEYBYTES] = {
data/libsodium-1.0.18/test/default/box_easy2.c:67:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, m, mlen);
data/libsodium-1.0.18/test/default/box_seal.c:8:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pk[crypto_box_PUBLICKEYBYTES];
data/libsodium-1.0.18/test/default/box_seal.c:9:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk[crypto_box_SECRETKEYBYTES];
data/libsodium-1.0.18/test/default/box_seal.c:48:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pk[crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES];
data/libsodium-1.0.18/test/default/box_seal.c:49:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk[crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES];
data/libsodium-1.0.18/test/default/box_seed.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char seed[32] = { 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5,
data/libsodium-1.0.18/test/default/box_seed.c:15:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk[32];
data/libsodium-1.0.18/test/default/box_seed.c:16:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pk[32];
data/libsodium-1.0.18/test/default/chacha20.c:22:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[crypto_stream_chacha20_KEYBYTES];
data/libsodium-1.0.18/test/default/chacha20.c:23:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[crypto_stream_chacha20_NONCEBYTES];
data/libsodium-1.0.18/test/default/chacha20.c:25:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[160];
data/libsodium-1.0.18/test/default/chacha20.c:26:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zero[160];
data/libsodium-1.0.18/test/default/chacha20.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_hex[160 * 2 + 1];
data/libsodium-1.0.18/test/default/chacha20.c:33:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sodium_hex2bin((unsigned char *)key, sizeof key, tests[i].key_hex,
data/libsodium-1.0.18/test/default/chacha20.c:109:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[crypto_stream_chacha20_KEYBYTES];
data/libsodium-1.0.18/test/default/chacha20.c:110:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[crypto_stream_chacha20_IETF_NONCEBYTES];
data/libsodium-1.0.18/test/default/chacha20.c:112:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[160];
data/libsodium-1.0.18/test/default/chacha20.c:113:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zero[160];
data/libsodium-1.0.18/test/default/chacha20.c:114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_hex[160 * 2 + 1];
data/libsodium-1.0.18/test/default/chacha20.c:120:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sodium_hex2bin((unsigned char *)key, sizeof key, tests[i].key_hex,
data/libsodium-1.0.18/test/default/cmptest.h:174:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp_res = fopen(TEST_NAME_RES, "w+")) == NULL) {
data/libsodium-1.0.18/test/default/cmptest.h:194:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp_out = fopen(TEST_NAME_OUT, "r")) == NULL) {
data/libsodium-1.0.18/test/default/codecs.c:7:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf1[1000];
data/libsodium-1.0.18/test/default/codecs.c:8:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf3[33];
data/libsodium-1.0.18/test/default/codecs.c:9:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf4[4];
data/libsodium-1.0.18/test/default/codecs.c:232:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf1, bin, bin_len);
data/libsodium-1.0.18/test/default/core1.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shared[32] = { 0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d,
data/libsodium-1.0.18/test/default/core1.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char zero[32];
data/libsodium-1.0.18/test/default/core1.c:13:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[16] = { 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x20, 0x33,
data/libsodium-1.0.18/test/default/core1.c:16:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char firstkey[32];
data/libsodium-1.0.18/test/default/core2.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char firstkey[32] = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85,
data/libsodium-1.0.18/test/default/core2.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char nonceprefix[16] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6,
data/libsodium-1.0.18/test/default/core2.c:15:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[16] = { 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x20, 0x33,
data/libsodium-1.0.18/test/default/core2.c:18:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char secondkey[32];
data/libsodium-1.0.18/test/default/core3.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char SECONDKEY[32] = { 0xdc, 0x90, 0x8d, 0xda, 0x0b, 0x93, 0x44,
data/libsodium-1.0.18/test/default/core3.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char NONCESUFFIX[8] = { 0x82, 0x19, 0xe0, 0x03,
data/libsodium-1.0.18/test/default/core3.c:14:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char C[16] = { 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x20, 0x33,
data/libsodium-1.0.18/test/default/core3.c:32:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(secondkey, SECONDKEY, 32);
data/libsodium-1.0.18/test/default/core3.c:34:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(noncesuffix, NONCESUFFIX, 8);
data/libsodium-1.0.18/test/default/core3.c:36:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, C, 16);
data/libsodium-1.0.18/test/default/core4.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char k[32] = { 1, 2, 3, 4, 5, 6, 7, 8,
data/libsodium-1.0.18/test/default/core4.c:10:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char in[16] = { 101, 102, 103, 104, 105, 106, 107, 108,
data/libsodium-1.0.18/test/default/core4.c:13:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[16] = { 101, 120, 112, 97, 110, 100, 32, 51,
data/libsodium-1.0.18/test/default/core4.c:16:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char out[64];
data/libsodium-1.0.18/test/default/core5.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char k[32] = { 0xee, 0x30, 0x4f, 0xca, 0x27, 0x00, 0x8d, 0x8c,
data/libsodium-1.0.18/test/default/core5.c:10:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char in[16] = {
data/libsodium-1.0.18/test/default/core5.c:15:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[16] = { 101, 120, 112, 97, 110, 100, 32, 51,
data/libsodium-1.0.18/test/default/core5.c:18:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[32];
data/libsodium-1.0.18/test/default/core6.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char k[32] = { 0xee, 0x30, 0x4f, 0xca, 0x27, 0x00, 0x8d, 0x8c,
data/libsodium-1.0.18/test/default/core6.c:10:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char in[16] = {
data/libsodium-1.0.18/test/default/core6.c:15:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[16] = { 101, 120, 112, 97, 110, 100, 32, 51,
data/libsodium-1.0.18/test/default/core6.c:18:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char out[64];
data/libsodium-1.0.18/test/default/core_ed25519.c:4:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char non_canonical_p[32] = {
data/libsodium-1.0.18/test/default/core_ed25519.c:8:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char non_canonical_invalid_p[32] = {
data/libsodium-1.0.18/test/default/core_ed25519.c:12:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char max_canonical_p[32] = {
data/libsodium-1.0.18/test/default/core_ed25519.c:20:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char P[32] = {
data/libsodium-1.0.18/test/default/core_ed25519.c:33:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char l[crypto_core_ed25519_NONREDUCEDSCALARBYTES] =
data/libsodium-1.0.18/test/default/core_ed25519.c:86:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p3, p, crypto_core_ed25519_BYTES);
data/libsodium-1.0.18/test/default/core_ed25519.c:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p2, p, crypto_core_ed25519_BYTES);
data/libsodium-1.0.18/test/default/core_ed25519.c:106:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p3, p, crypto_core_ed25519_BYTES);
data/libsodium-1.0.18/test/default/core_ed25519.c:139:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p2, p, crypto_core_ed25519_BYTES);
data/libsodium-1.0.18/test/default/core_ed25519.c:181:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sc64, sc, crypto_core_ed25519_BYTES);
data/libsodium-1.0.18/test/default/core_ed25519.c:195:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p2, p, crypto_core_ed25519_BYTES);
