Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libxcrypt-4.4.17/lib/alg-des-tables.c
Examining data/libxcrypt-4.4.17/lib/alg-des.c
Examining data/libxcrypt-4.4.17/lib/alg-des.h
Examining data/libxcrypt-4.4.17/lib/alg-gost3411-2012-const.h
Examining data/libxcrypt-4.4.17/lib/alg-gost3411-2012-core.c
Examining data/libxcrypt-4.4.17/lib/alg-gost3411-2012-core.h
Examining data/libxcrypt-4.4.17/lib/alg-gost3411-2012-hmac.c
Examining data/libxcrypt-4.4.17/lib/alg-gost3411-2012-hmac.h
Examining data/libxcrypt-4.4.17/lib/alg-gost3411-2012-precalc.h
Examining data/libxcrypt-4.4.17/lib/alg-gost3411-2012-ref.h
Examining data/libxcrypt-4.4.17/lib/alg-hmac-sha1.c
Examining data/libxcrypt-4.4.17/lib/alg-hmac-sha1.h
Examining data/libxcrypt-4.4.17/lib/alg-md4.c
Examining data/libxcrypt-4.4.17/lib/alg-md4.h
Examining data/libxcrypt-4.4.17/lib/alg-md5.c
Examining data/libxcrypt-4.4.17/lib/alg-md5.h
Examining data/libxcrypt-4.4.17/lib/alg-sha1.c
Examining data/libxcrypt-4.4.17/lib/alg-sha1.h
Examining data/libxcrypt-4.4.17/lib/alg-sha256.c
Examining data/libxcrypt-4.4.17/lib/alg-sha256.h
Examining data/libxcrypt-4.4.17/lib/alg-sha512.c
Examining data/libxcrypt-4.4.17/lib/alg-sha512.h
Examining data/libxcrypt-4.4.17/lib/alg-yescrypt-common.c
Examining data/libxcrypt-4.4.17/lib/alg-yescrypt-opt.c
Examining data/libxcrypt-4.4.17/lib/alg-yescrypt-platform.c
Examining data/libxcrypt-4.4.17/lib/alg-yescrypt-sysendian.h
Examining data/libxcrypt-4.4.17/lib/alg-yescrypt.h
Examining data/libxcrypt-4.4.17/lib/byteorder.h
Examining data/libxcrypt-4.4.17/lib/crypt-bcrypt.c
Examining data/libxcrypt-4.4.17/lib/crypt-common.c
Examining data/libxcrypt-4.4.17/lib/crypt-common.h
Examining data/libxcrypt-4.4.17/lib/crypt-des-obsolete.c
Examining data/libxcrypt-4.4.17/lib/crypt-des.c
Examining data/libxcrypt-4.4.17/lib/crypt-gensalt-static.c
Examining data/libxcrypt-4.4.17/lib/crypt-gensalt.c
Examining data/libxcrypt-4.4.17/lib/crypt-gost-yescrypt.c
Examining data/libxcrypt-4.4.17/lib/crypt-md5.c
Examining data/libxcrypt-4.4.17/lib/crypt-nthash.c
Examining data/libxcrypt-4.4.17/lib/crypt-obsolete.h
Examining data/libxcrypt-4.4.17/lib/crypt-pbkdf1-sha1.c
Examining data/libxcrypt-4.4.17/lib/crypt-port.h
Examining data/libxcrypt-4.4.17/lib/crypt-scrypt.c
Examining data/libxcrypt-4.4.17/lib/crypt-sha256.c
Examining data/libxcrypt-4.4.17/lib/crypt-sha512.c
Examining data/libxcrypt-4.4.17/lib/crypt-static.c
Examining data/libxcrypt-4.4.17/lib/crypt-sunmd5.c
Examining data/libxcrypt-4.4.17/lib/crypt-yescrypt.c
Examining data/libxcrypt-4.4.17/lib/crypt.c
Examining data/libxcrypt-4.4.17/lib/gen-des-tables.c
Examining data/libxcrypt-4.4.17/lib/randombytes.c
Examining data/libxcrypt-4.4.17/test/alg-des.c
Examining data/libxcrypt-4.4.17/test/alg-gost3411-2012-hmac.c
Examining data/libxcrypt-4.4.17/test/alg-gost3411-2012.c
Examining data/libxcrypt-4.4.17/test/alg-hmac-sha1.c
Examining data/libxcrypt-4.4.17/test/alg-md4.c
Examining data/libxcrypt-4.4.17/test/alg-md5.c
Examining data/libxcrypt-4.4.17/test/alg-pbkdf-hmac-sha256.c
Examining data/libxcrypt-4.4.17/test/alg-sha1.c
Examining data/libxcrypt-4.4.17/test/alg-sha256.c
Examining data/libxcrypt-4.4.17/test/alg-sha512.c
Examining data/libxcrypt-4.4.17/test/alg-yescrypt.c
Examining data/libxcrypt-4.4.17/test/badsalt.c
Examining data/libxcrypt-4.4.17/test/badsetting.c
Examining data/libxcrypt-4.4.17/test/byteorder.c
Examining data/libxcrypt-4.4.17/test/checksalt.c
Examining data/libxcrypt-4.4.17/test/compile-strong-alias.c
Examining data/libxcrypt-4.4.17/test/crypt-badargs.c
Examining data/libxcrypt-4.4.17/test/crypt-gost-yescrypt.c
Examining data/libxcrypt-4.4.17/test/des-cases.h
Examining data/libxcrypt-4.4.17/test/des-obsolete.c
Examining data/libxcrypt-4.4.17/test/des-obsolete_r.c
Examining data/libxcrypt-4.4.17/test/fcrypt-enosys.c
Examining data/libxcrypt-4.4.17/test/gensalt-extradata.c
Examining data/libxcrypt-4.4.17/test/gensalt-nthash.c
Examining data/libxcrypt-4.4.17/test/gensalt.c
Examining data/libxcrypt-4.4.17/test/getrandom-fallbacks.c
Examining data/libxcrypt-4.4.17/test/getrandom-interface.c
Examining data/libxcrypt-4.4.17/test/ka-tester.c
Examining data/libxcrypt-4.4.17/test/preferred-method.c
Examining data/libxcrypt-4.4.17/test/short-outbuf.c
Examining data/libxcrypt-4.4.17/test/special-char-salt.c
FINAL RESULTS:
data/libxcrypt-4.4.17/lib/crypt-static.c:28:1: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt (const char *key, const char *setting)
data/libxcrypt-4.4.17/lib/crypt-static.c:31:10: [4] (crypto) crypt_r:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
return crypt_r (key, setting, &nr_crypt_ctx);
data/libxcrypt-4.4.17/lib/crypt-static.c:57:15: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
strong_alias (crypt, fcrypt);
data/libxcrypt-4.4.17/lib/crypt-static.c:64:15: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
strong_alias (crypt, xcrypt);
data/libxcrypt-4.4.17/lib/crypt.c:67:12: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt_fn crypt;
data/libxcrypt-4.4.17/lib/crypt.c:140:6: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
h->crypt (phrase, phr_size, setting, set_size,
data/libxcrypt-4.4.17/lib/crypt.c:195:1: [4] (crypto) crypt_r:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt_r (const char *phrase, const char *setting, struct crypt_data *data)