data/libsodium-1.0.18/test/default/core_ed25519.c:213:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p2, p, crypto_core_ed25519_BYTES);
data/libsodium-1.0.18/test/default/core_ristretto255.c:112:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char l[crypto_core_ed25519_BYTES] =
data/libsodium-1.0.18/test/default/core_ristretto255.c:227:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s4, s1, crypto_core_ristretto255_SCALARBYTES);
data/libsodium-1.0.18/test/default/ed25519_convert.c:5:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char keypair_seed[crypto_sign_ed25519_SEEDBYTES] = {
data/libsodium-1.0.18/test/default/ed25519_convert.c:14:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ed25519_pk[crypto_sign_ed25519_PUBLICKEYBYTES];
data/libsodium-1.0.18/test/default/ed25519_convert.c:15:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ed25519_skpk[crypto_sign_ed25519_SECRETKEYBYTES];
data/libsodium-1.0.18/test/default/ed25519_convert.c:16:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char curve25519_pk[crypto_scalarmult_curve25519_BYTES];
data/libsodium-1.0.18/test/default/ed25519_convert.c:17:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char curve25519_pk2[crypto_scalarmult_curve25519_BYTES];
data/libsodium-1.0.18/test/default/ed25519_convert.c:18:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char curve25519_sk[crypto_scalarmult_curve25519_BYTES];
data/libsodium-1.0.18/test/default/ed25519_convert.c:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curve25519_pk_hex[crypto_scalarmult_curve25519_BYTES * 2 + 1];
data/libsodium-1.0.18/test/default/ed25519_convert.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curve25519_sk_hex[crypto_scalarmult_curve25519_BYTES * 2 + 1];
data/libsodium-1.0.18/test/default/generichash.c:1338:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[MAXLEN];
data/libsodium-1.0.18/test/default/generichash.c:1339:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[crypto_generichash_BYTES_MAX];
data/libsodium-1.0.18/test/default/generichash.c:1340:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[crypto_generichash_KEYBYTES_MAX];
data/libsodium-1.0.18/test/default/generichash2.c:10:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[MAXLEN];
data/libsodium-1.0.18/test/default/generichash2.c:11:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[crypto_generichash_BYTES_MAX];
data/libsodium-1.0.18/test/default/generichash2.c:12:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[crypto_generichash_KEYBYTES_MAX];
data/libsodium-1.0.18/test/default/generichash3.c:10:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[crypto_generichash_blake2b_SALTBYTES]
data/libsodium-1.0.18/test/default/generichash3.c:13:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char personal[crypto_generichash_blake2b_PERSONALBYTES]
data/libsodium-1.0.18/test/default/generichash3.c:16:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[MAXLEN];
data/libsodium-1.0.18/test/default/generichash3.c:17:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[crypto_generichash_blake2b_BYTES_MAX];
data/libsodium-1.0.18/test/default/generichash3.c:18:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[crypto_generichash_blake2b_KEYBYTES_MAX];
data/libsodium-1.0.18/test/default/hash.c:10:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char h[crypto_hash_BYTES];
data/libsodium-1.0.18/test/default/hash3.c:6:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char h[crypto_hash_BYTES];
data/libsodium-1.0.18/test/default/kdf.c:11:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[crypto_kdf_BYTES_MAX * 2 + 1];
data/libsodium-1.0.18/test/default/kdf.c:18:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context, "KDF test", sizeof "KDF test" -1U);
data/libsodium-1.0.18/test/default/kx.c:5:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char small_order_p[crypto_scalarmult_BYTES] = {
data/libsodium-1.0.18/test/default/kx.c:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[65];
data/libsodium-1.0.18/test/default/onetimeauth.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char rs[32] = {
data/libsodium-1.0.18/test/default/onetimeauth.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[131] = {
data/libsodium-1.0.18/test/default/onetimeauth.c:25:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char a[16];
data/libsodium-1.0.18/test/default/onetimeauth2.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char rs[32] = {
data/libsodium-1.0.18/test/default/onetimeauth2.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[131] = {
data/libsodium-1.0.18/test/default/onetimeauth2.c:25:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char a[16] = { 0xf3, 0xff, 0xc7, 0x70, 0x3f, 0x94, 0x00, 0xe5,
data/libsodium-1.0.18/test/default/onetimeauth7.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char key[32];
data/libsodium-1.0.18/test/default/onetimeauth7.c:6:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[1000];
data/libsodium-1.0.18/test/default/onetimeauth7.c:7:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char a[16];
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd[256];
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:82:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[crypto_pwhash_SALTBYTES];
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:83:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[256];
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_hex[256 * 2 + 1];
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:88:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sodium_hex2bin((unsigned char *) passwd, sizeof passwd,
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:94:64: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tests[i].passwd_len, (const unsigned char *) salt,
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd[256];
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:134:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[crypto_pwhash_SALTBYTES];
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:135:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[256];
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_hex[256 * 2 + 1];
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:140:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sodium_hex2bin((unsigned char *) passwd, sizeof passwd,
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:146:64: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tests[i].passwd_len, (const unsigned char *) salt,
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:214:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
out = (char *) sodium_malloc(strlen(tests[i].out) + 1U);
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:216:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, tests[i].out, strlen(tests[i].out) + 1U);
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:217:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U);
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:219:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U);
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:241:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(salt, ">A 16-bytes salt", crypto_pwhash_SALTBYTES);
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd[256];
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:82:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[crypto_pwhash_SALTBYTES];
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:83:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[256];
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_hex[256 * 2 + 1];
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:88:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sodium_hex2bin((unsigned char *) passwd, sizeof passwd,
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:94:64: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tests[i].passwd_len, (const unsigned char *) salt,
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd[256];
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:134:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[crypto_pwhash_SALTBYTES];
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:135:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[256];
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_hex[256 * 2 + 1];
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:140:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sodium_hex2bin((unsigned char *) passwd, sizeof passwd,