data/libxcrypt-4.4.17/lib/crypt.c:210:15: [4] (crypto) crypt_r:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
strong_alias (crypt_r, xcrypt_r);
data/libxcrypt-4.4.17/test/badsalt.c:357:12: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
retval = crypt (phrase, setting);
data/libxcrypt-4.4.17/test/badsalt.c:361:12: [4] (crypto) crypt_r:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
retval = crypt_r (phrase, setting, cd);
data/libxcrypt-4.4.17/test/checksalt.c:169:7: [4] (crypto) crypt_r:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt_r (phr, gs_out, &cd);
data/libxcrypt-4.4.17/test/checksalt.c:226:11: [4] (crypto) crypt_r:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt_r (phr, gs_out, &cd);
data/libxcrypt-4.4.17/test/crypt-badargs.c:147:15: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
char *got = crypt (phrase, setting);
data/libxcrypt-4.4.17/test/crypt-badargs.c:157:15: [4] (crypto) crypt_r:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
char *got = crypt_r (phrase, setting, &data);
data/libxcrypt-4.4.17/test/crypt-badargs.c:281:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (page, settings[i]);
data/libxcrypt-4.4.17/test/crypt-badargs.c:292:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (page, settings[i]);
data/libxcrypt-4.4.17/test/crypt-badargs.c:316:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (page, settings[i]);
data/libxcrypt-4.4.17/test/crypt-gost-yescrypt.c:92:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (*a + *a_size, h);
data/libxcrypt-4.4.17/test/gensalt-nthash.c:46:3: [4] (crypto) crypt_r:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt_r ("top secret", output, &cd);
data/libxcrypt-4.4.17/test/ka-tester.c:159:14: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
hash = crypt (t->input, t->salt);
data/libxcrypt-4.4.17/test/ka-tester.c:195:14: [4] (crypto) crypt_r:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
hash = crypt_r (u.pass + 1, t->salt, &data);
data/libxcrypt-4.4.17/test/preferred-method.c:89:7: [4] (crypto) crypt_r:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt_r (PASSPHRASE, gs, &cd);
data/libxcrypt-4.4.17/test/special-char-salt.c:864:7: [4] (crypto) crypt_r:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt_r (phrase, testcases[i].setting, &cd);
data/libxcrypt-4.4.17/lib/crypt-pbkdf1-sha1.c:235:33: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rounds = (uint32_t) (count - (random % (count / 4)));
data/libxcrypt-4.4.17/lib/alg-des.c:75:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[MIN_SIZE(8)])
data/libxcrypt-4.4.17/lib/alg-des.h:59:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[MIN_SIZE(8)]);
data/libxcrypt-4.4.17/lib/alg-gost3411-2012-const.h:269:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char Tau[64] = {
data/libxcrypt-4.4.17/lib/alg-gost3411-2012-const.h:280:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char Pi[256] = {
data/libxcrypt-4.4.17/lib/alg-gost3411-2012-core.c:183:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(CTX->hash), &(CTX->h), sizeof (uint512_u));
data/libxcrypt-4.4.17/lib/alg-gost3411-2012-core.c:196:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&CTX->buffer[CTX->bufsize], data, chunksize);
data/libxcrypt-4.4.17/lib/alg-gost3411-2012-core.c:219:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&CTX->buffer, data, len);
data/libxcrypt-4.4.17/lib/alg-gost3411-2012-core.c:232:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, &(CTX->hash.QWORD[4]), 32);
data/libxcrypt-4.4.17/lib/alg-gost3411-2012-core.c:234:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, &(CTX->hash.QWORD[0]), 64);
data/libxcrypt-4.4.17/lib/alg-gost3411-2012-core.h:31:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/libxcrypt-4.4.17/lib/alg-gost3411-2012-hmac.h:33:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad[GOSTR3411_2012_B]; /* ipad and opad */
data/libxcrypt-4.4.17/lib/alg-gost3411-2012-hmac.h:34:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kstar[GOSTR3411_2012_B]; /* derived key */
data/libxcrypt-4.4.17/lib/alg-gost3411-2012-hmac.h:35:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[GOSTR3411_2012_L];
data/libxcrypt-4.4.17/lib/alg-hmac-sha1.c:69:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tk[HASH_LENGTH];
data/libxcrypt-4.4.17/lib/alg-md4.c:213:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, size);
data/libxcrypt-4.4.17/lib/alg-md4.c:217:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, available);
data/libxcrypt-4.4.17/lib/alg-md4.c:228:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, data, size);
data/libxcrypt-4.4.17/lib/alg-md5.c:234:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, size);
data/libxcrypt-4.4.17/lib/alg-md5.c:238:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, available);
data/libxcrypt-4.4.17/lib/alg-md5.c:249:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, data, size);
data/libxcrypt-4.4.17/lib/alg-sha1.c:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&block, buffer, 64);
data/libxcrypt-4.4.17/lib/alg-sha1.c:241:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&ctx->buffer[j], buffer, (i = 64-j));
data/libxcrypt-4.4.17/lib/alg-sha1.c:248:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&ctx->buffer[j], (const uint8_t *)buffer + i, size - i);
data/libxcrypt-4.4.17/lib/alg-sha256.c:145:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(S, state, 32);
data/libxcrypt-4.4.17/lib/alg-sha256.c:217:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buf[r], PAD, 56 - r);
data/libxcrypt-4.4.17/lib/alg-sha256.c:220:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buf[r], PAD, 64 - r);
data/libxcrypt-4.4.17/lib/alg-sha256.c:252:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->state, initial_state, sizeof(initial_state));
data/libxcrypt-4.4.17/lib/alg-sha256.c:278:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buf[r], src, len);
data/libxcrypt-4.4.17/lib/alg-sha256.c:283:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buf[r], src, 64 - r);
data/libxcrypt-4.4.17/lib/alg-sha256.c:296:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buf, src, len);
data/libxcrypt-4.4.17/lib/alg-sha256.c:605:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&PShctx, &Phctx, sizeof(HMAC_SHA256_CTX));
data/libxcrypt-4.4.17/lib/alg-sha256.c:614:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hctx, &PShctx, sizeof(HMAC_SHA256_CTX));
data/libxcrypt-4.4.17/lib/alg-sha256.c:620:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(U, T, 32);
data/libxcrypt-4.4.17/lib/alg-sha256.c:624:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hctx, &Phctx, sizeof(HMAC_SHA256_CTX));
data/libxcrypt-4.4.17/lib/alg-sha256.c:638:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[i * 32], T, clen);
data/libxcrypt-4.4.17/lib/alg-sha512.c:38:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)dst, (const void *)src, (size_t)len)
data/libxcrypt-4.4.17/lib/alg-sha512.c:42:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)dst, (const void *)src, (size_t)len)
data/libxcrypt-4.4.17/lib/alg-sha512.c:151:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SHA512_Transform(uint64_t * state, const unsigned char block[SHA512_BLOCK_LENGTH])
data/libxcrypt-4.4.17/lib/alg-sha512.c:161:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(S, state, SHA512_DIGEST_LENGTH);
data/libxcrypt-4.4.17/lib/alg-sha512.c:207:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char PAD[SHA512_BLOCK_LENGTH] = {
data/libxcrypt-4.4.17/lib/alg-sha512.c:230:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buf[r], PAD, 112 - r);
data/libxcrypt-4.4.17/lib/alg-sha512.c:233:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buf[r], PAD, 128 - r);
data/libxcrypt-4.4.17/lib/alg-sha512.c:288:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buf[r], src, len);
data/libxcrypt-4.4.17/lib/alg-sha512.c:293:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buf[r], src, SHA512_BLOCK_LENGTH - r);
data/libxcrypt-4.4.17/lib/alg-sha512.c:306:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buf, src, len);
data/libxcrypt-4.4.17/lib/alg-sha512.c:314:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SHA512_Final(unsigned char digest[MIN_SIZE(SHA512_DIGEST_LENGTH)],
data/libxcrypt-4.4.17/lib/alg-sha512.c:334:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[MIN_SIZE(SHA512_DIGEST_LENGTH)])
data/libxcrypt-4.4.17/lib/alg-yescrypt-common.c:268:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char f[32 + 4];
data/libxcrypt-4.4.17/lib/alg-yescrypt-common.c:329:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char saltbin[64], hashbin[32];
data/libxcrypt-4.4.17/lib/alg-yescrypt-common.c:460:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, setting, prefixlen + saltstrlen);
data/libxcrypt-4.4.17/lib/alg-yescrypt-common.c:501:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char saltbin[64], hashbin[32];
data/libxcrypt-4.4.17/lib/alg-yescrypt-opt.c:1354:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, dk, clen);
data/libxcrypt-4.4.17/lib/alg-yescrypt.h:151:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uc[32];
data/libxcrypt-4.4.17/lib/crypt-bcrypt.c:372:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char BF_itoa64[64 + 1] =
data/libxcrypt-4.4.17/lib/crypt-bcrypt.c:375:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char BF_atoi64[0x60] =
data/libxcrypt-4.4.17/lib/crypt-bcrypt.c:671:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char flags_by_subtype[26] =
data/libxcrypt-4.4.17/lib/crypt-bcrypt.c:711:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char re_output[BF_HASH_LENGTH];
data/libxcrypt-4.4.17/lib/crypt-bcrypt.c:712:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char st_output[BF_HASH_LENGTH + 2];
data/libxcrypt-4.4.17/lib/crypt-bcrypt.c:836:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (output, setting, BF_SETTING_LENGTH - 1);
data/libxcrypt-4.4.17/lib/crypt-bcrypt.c:899:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const test_hashes[2] =
data/libxcrypt-4.4.17/lib/crypt-bcrypt.c:905:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test_setting[BF_SETTING_LENGTH];
data/libxcrypt-4.4.17/lib/crypt-bcrypt.c:910:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (test_setting, test_setting_init, BF_SETTING_LENGTH);