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:146:64: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tests[i].passwd_len, (const unsigned char *) salt,
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:210:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
out = (char *) sodium_malloc(strlen(tests[i].out) + 1U);
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:212:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, tests[i].out, strlen(tests[i].out) + 1U);
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:213:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U);
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:215:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U);
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:237:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(salt, ">A 16-bytes salt", crypto_pwhash_argon2id_SALTBYTES);
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:93:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd[256];
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:94:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES];
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:95:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[256];
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_hex[256 * 2 + 1];
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:100:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sodium_hex2bin((unsigned char *) passwd, sizeof passwd,
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:107:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tests[i].passwdlen, (const unsigned char *) salt,
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd[256];
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:143:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES];
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:144:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[256];
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_hex[256 * 2 + 1];
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:149:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sodium_hex2bin((unsigned char *) passwd, sizeof passwd,
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:156:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tests[i].passwdlen, (const unsigned char *) salt,
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:280:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
out = (char *) sodium_malloc(strlen(tests[i].out) + 1U);
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:282:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, tests[i].out, strlen(tests[i].out) + 1U);
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:283:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U);
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:285:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U);
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:308:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(salt, "[<~A 32-bytes salt for scrypt~>]",
data/libsodium-1.0.18/test/default/randombytes.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char x[65536];
data/libsodium-1.0.18/test/default/randombytes.c:32:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char seed[randombytes_SEEDBYTES] = {
data/libsodium-1.0.18/test/default/randombytes.c:37:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[100];
data/libsodium-1.0.18/test/default/scalarmult.c:5:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char alicesk[crypto_scalarmult_BYTES] = {
data/libsodium-1.0.18/test/default/scalarmult.c:11:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char bobsk[crypto_scalarmult_BYTES] = {
data/libsodium-1.0.18/test/default/scalarmult.c:17:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char small_order_p[crypto_scalarmult_BYTES] = {
data/libsodium-1.0.18/test/default/scalarmult.c:23:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hex[crypto_scalarmult_BYTES * 2 + 1];
data/libsodium-1.0.18/test/default/scalarmult2.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bobsk[32] = { 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a,
data/libsodium-1.0.18/test/default/scalarmult2.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bobpk[32];
data/libsodium-1.0.18/test/default/scalarmult5.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char alicesk[32] = { 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5,
data/libsodium-1.0.18/test/default/scalarmult5.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bobpk[32] = { 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1,
data/libsodium-1.0.18/test/default/scalarmult5.c:17:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char k[32];
data/libsodium-1.0.18/test/default/scalarmult6.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bobsk_[crypto_scalarmult_SCALARBYTES] = {
data/libsodium-1.0.18/test/default/scalarmult6.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char alicepk_[crypto_scalarmult_SCALARBYTES] = {
data/libsodium-1.0.18/test/default/scalarmult6.c:31:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bobsk, bobsk_, crypto_scalarmult_SCALARBYTES);
data/libsodium-1.0.18/test/default/scalarmult6.c:32:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(alicepk, alicepk_, crypto_scalarmult_SCALARBYTES);
data/libsodium-1.0.18/test/default/scalarmult7.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char p1[32] = {
data/libsodium-1.0.18/test/default/scalarmult7.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char p2[32] = {
data/libsodium-1.0.18/test/default/scalarmult7.c:17:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char scalar[32];
data/libsodium-1.0.18/test/default/scalarmult7.c:18:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char out1[32];
data/libsodium-1.0.18/test/default/scalarmult7.c:19:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char out2[32];
data/libsodium-1.0.18/test/default/scalarmult8.c:6:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char pk_hex[crypto_scalarmult_BYTES * 2 + 1];
data/libsodium-1.0.18/test/default/scalarmult8.c:7:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char sk_hex[crypto_scalarmult_SCALARBYTES * 2 + 1];
data/libsodium-1.0.18/test/default/scalarmult8.c:8:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char shared_hex[crypto_scalarmult_BYTES * 2 + 1];
data/libsodium-1.0.18/test/default/scalarmult8.c:540:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk[crypto_scalarmult_SCALARBYTES];
data/libsodium-1.0.18/test/default/scalarmult8.c:541:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pk[crypto_scalarmult_BYTES];
data/libsodium-1.0.18/test/default/scalarmult8.c:542:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char shared[crypto_scalarmult_BYTES];
data/libsodium-1.0.18/test/default/scalarmult8.c:543:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char shared2[crypto_scalarmult_BYTES];
data/libsodium-1.0.18/test/default/scalarmult_ed25519.c:4:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char non_canonical_p[32] = {
data/libsodium-1.0.18/test/default/scalarmult_ed25519.c:8:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char non_canonical_invalid_p[32] = {
data/libsodium-1.0.18/test/default/scalarmult_ed25519.c:12:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char max_canonical_p[32] = {
data/libsodium-1.0.18/test/default/scalarmult_ed25519.c:17:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char B[32] = {
data/libsodium-1.0.18/test/default/scalarmult_ed25519.c:36:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, B, crypto_scalarmult_ed25519_BYTES);
data/libsodium-1.0.18/test/default/secretbox.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char firstkey[32] = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85,
data/libsodium-1.0.18/test/default/secretbox.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6,
data/libsodium-1.0.18/test/default/secretbox.c:17:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char m[163] = {
data/libsodium-1.0.18/test/default/secretbox.c:34:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[163];
data/libsodium-1.0.18/test/default/secretbox.c:49:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, m, 163);
data/libsodium-1.0.18/test/default/secretbox2.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char firstkey[32] = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85,
data/libsodium-1.0.18/test/default/secretbox2.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6,