data/libxcrypt-4.4.17/lib/crypt-bcrypt.c:941:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (output, buffer->re_output, BF_HASH_LENGTH);
data/libxcrypt-4.4.17/lib/crypt-bcrypt.c:968:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aligned_rbytes, rbytes, 16);
data/libxcrypt-4.4.17/lib/crypt-common.c:23:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char ascii64[65] =
data/libxcrypt-4.4.17/lib/crypt-common.c:40:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst, src, s_size);
data/libxcrypt-4.4.17/lib/crypt-common.h:27:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char ascii64[65];
data/libxcrypt-4.4.17/lib/crypt-des-obsolete.c:81:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unpack_bits (char bytev[64], const unsigned char bitv[8])
data/libxcrypt-4.4.17/lib/crypt-des-obsolete.c:81:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unpack_bits (char bytev[64], const unsigned char bitv[8])
data/libxcrypt-4.4.17/lib/crypt-des-obsolete.c:93:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pack_bits (unsigned char bitv[8], const char bytev[64])
data/libxcrypt-4.4.17/lib/crypt-des-obsolete.c:93:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pack_bits (unsigned char bitv[8], const char bytev[64])
data/libxcrypt-4.4.17/lib/crypt-des-obsolete.c:117:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bkey[8];
data/libxcrypt-4.4.17/lib/crypt-des-obsolete.c:143:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bin[8], bout[8];
data/libxcrypt-4.4.17/lib/crypt-des.c:366:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, setting, 9);
data/libxcrypt-4.4.17/lib/crypt-gensalt-static.c:29:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char output[CRYPT_GENSALT_OUTPUT_SIZE];
data/libxcrypt-4.4.17/lib/crypt-md5.c:187:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, md5_salt_prefix, sizeof (md5_salt_prefix) - 1);
data/libxcrypt-4.4.17/lib/crypt-md5.c:190:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, salt, salt_size);
data/libxcrypt-4.4.17/lib/crypt-nthash.c:46:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[MD4_HASHLEN];
data/libxcrypt-4.4.17/lib/crypt-sha256.c:75:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[32], size_t len)
data/libxcrypt-4.4.17/lib/crypt-sha256.c:256:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, sha256_salt_prefix, sizeof (sha256_salt_prefix) - 1);
data/libxcrypt-4.4.17/lib/crypt-sha256.c:267:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, salt, salt_size);
data/libxcrypt-4.4.17/lib/crypt-sha512.c:75:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sha512_process_recycled_bytes (unsigned char block[64], size_t len,
data/libxcrypt-4.4.17/lib/crypt-sha512.c:260:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, sha512_salt_prefix, sizeof (sha512_salt_prefix) - 1);
data/libxcrypt-4.4.17/lib/crypt-sha512.c:271:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, salt, salt_size);
data/libxcrypt-4.4.17/lib/crypt-static.c:49:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char retval[3];
data/libxcrypt-4.4.17/lib/crypt-sunmd5.c:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rn[16];
data/libxcrypt-4.4.17/lib/crypt-sunmd5.c:259:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (output, setting, saltlen);
data/libxcrypt-4.4.17/lib/crypt.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alignas (alignof (max_align_t)) alg_specific[ALG_SPECIFIC_SIZE];
data/libxcrypt-4.4.17/lib/crypt.c:253:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char internal_rbytes[UCHAR_MAX];
data/libxcrypt-4.4.17/lib/randombytes.c:132:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open ("/dev/urandom", O_RDONLY|O_CLOEXEC);
data/libxcrypt-4.4.17/test/alg-des.c:17:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
v_print (const unsigned char v[8])
data/libxcrypt-4.4.17/test/alg-des.c:25:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const struct des_testcase *tc, const unsigned char got[8])
data/libxcrypt-4.4.17/test/alg-des.c:44:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char got[8];
data/libxcrypt-4.4.17/test/alg-gost3411-2012-hmac.c:34:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
printf("%02x", ((const unsigned char *)ptr)[i]);
data/libxcrypt-4.4.17/test/alg-gost3411-2012.c:34:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
printf("%02x", ((const unsigned char *)ptr)[i]);
data/libxcrypt-4.4.17/test/alg-gost3411-2012.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dgt[32 * 2 + 1];
data/libxcrypt-4.4.17/test/alg-gost3411-2012.c:49:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&dgt[i * 2], "%02x", digest[i]);
data/libxcrypt-4.4.17/test/alg-gost3411-2012.c:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dgt[64 * 2 + 1];
data/libxcrypt-4.4.17/test/alg-gost3411-2012.c:87:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&dgt[i * 2], "%02x", digest[i]);
data/libxcrypt-4.4.17/test/alg-hmac-sha1.c:50:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf (&buf[i*2], "%02x", (unsigned char)data[i]);
data/libxcrypt-4.4.17/test/alg-hmac-sha1.c:148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[HASH_LENGTH];
data/libxcrypt-4.4.17/test/alg-hmac-sha1.c:149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[BUFSIZ];
data/libxcrypt-4.4.17/test/alg-hmac-sha1.c:150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[BUFSIZ];
data/libxcrypt-4.4.17/test/alg-hmac-sha1.c:159:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dbuf, "0x", 2);
data/libxcrypt-4.4.17/test/alg-md4.c:11:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char result[16];
data/libxcrypt-4.4.17/test/alg-md4.c:47:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
report_failure(int n, const char *tag,
data/libxcrypt-4.4.17/test/alg-md4.c:48:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char expected[16], uint8_t actual[16])
data/libxcrypt-4.4.17/test/alg-md5.c:11:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char result[16];
data/libxcrypt-4.4.17/test/alg-md5.c:54:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
report_failure(int n, const char *tag,
data/libxcrypt-4.4.17/test/alg-md5.c:55:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char expected[16], uint8_t actual[16])
data/libxcrypt-4.4.17/test/alg-md5.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/libxcrypt-4.4.17/test/alg-md5.c:115:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char expected[64] =
data/libxcrypt-4.4.17/test/alg-sha1.c:15:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *test_data[3] =
data/libxcrypt-4.4.17/test/alg-sha1.c:22:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *test_results[3] =
data/libxcrypt-4.4.17/test/alg-sha1.c:35:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (output, "%02x", *digest);
data/libxcrypt-4.4.17/test/alg-sha1.c:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[80];
data/libxcrypt-4.4.17/test/alg-sha1.c:83:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/libxcrypt-4.4.17/test/alg-sha256.c:12:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char result[32];
data/libxcrypt-4.4.17/test/alg-sha256.c:63:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
report_failure(int n, const char *tag,
data/libxcrypt-4.4.17/test/alg-sha256.c:64:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char expected[32], uint8_t actual[32])
data/libxcrypt-4.4.17/test/alg-sha256.c:115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/libxcrypt-4.4.17/test/alg-sha256.c:121:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char expected[32] =
data/libxcrypt-4.4.17/test/alg-sha512.c:11:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char result[64];
data/libxcrypt-4.4.17/test/alg-sha512.c:86:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
report_failure(int n, const char *tag,
data/libxcrypt-4.4.17/test/alg-sha512.c:87:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char expected[64], const uint8_t actual[64])
data/libxcrypt-4.4.17/test/alg-sha512.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/libxcrypt-4.4.17/test/alg-sha512.c:148:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char expected[64] =
data/libxcrypt-4.4.17/test/badsalt.c:392:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, t->setting, l_setting + 1);
data/libxcrypt-4.4.17/test/badsalt.c:401:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char goodhash[CRYPT_OUTPUT_SIZE];
data/libxcrypt-4.4.17/test/badsalt.c:414:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (goodhash, result, l_hash + 1);
data/libxcrypt-4.4.17/test/badsalt.c:417:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, goodhash, l_hash + 1);
data/libxcrypt-4.4.17/test/badsalt.c:426:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, goodhash, t->plen);
data/libxcrypt-4.4.17/test/badsalt.c:434:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, goodhash, t->plen);
data/libxcrypt-4.4.17/test/badsalt.c:457:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, goodhash, plen - i);
data/libxcrypt-4.4.17/test/badsetting.c:244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[CRYPT_GENSALT_OUTPUT_SIZE];
data/libxcrypt-4.4.17/test/badsetting.c:277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2];
data/libxcrypt-4.4.17/test/badsetting.c:300:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[3];
data/libxcrypt-4.4.17/test/byteorder.c:26:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[4];
data/libxcrypt-4.4.17/test/byteorder.c:32:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[8];
data/libxcrypt-4.4.17/test/byteorder.c:52:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x[4];
data/libxcrypt-4.4.17/test/byteorder.c:99:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x[4];
data/libxcrypt-4.4.17/test/byteorder.c:150:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x[8];
data/libxcrypt-4.4.17/test/byteorder.c:207:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x[8];
data/libxcrypt-4.4.17/test/checksalt.c:129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gs_out[CRYPT_GENSALT_OUTPUT_SIZE] = "";
data/libxcrypt-4.4.17/test/checksalt.c:187:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bigcrypt_prefix[CRYPT_GENSALT_OUTPUT_SIZE];
data/libxcrypt-4.4.17/test/checksalt.c:189:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (bigcrypt_prefix, testcases[i].prefix, 2);
data/libxcrypt-4.4.17/test/crypt-badargs.c:207:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (page + pagesize - (sizeof phrase - 1), phrase, sizeof phrase - 1);