data/libsodium-1.0.18/test/default/secretbox2.c:17:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[163] = {
data/libsodium-1.0.18/test/default/secretbox2.c:34:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char m[163];
data/libsodium-1.0.18/test/default/secretbox7.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char k[crypto_secretbox_KEYBYTES];
data/libsodium-1.0.18/test/default/secretbox7.c:6:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char n[crypto_secretbox_NONCEBYTES];
data/libsodium-1.0.18/test/default/secretbox7.c:7:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char m[10000];
data/libsodium-1.0.18/test/default/secretbox7.c:8:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[10000];
data/libsodium-1.0.18/test/default/secretbox7.c:9:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char m2[10000];
data/libsodium-1.0.18/test/default/secretbox8.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char k[crypto_secretbox_KEYBYTES];
data/libsodium-1.0.18/test/default/secretbox8.c:6:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char n[crypto_secretbox_NONCEBYTES];
data/libsodium-1.0.18/test/default/secretbox8.c:7:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char m[10000];
data/libsodium-1.0.18/test/default/secretbox8.c:8:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[10000];
data/libsodium-1.0.18/test/default/secretbox8.c:9:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char m2[10000];
data/libsodium-1.0.18/test/default/secretbox_easy.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char firstkey[32] = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85,
data/libsodium-1.0.18/test/default/secretbox_easy.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6,
data/libsodium-1.0.18/test/default/secretbox_easy.c:16:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char m[131] = {
data/libsodium-1.0.18/test/default/secretbox_easy.c:58:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c + 1, m, 131);
data/libsodium-1.0.18/test/default/secretbox_easy.c:65:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, m, 131);
data/libsodium-1.0.18/test/default/secretbox_easy.c:72:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, m, 131);
data/libsodium-1.0.18/test/default/secretbox_easy.c:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, m, 20);
data/libsodium-1.0.18/test/default/secretbox_easy.c:113:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, m, 20);
data/libsodium-1.0.18/test/default/secretbox_easy2.c:53:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, m, mlen);
data/libsodium-1.0.18/test/default/secretstream.c:54:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m1_, m1, m1_len);
data/libsodium-1.0.18/test/default/secretstream.c:56:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m2_, m2, m2_len);
data/libsodium-1.0.18/test/default/secretstream.c:58:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m3_, m3, m3_len);
data/libsodium-1.0.18/test/default/secretstream.c:208:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(statesave, state, sizeof *state);
data/libsodium-1.0.18/test/default/secretstream.c:218:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(csave, c2, m2_len + crypto_secretstream_xchacha20poly1305_ABYTES);
data/libsodium-1.0.18/test/default/secretstream.c:234:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state, statesave, sizeof *state);
data/libsodium-1.0.18/test/default/shorthash.c:10:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[MAXLEN];
data/libsodium-1.0.18/test/default/shorthash.c:11:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[crypto_shorthash_BYTES];
data/libsodium-1.0.18/test/default/shorthash.c:12:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[crypto_shorthash_KEYBYTES];
data/libsodium-1.0.18/test/default/sign.c:11:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char sk[crypto_sign_SEEDBYTES];
data/libsodium-1.0.18/test/default/sign.c:12:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char pk[crypto_sign_PUBLICKEYBYTES];
data/libsodium-1.0.18/test/default/sign.c:13:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char sig[crypto_sign_BYTES];
data/libsodium-1.0.18/test/default/sign.c:1044:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char non_canonical_p[32] = {
data/libsodium-1.0.18/test/default/sign.c:1051:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char l[32] =
data/libsodium-1.0.18/test/default/sign.c:1063:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char extracted_seed[crypto_sign_ed25519_SEEDBYTES];
data/libsodium-1.0.18/test/default/sign.c:1064:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char extracted_pk[crypto_sign_ed25519_PUBLICKEYBYTES];
data/libsodium-1.0.18/test/default/sign.c:1065:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[crypto_sign_BYTES];
data/libsodium-1.0.18/test/default/sign.c:1066:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sm[1024 + crypto_sign_BYTES];
data/libsodium-1.0.18/test/default/sign.c:1067:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m[1024];
data/libsodium-1.0.18/test/default/sign.c:1068:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char skpk[crypto_sign_SECRETKEYBYTES];
data/libsodium-1.0.18/test/default/sign.c:1069:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pk[crypto_sign_PUBLICKEYBYTES];
data/libsodium-1.0.18/test/default/sign.c:1070:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk[crypto_sign_SECRETKEYBYTES];
data/libsodium-1.0.18/test/default/sign.c:1071:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig_hex[crypto_sign_BYTES * 2 + 1];
data/libsodium-1.0.18/test/default/sign.c:1072:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pk_hex[crypto_sign_PUBLICKEYBYTES * 2 + 1];
data/libsodium-1.0.18/test/default/sign.c:1073:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sk_hex[crypto_sign_SECRETKEYBYTES * 2 + 1];
data/libsodium-1.0.18/test/default/sign.c:1087:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(skpk, test_data[i].sk, crypto_sign_SEEDBYTES);
data/libsodium-1.0.18/test/default/sign.c:1088:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(skpk + crypto_sign_SEEDBYTES, test_data[i].pk,
data/libsodium-1.0.18/test/default/sign.c:1090:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (crypto_sign(sm, &smlen, (const unsigned char *)test_data[i].m, i,
data/libsodium-1.0.18/test/default/sign.c:1131:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const unsigned char *)test_data[i].m, i, skpk)
data/libsodium-1.0.18/test/default/sign.c:1145:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const unsigned char *)test_data[i].m,
data/libsodium-1.0.18/test/default/sign.c:1155:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm, test_data[i].m, i);
data/libsodium-1.0.18/test/default/sign.c:1169:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const unsigned char *)test_data[i].m,
data/libsodium-1.0.18/test/default/sign.c:1179:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const unsigned char *)test_data[i].m,
data/libsodium-1.0.18/test/default/sign.c:1186:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const unsigned char *)test_data[i].m,
data/libsodium-1.0.18/test/default/sign.c:1194:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const unsigned char *)test_data[i].m,
data/libsodium-1.0.18/test/default/sign.c:1199:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const unsigned char *)test_data[i].m, i, skpk) == 0);
data/libsodium-1.0.18/test/default/sign.c:1205:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const unsigned char *)test_data[i].m,
data/libsodium-1.0.18/test/default/sign.c:1214:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const unsigned char *)test_data[i].m,
data/libsodium-1.0.18/test/default/sign.c:1223:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const unsigned char *)test_data[i].m,
data/libsodium-1.0.18/test/default/sign.c:1233:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_sign_update(&st, (const unsigned char *)test_data[i].m, i);
data/libsodium-1.0.18/test/default/sign.c:1239:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_sign_update(&st, (const unsigned char *)test_data[i].m, i);
data/libsodium-1.0.18/test/default/sign.c:1244:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_sign_update(&st, (const unsigned char *)test_data[i].m, 0);
data/libsodium-1.0.18/test/default/sign.c:1245:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_sign_update(&st, (const unsigned char *)test_data[i].m, i / 2);
data/libsodium-1.0.18/test/default/sign.c:1246:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