data/libxcrypt-4.4.17/test/crypt-badargs.c:280:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (page, "p1.'");
data/libxcrypt-4.4.17/test/crypt-badargs.c:282:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (page, "'.crypt");
data/libxcrypt-4.4.17/test/crypt-badargs.c:284:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (page, "_r");
data/libxcrypt-4.4.17/test/crypt-badargs.c:291:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (page, "p2.'");
data/libxcrypt-4.4.17/test/crypt-badargs.c:293:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (page, "'.crypt");
data/libxcrypt-4.4.17/test/crypt-badargs.c:295:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (page, "_r");
data/libxcrypt-4.4.17/test/crypt-badargs.c:312:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
p1 = memcpy (page + pagesize - strlen (settings[i]),
data/libxcrypt-4.4.17/test/crypt-badargs.c:315:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (page, "ph.'");
data/libxcrypt-4.4.17/test/crypt-badargs.c:317:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (page, ".crypt");
data/libxcrypt-4.4.17/test/crypt-badargs.c:319:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (page, "_r");
data/libxcrypt-4.4.17/test/crypt-gost-yescrypt.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[CRYPT_OUTPUT_SIZE];
data/libxcrypt-4.4.17/test/crypt-gost-yescrypt.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pass[CRYPT_MAX_PASSPHRASE_SIZE];
data/libxcrypt-4.4.17/test/crypt-gost-yescrypt.c:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[CRYPT_GENSALT_OUTPUT_SIZE];
data/libxcrypt-4.4.17/test/crypt-gost-yescrypt.c:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[ALG_SPECIFIC_SIZE];
data/libxcrypt-4.4.17/test/des-cases.h:15:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[8];
data/libxcrypt-4.4.17/test/des-cases.h:16:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char plain[8];
data/libxcrypt-4.4.17/test/des-cases.h:17:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char answer[8];
data/libxcrypt-4.4.17/test/des-obsolete.c:23:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
expand (unsigned char ex[64], const unsigned char pk[8])
data/libxcrypt-4.4.17/test/des-obsolete.c:23:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
expand (unsigned char ex[64], const unsigned char pk[8])
data/libxcrypt-4.4.17/test/des-obsolete.c:39:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ex_print (const unsigned char ex[64])
data/libxcrypt-4.4.17/test/des-obsolete.c:54:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pk_print (const unsigned char pk[8])
data/libxcrypt-4.4.17/test/des-obsolete.c:62:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const struct des_testcase *tc, const unsigned char got[64])
data/libxcrypt-4.4.17/test/des-obsolete.c:79:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[64], plain[64], cipher[64], answer[64];
data/libxcrypt-4.4.17/test/des-obsolete.c:92:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cipher, plain, 64);
data/libxcrypt-4.4.17/test/des-obsolete.c:101:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cipher, answer, 64);
data/libxcrypt-4.4.17/test/des-obsolete.c:118:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[64], plain[64], cipher[64], answer[64];
data/libxcrypt-4.4.17/test/des-obsolete.c:143:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cipher, plain, 64);
data/libxcrypt-4.4.17/test/des-obsolete_r.c:23:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
expand (unsigned char ex[64], const unsigned char pk[8])
data/libxcrypt-4.4.17/test/des-obsolete_r.c:23:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
expand (unsigned char ex[64], const unsigned char pk[8])
data/libxcrypt-4.4.17/test/des-obsolete_r.c:39:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ex_print (const unsigned char ex[64])
data/libxcrypt-4.4.17/test/des-obsolete_r.c:54:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pk_print (const unsigned char pk[8])
data/libxcrypt-4.4.17/test/des-obsolete_r.c:62:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const struct des_testcase *tc, const unsigned char got[64])
data/libxcrypt-4.4.17/test/des-obsolete_r.c:79:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[64], plain[64], cipher[64], answer[64];
data/libxcrypt-4.4.17/test/des-obsolete_r.c:93:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cipher, plain, 64);
data/libxcrypt-4.4.17/test/des-obsolete_r.c:102:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cipher, answer, 64);
data/libxcrypt-4.4.17/test/des-obsolete_r.c:119:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[64], plain[64], cipher[64], answer[64];
data/libxcrypt-4.4.17/test/des-obsolete_r.c:145:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cipher, plain, 64);
data/libxcrypt-4.4.17/test/gensalt-extradata.c:89:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
do_crypt_gensalt(const char *prefix,
data/libxcrypt-4.4.17/test/gensalt-extradata.c:90:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char rbytes[MIN_SIZE(N_RBYTES)],
data/libxcrypt-4.4.17/test/gensalt-extradata.c:92:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[MIN_SIZE(CRYPT_GENSALT_OUTPUT_SIZE)])
data/libxcrypt-4.4.17/test/gensalt-extradata.c:128:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
do_check_equal(const char *stst, const char *sref,
data/libxcrypt-4.4.17/test/gensalt-extradata.c:128:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
do_check_equal(const char *stst, const char *sref,
data/libxcrypt-4.4.17/test/gensalt-extradata.c:129:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *prefix, const char rbytes[N_RBYTES],
data/libxcrypt-4.4.17/test/gensalt-extradata.c:129:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *prefix, const char rbytes[N_RBYTES],
data/libxcrypt-4.4.17/test/gensalt-extradata.c:147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sref[6][CRYPT_GENSALT_OUTPUT_SIZE];
data/libxcrypt-4.4.17/test/gensalt-extradata.c:148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stst[CRYPT_GENSALT_OUTPUT_SIZE];
data/libxcrypt-4.4.17/test/gensalt-nthash.c:30:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[CRYPT_GENSALT_OUTPUT_SIZE];
data/libxcrypt-4.4.17/test/gensalt.c:407:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[CRYPT_GENSALT_OUTPUT_SIZE];
data/libxcrypt-4.4.17/test/gensalt.c:408:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev_output[CRYPT_GENSALT_OUTPUT_SIZE];
data/libxcrypt-4.4.17/test/getrandom-fallbacks.c:257:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[257];
data/libxcrypt-4.4.17/test/getrandom-fallbacks.c:258:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[2] = { 0, 0 };
data/libxcrypt-4.4.17/test/getrandom-interface.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev[251];
data/libxcrypt-4.4.17/test/getrandom-interface.c:94:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (prev, page + pagesize - 251, 251);
data/libxcrypt-4.4.17/test/ka-tester.c:180:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pass[CRYPT_MAX_PASSPHRASE_SIZE + 1];
data/libxcrypt-4.4.17/test/preferred-method.c:40:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gs[CRYPT_GENSALT_OUTPUT_SIZE];
data/libxcrypt-4.4.17/test/short-outbuf.c:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[5];
data/libxcrypt-4.4.17/test/short-outbuf.c:57:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (result, "PASS");
data/libxcrypt-4.4.17/test/short-outbuf.c:61:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (result, "FAIL");
data/libxcrypt-4.4.17/test/short-outbuf.c:72:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (result, "PASS");
data/libxcrypt-4.4.17/test/short-outbuf.c:76:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (result, "FAIL");
data/libxcrypt-4.4.17/lib/alg-yescrypt-common.c:426:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
saltstrlen = strlen((char *)saltstr);
data/libxcrypt-4.4.17/lib/alg-yescrypt-common.c:489:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passwd, strlen((char *)passwd), setting, NULL, buf, sizeof(buf));
data/libxcrypt-4.4.17/lib/alg-yescrypt-common.c:523:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *)hashstart) != HASH_LEN)
data/libxcrypt-4.4.17/lib/crypt-common.c:38:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t s_size = strlen ((const char *) src);
data/libxcrypt-4.4.17/lib/crypt-gost-yescrypt.c:77:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (output + 1, output, strlen ((const char *) output) + 1);
data/libxcrypt-4.4.17/lib/crypt-gost-yescrypt.c:146:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!decode64 (intbuf->y, &ylen, (uint8_t *) hptr, strlen (hptr)) ||
data/libxcrypt-4.4.17/lib/crypt-nthash.c:65:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((out_size < strlen (magic) + MD4_HASHLEN * 2 + 1) ||
data/libxcrypt-4.4.17/lib/crypt-nthash.c:72:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (setting, magic, strlen (magic)))
data/libxcrypt-4.4.17/lib/crypt-nthash.c:119:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (o_size < strlen (prefix) + 1)
data/libxcrypt-4.4.17/lib/crypt-pbkdf1-sha1.c:99:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((out_size < (strlen (magic) + 2 + 10 + CRYPT_SHA1_SALT_LENGTH +
data/libxcrypt-4.4.17/lib/crypt-pbkdf1-sha1.c:125:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (setting, magic, strlen (magic)))
data/libxcrypt-4.4.17/lib/crypt-pbkdf1-sha1.c:131:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
setting += strlen (magic);
data/libxcrypt-4.4.17/lib/crypt.c:124:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t phr_size = strlen (phrase);
data/libxcrypt-4.4.17/lib/crypt.c:125:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t set_size = strlen (setting);
data/libxcrypt-4.4.17/lib/randombytes.c:137:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t nread = read (fd, buf, buflen);
data/libxcrypt-4.4.17/test/alg-gost3411-2012.c:45:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gost_hash256((const uint8_t *)t, strlen(t), digest, &ctx);
data/libxcrypt-4.4.17/test/alg-gost3411-2012.c:54:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf(" t[%zu] = ", strlen(t));
data/libxcrypt-4.4.17/test/alg-gost3411-2012.c:55:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dumphex(t, strlen(t));
data/libxcrypt-4.4.17/test/alg-gost3411-2012.c:59:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(match) / 2, match);