crypto_sign_update(&st, ((const unsigned char *)test_data[i].m) + i / 2,
data/libsodium-1.0.18/test/default/sign.c:1266:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sk + crypto_sign_SECRETKEYBYTES - crypto_sign_PUBLICKEYBYTES,
data/libsodium-1.0.18/test/default/siphashx24.c:10:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[MAXLEN];
data/libsodium-1.0.18/test/default/siphashx24.c:11:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[crypto_shorthash_siphashx24_BYTES];
data/libsodium-1.0.18/test/default/siphashx24.c:12:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[crypto_shorthash_siphashx24_KEYBYTES];
data/libsodium-1.0.18/test/default/sodium_utils.c:7:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf_add[1000];
data/libsodium-1.0.18/test/default/sodium_utils.c:8:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf1[1000];
data/libsodium-1.0.18/test/default/sodium_utils.c:9:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf2[1000];
data/libsodium-1.0.18/test/default/sodium_utils.c:10:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf1_rev[1000];
data/libsodium-1.0.18/test/default/sodium_utils.c:11:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf2_rev[1000];
data/libsodium-1.0.18/test/default/sodium_utils.c:12:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[24];
data/libsodium-1.0.18/test/default/sodium_utils.c:13:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nonce_hex[49];
data/libsodium-1.0.18/test/default/sodium_utils.c:23:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf2, buf1, sizeof buf2);
data/libsodium-1.0.18/test/default/sodium_utils.c:71:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf1, buf2, bin_len);
data/libsodium-1.0.18/test/default/sodium_utils.c:92:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf2, buf1, bin_len);
data/libsodium-1.0.18/test/default/sodium_utils.c:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf2, buf1, bin_len);
data/libsodium-1.0.18/test/default/stream.c:5:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char firstkey[32] = {
data/libsodium-1.0.18/test/default/stream.c:13:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char nonce[24] = {
data/libsodium-1.0.18/test/default/stream.c:23:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[32];
data/libsodium-1.0.18/test/default/stream2.c:5:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char secondkey[32] = {
data/libsodium-1.0.18/test/default/stream2.c:13:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char noncesuffix[8] = {
data/libsodium-1.0.18/test/default/stream2.c:24:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[32];
data/libsodium-1.0.18/test/default/stream3.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char firstkey[32] = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85,
data/libsodium-1.0.18/test/default/stream3.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6,
data/libsodium-1.0.18/test/default/stream3.c:16:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char rs[32];
data/libsodium-1.0.18/test/default/stream4.c:5:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char firstkey[32] = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85,
data/libsodium-1.0.18/test/default/stream4.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6,
data/libsodium-1.0.18/test/default/stream4.c:16:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char m[163] = {
data/libsodium-1.0.18/test/default/stream4.c:33:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[163];
data/libsodium-1.0.18/test/default/verify1.c:26:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v16x, v16, 16);
data/libsodium-1.0.18/test/default/verify1.c:27:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v32x, v32, 32);
data/libsodium-1.0.18/test/default/verify1.c:28:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v64x, v64, 64);
data/libsodium-1.0.18/test/default/xchacha20.c:6:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char key[crypto_core_hchacha20_KEYBYTES * 2 + 1];
data/libsodium-1.0.18/test/default/xchacha20.c:7:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char in[crypto_core_hchacha20_INPUTBYTES * 2 + 1];
data/libsodium-1.0.18/test/default/xchacha20.c:8:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char out[crypto_core_hchacha20_OUTPUTBYTES * 2 + 1];
data/libsodium-1.0.18/test/default/xchacha20.c:11:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char small_order_p[crypto_scalarmult_BYTES] = {
data/libsodium-1.0.18/test/default/xchacha20.c:84:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char key[crypto_stream_xchacha20_KEYBYTES * 2 + 1];
data/libsodium-1.0.18/test/default/xchacha20.c:85:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char nonce[crypto_stream_xchacha20_NONCEBYTES * 2 + 1];
data/libsodium-1.0.18/test/default/xchacha20.c:86:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char out[XCHACHA20_OUT_MAX * 2 + 1];
data/libsodium-1.0.18/test/default/xchacha20.c:150:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out2 + 64, out, 64);
data/libsodium-1.0.18/test/default/xchacha20.c:193:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char key[crypto_secretbox_xchacha20poly1305_KEYBYTES * 2 + 1];
data/libsodium-1.0.18/test/default/xchacha20.c:194:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char nonce[crypto_secretbox_xchacha20poly1305_NONCEBYTES * 2 + 1];
data/libsodium-1.0.18/test/default/xchacha20.c:302:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[65];
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:527:1: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
equal(signed char b, signed char c)
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:576:34: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ge25519_cmov(t, &precomp[0], equal(babs, 1));
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:577:34: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ge25519_cmov(t, &precomp[1], equal(babs, 2));
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:578:34: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ge25519_cmov(t, &precomp[2], equal(babs, 3));
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:579:34: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ge25519_cmov(t, &precomp[3], equal(babs, 4));
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:580:34: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ge25519_cmov(t, &precomp[4], equal(babs, 5));
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:581:34: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ge25519_cmov(t, &precomp[5], equal(babs, 6));
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:582:34: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ge25519_cmov(t, &precomp[6], equal(babs, 7));
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:583:34: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ge25519_cmov(t, &precomp[7], equal(babs, 8));
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:611:40: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ge25519_cmov_cached(t, &cached[0], equal(babs, 1));
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:612:40: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ge25519_cmov_cached(t, &cached[1], equal(babs, 2));
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:613:40: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ge25519_cmov_cached(t, &cached[2], equal(babs, 3));
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:614:40: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ge25519_cmov_cached(t, &cached[3], equal(babs, 4));
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:615:40: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ge25519_cmov_cached(t, &cached[4], equal(babs, 5));
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:616:40: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ge25519_cmov_cached(t, &cached[5], equal(babs, 6));
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:617:40: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ge25519_cmov_cached(t, &cached[6], equal(babs, 7));
data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:618:40: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ge25519_cmov_cached(t, &cached[7], equal(babs, 8));
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:99:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cc_len = strlen(prefix); \
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:109:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cc_len = strlen(prefix); \
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:145:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sodium_base642bin((buf), (max_len), str, strlen(str), NULL, \
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:245:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pp_len = strlen(str); \
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:268:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sb_len = strlen(dst); \
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2.c:218:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
encoded_len = strlen(encoded);
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:249:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fodder_len = strlen(str);
data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c:165:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
saltlen = strlen((const char *) salt);
data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c:325:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((readnb = read(fd, buf, size)) < (ssize_t) 0 &&
data/libsodium-1.0.18/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c:135:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((readnb = read(fd, buf, size)) < (ssize_t) 0 &&
data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3106:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(tests[i].key_hex) == 2 * crypto_aead_aes256gcm_KEYBYTES);
data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3108:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].key_hex, strlen(tests[i].key_hex),
data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3110:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(tests[i].nonce_hex) == 2 * crypto_aead_aes256gcm_NPUBBYTES);
data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3112:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].nonce_hex, strlen(tests[i].nonce_hex),
data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3114:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message_len = strlen(tests[i].message_hex) / 2;
data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3117:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].message_hex, strlen(tests[i].message_hex),
data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3119:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ad_len = strlen(tests[i].ad_hex) / 2;
data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3122:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].ad_hex, strlen(tests[i].ad_hex),
data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3127:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(tests[i].ciphertext_hex) == 2 * message_len);
data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3129:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].ciphertext_hex, strlen(tests[i].ciphertext_hex),
data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3131:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(tests[i].mac_hex) == 2 * crypto_aead_aes256gcm_ABYTES);
data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3133:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].mac_hex, strlen(tests[i].mac_hex),
data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:202:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(tests[i].key_hex) == 2 * crypto_aead_aes256gcm_KEYBYTES);
data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:204:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tests[i].key_hex), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:206:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(tests[i].nonce_hex) ==
data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:209:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].nonce_hex, strlen(tests[i].nonce_hex), NULL,
data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:212:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message_len = strlen(tests[i].message_hex) / 2;
data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:215:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tests[i].message_hex), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:217:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ad_len = strlen(tests[i].ad_hex) / 2;
data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:219:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sodium_hex2bin(ad, ad_len, tests[i].ad_hex, strlen(tests[i].ad_hex),
data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:223:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(tests[i].detached_ciphertext_hex) == 2 * message_len);
data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:224:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(tests[i].mac_hex) == 2 * crypto_aead_aes256gcm_ABYTES);
data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:226:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tests[i].mac_hex), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:232:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tests[i].detached_ciphertext_hex), NULL, NULL,
data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:970:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(tests[i].key_hex) ==
data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:973:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].key_hex, strlen(tests[i].key_hex), NULL, NULL,
data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:976:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(tests[i].nonce_hex) ==
data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:979:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].nonce_hex, strlen(tests[i].nonce_hex), NULL,
data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:982:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message_len = strlen(tests[i].message_hex) / 2;
data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:985:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tests[i].message_hex), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:987:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ad_len = strlen(tests[i].ad_hex) / 2;
data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:989:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sodium_hex2bin(ad, ad_len, tests[i].ad_hex, strlen(tests[i].ad_hex),
data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:993:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(tests[i].detached_ciphertext_hex) == 2 * message_len);
data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:994:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(tests[i].mac_hex) ==
data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:997:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].mac_hex, strlen(tests[i].mac_hex), NULL, NULL,
data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:1004:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tests[i].detached_ciphertext_hex), NULL, NULL,
data/libsodium-1.0.18/test/default/chacha20.c:34:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tests[i].key_hex), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/chacha20.c:36:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tests[i].nonce_hex), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/chacha20.c:121:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tests[i].key_hex), ": ", NULL, NULL);
data/libsodium-1.0.18/test/default/chacha20.c:123:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tests[i].nonce_hex), ": ", NULL, NULL);
data/libsodium-1.0.18/test/default/cmptest.h:199:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(fp_res)) != fgetc(fp_out)) {
data/libsodium-1.0.18/test/default/cmptest.h:199:36: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(fp_res)) != fgetc(fp_out)) {
data/libsodium-1.0.18/test/default/codecs.c:29:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sodium_hex2bin(buf4, sizeof buf4, hex, strlen(hex), ": ", &bin_len,
data/libsodium-1.0.18/test/default/codecs.c:36:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sodium_hex2bin(buf4, sizeof buf4, hex, strlen(hex), ": ", &bin_len, NULL);
data/libsodium-1.0.18/test/default/codecs.c:133:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(sodium_base642bin(buf4, sizeof buf4, b64, strlen(b64), "\n\r ", &bin_len,
data/libsodium-1.0.18/test/default/codecs.c:140:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), "\n\r ", &bin_len,
data/libsodium-1.0.18/test/default/codecs.c:147:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, &bin_len,
data/libsodium-1.0.18/test/default/codecs.c:153:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL,
data/libsodium-1.0.18/test/default/codecs.c:155:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL,
data/libsodium-1.0.18/test/default/codecs.c:157:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL,
data/libsodium-1.0.18/test/default/codecs.c:159:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL,
data/libsodium-1.0.18/test/default/codecs.c:161:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL,
data/libsodium-1.0.18/test/default/codecs.c:164:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL,
data/libsodium-1.0.18/test/default/codecs.c:166:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL,
data/libsodium-1.0.18/test/default/codecs.c:168:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL,
data/libsodium-1.0.18/test/default/codecs.c:170:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL,
data/libsodium-1.0.18/test/default/codecs.c:172:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL,
data/libsodium-1.0.18/test/default/generichash.c:1308:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(tests[i].key_hex) == 2 * crypto_generichash_KEYBYTES_MAX);
data/libsodium-1.0.18/test/default/generichash.c:1310:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].key_hex, strlen(tests[i].key_hex),
data/libsodium-1.0.18/test/default/generichash.c:1312:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(tests[i].out_hex) == 2 * crypto_generichash_BYTES_MAX);
data/libsodium-1.0.18/test/default/generichash.c:1314:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].out_hex, strlen(tests[i].out_hex),
data/libsodium-1.0.18/test/default/generichash.c:1316:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
in_len = strlen(tests[i].in_hex) / 2;
data/libsodium-1.0.18/test/default/generichash.c:1318:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sodium_hex2bin(in, in_len, tests[i].in_hex, strlen(tests[i].in_hex),
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:89:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL,
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:92:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tests[i].salt_hex), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:141:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL,
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:144:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tests[i].salt_hex), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:156:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 3,
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:160:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_argon2i(out, sizeof out, "password", strlen("password"), salt, 3,
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:164:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 3,
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:168:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 3,
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:172:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 2,
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:176:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash(out, 15, "password", strlen("password"), salt, 3,
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:184:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(crypto_pwhash_argon2i(out, sizeof out, "password", strlen("password"), salt,
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:214:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = (char *) sodium_malloc(strlen(tests[i].out) + 1U);
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:216:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(out, tests[i].out, strlen(tests[i].out) + 1U);
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:217:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U);
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:219:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U);
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:220:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = crypto_pwhash_str_verify(out, passwd, strlen(passwd));
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:242:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_argon2i_str(str_out, passwd, strlen(passwd), OPSLIMIT,
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:246:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_argon2i_str(str_out2, passwd, strlen(passwd), OPSLIMIT,
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:269:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sodium_is_zero((const unsigned char *) str_out + strlen(str_out),
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:270:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crypto_pwhash_STRBYTES - strlen(str_out)) != 1 ||
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:271:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sodium_is_zero((const unsigned char *) str_out2 + strlen(str_out2),
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:272:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crypto_pwhash_STRBYTES - strlen(str_out2)) != 1) {
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:275:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_argon2i_str_verify(str_out, passwd, strlen(passwd)) != 0) {
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:279:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_argon2i_str_verify(str_out, passwd, strlen(passwd)) != -1) {
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:289:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_argon2i_str(str_out2, passwd, strlen(passwd), 1, MEMLIMIT) !=
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:300:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1) {
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:305:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1) {
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:310:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1) {
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:315:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1) {
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:320:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1) {
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:325:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1) {
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:331:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != 0) {
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:337:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"passwore", strlen("passwore")) != -1 || errno != EINVAL) {
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:343:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1 || errno != EINVAL) {
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:349:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1 || errno != EINVAL) {
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:355:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1 || errno != EINVAL) {
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:361:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1 || errno != EINVAL) {
data/libsodium-1.0.18/test/default/pwhash_argon2i.c:411:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(crypto_pwhash_argon2i_strbytes() > strlen(crypto_pwhash_argon2i_strprefix()));
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:89:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL,
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:92:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tests[i].salt_hex), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:141:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL,
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:144:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tests[i].salt_hex), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:156:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_argon2id(out, sizeof out, "password", strlen("password"), salt, 3,
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:160:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_argon2id(out, sizeof out, "password", strlen("password"), salt, 3,
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:164:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_argon2id(out, sizeof out, "password", strlen("password"), salt, 3,
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:168:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_argon2id(out, sizeof out, "password", strlen("password"), salt, 2,
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:172:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_argon2id(out, 15, "password", strlen("password"), salt, 3,
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:180:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(crypto_pwhash_argon2id(out, sizeof out, "password", strlen("password"), salt,
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:210:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = (char *) sodium_malloc(strlen(tests[i].out) + 1U);
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:212:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(out, tests[i].out, strlen(tests[i].out) + 1U);
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:213:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U);
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:215:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U);
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:216:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = crypto_pwhash_str_verify(out, passwd, strlen(passwd));
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:238:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_str(str_out, passwd, strlen(passwd), OPSLIMIT,
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:242:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), OPSLIMIT,
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:278:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sodium_is_zero((const unsigned char *) str_out + strlen(str_out),
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:279:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crypto_pwhash_STRBYTES - strlen(str_out)) != 1 ||
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:280:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sodium_is_zero((const unsigned char *) str_out2 + strlen(str_out2),
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:281:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crypto_pwhash_STRBYTES - strlen(str_out2)) != 1) {
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:284:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_argon2id_str_verify(str_out, passwd, strlen(passwd)) != 0) {
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:287:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != 0) {
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:291:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != -1) {
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:301:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), 1, MEMLIMIT) != 0) {
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:304:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), 0, MEMLIMIT) != -1) {
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:314:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1) {
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:319:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1) {
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:324:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1) {
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:329:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1) {
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:334:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1) {
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:339:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1) {
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:344:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != 0) {
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:349:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"passwore", strlen("passwore")) != -1 || errno != EINVAL) {
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:354:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1 || errno != EINVAL) {
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:359:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"password", strlen("password")) != -1 || errno != EINVAL) {
data/libsodium-1.0.18/test/default/pwhash_argon2id.c:409:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(crypto_pwhash_strbytes() > strlen(crypto_pwhash_strprefix()));
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:101:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL,
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:104:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tests[i].salt_hex), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:150:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL,
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:153:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tests[i].salt_hex), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:280:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = (char *) sodium_malloc(strlen(tests[i].out) + 1U);
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:282:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(out, tests[i].out, strlen(tests[i].out) + 1U);
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:283:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U);
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:285:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U);
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:287:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out, passwd, strlen(passwd)) != 0) {
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:310:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_scryptsalsa208sha256_str(str_out, passwd, strlen(passwd),
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:314:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_pwhash_scryptsalsa208sha256_str(str_out2, passwd, strlen(passwd),
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:340:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(passwd)) != 0) {
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:344:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(passwd)) != 0) {
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:349:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(passwd)) == 0) {
data/libsodium-1.0.18/test/default/pwhash_scrypt.c:384:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(crypto_pwhash_scryptsalsa208sha256_strprefix()));
data/libsodium-1.0.18/test/default/pwhash_scrypt_ll.c:29:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t passwd_len = strlen(passwd);
data/libsodium-1.0.18/test/default/pwhash_scrypt_ll.c:30:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t salt_len = strlen(salt);
data/libsodium-1.0.18/test/default/xchacha20.c:48:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tv->key, strlen(tv->key), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/xchacha20.c:50:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tv->in, strlen(tv->in), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/xchacha20.c:52:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tv->out, strlen(tv->out), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/xchacha20.c:120:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tv->key, strlen(tv->key), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/xchacha20.c:122:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tv->nonce, strlen(tv->nonce), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/xchacha20.c:124:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tv->out, strlen(tv->out), NULL, &out_len, NULL);
data/libsodium-1.0.18/test/default/xchacha20.c:230:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_len = strlen(tv->m) / 2;
data/libsodium-1.0.18/test/default/xchacha20.c:233:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tv->key, strlen(tv->key), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/xchacha20.c:235:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tv->nonce, strlen(tv->nonce), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/xchacha20.c:236:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sodium_hex2bin(m, m_len, tv->m, strlen(tv->m), NULL, NULL, NULL);
data/libsodium-1.0.18/test/default/xchacha20.c:242:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tv->out, strlen(tv->out), NULL, NULL, NULL);
ANALYSIS SUMMARY:
Hits = 1025
Lines analyzed = 52838 in approximately 4.92 seconds (10729 lines/second)
Physical Source Lines of Code (SLOC) = 45151
Hits@level = [0] 713 [1] 193 [2] 818 [3] 9 [4] 5 [5] 0
Hits@level+ = [0+] 1738 [1+] 1025 [2+] 832 [3+] 14 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 38.4931 [1+] 22.7016 [2+] 18.4271 [3+] 0.310071 [4+] 0.11074 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.