data/libxcrypt-4.4.17/test/alg-gost3411-2012.c:72:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(t);
data/libxcrypt-4.4.17/test/alg-gost3411-2012.c:92:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf(" t[%zu] = ", strlen(t));
data/libxcrypt-4.4.17/test/alg-gost3411-2012.c:93:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dumphex(t, strlen(t));
data/libxcrypt-4.4.17/test/alg-gost3411-2012.c:97:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(match) / 2, match);
data/libxcrypt-4.4.17/test/alg-hmac-sha1.c:62:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nbytes = strlen (data);
data/libxcrypt-4.4.17/test/alg-hmac-sha1.c:82:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char_to_bin (b, sizeof(b), v, strlen(v)); \
data/libxcrypt-4.4.17/test/alg-hmac-sha1.c:158:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const uint8_t *)test->key, strlen(test->key), digest);
data/libxcrypt-4.4.17/test/alg-md4.c:81:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD4_Update (&ctx, tests[cnt].input, strlen (tests[cnt].input));
data/libxcrypt-4.4.17/test/alg-md5.c:88:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update (&ctx, tests[cnt].input, strlen (tests[cnt].input));
data/libxcrypt-4.4.17/test/alg-pbkdf-hmac-sha256.c:205:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HMAC_SHA256_Buf (t->key, strlen (t->key),
data/libxcrypt-4.4.17/test/alg-pbkdf-hmac-sha256.c:206:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->message, strlen (t->message),
data/libxcrypt-4.4.17/test/alg-pbkdf-hmac-sha256.c:214:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HMAC_SHA256_Init(&ctx, t->key, strlen (t->key));
data/libxcrypt-4.4.17/test/alg-sha1.c:54:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha1_process_bytes ((const uint8_t*)test_data[k], &ctx, strlen(test_data[k]));
data/libxcrypt-4.4.17/test/alg-sha256.c:96:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA256_Buf (tests[cnt].input, strlen (tests[cnt].input), sum);
data/libxcrypt-4.4.17/test/alg-sha512.c:123:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA512_Buf (tests[cnt].input, strlen (tests[cnt].input), sum);
data/libxcrypt-4.4.17/test/alg-yescrypt.c:82:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_PBKDF2_SHA256_raw(passwd, strlen(passwd), salt, strlen(salt), c,
data/libxcrypt-4.4.17/test/alg-yescrypt.c:82:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_PBKDF2_SHA256_raw(passwd, strlen(passwd), salt, strlen(salt), c,
data/libxcrypt-4.4.17/test/alg-yescrypt.c:101:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crypto_scrypt((const uint8_t *) passwd, strlen(passwd),
data/libxcrypt-4.4.17/test/alg-yescrypt.c:102:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const uint8_t *) salt, strlen(salt), N, r, p, dk, sizeof(dk))) {
data/libxcrypt-4.4.17/test/alg-yescrypt.c:141:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const uint8_t *) passwd, strlen(passwd),
data/libxcrypt-4.4.17/test/alg-yescrypt.c:142:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const uint8_t *) salt, strlen(salt), ¶ms, dk, dklen)) {
data/libxcrypt-4.4.17/test/badsalt.c:250:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l_setting = strlen (setting);
data/libxcrypt-4.4.17/test/badsalt.c:384:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l_setting = strlen (t->setting);
data/libxcrypt-4.4.17/test/badsalt.c:411:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l_hash = strlen (result);
data/libxcrypt-4.4.17/test/checksalt.c:184:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (testcases[i].prefix && strlen (testcases[i].prefix) == 2)
data/libxcrypt-4.4.17/test/checksalt.c:190:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (bigcrypt_prefix + 2, pad, gs_len - 2);
data/libxcrypt-4.4.17/test/checksalt.c:211:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (gs_out + 2, pad, gs_len - 2);
data/libxcrypt-4.4.17/test/crypt-badargs.c:286:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (page, "n");
data/libxcrypt-4.4.17/test/crypt-badargs.c:288:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
page [strlen (page) - 1] = 'a';
data/libxcrypt-4.4.17/test/crypt-badargs.c:297:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (page, "n");
data/libxcrypt-4.4.17/test/crypt-badargs.c:299:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
page [strlen (page) - 1] = 'a';
data/libxcrypt-4.4.17/test/crypt-badargs.c:312:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p1 = memcpy (page + pagesize - strlen (settings[i]),
data/libxcrypt-4.4.17/test/crypt-badargs.c:313:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
settings[i], strlen (settings[i]));
data/libxcrypt-4.4.17/test/crypt-badargs.c:321:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (page, "n");
data/libxcrypt-4.4.17/test/crypt-badargs.c:323:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
page [strlen (page) - 1] = 'a';
data/libxcrypt-4.4.17/test/crypt-gost-yescrypt.c:70:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
salt = crypt_gensalt ("$gy$", 0, pref, (int) strlen(pref) + 1);
data/libxcrypt-4.4.17/test/crypt-gost-yescrypt.c:76:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crypt_gost_yescrypt_rn (pass, strlen (pass), salt, strlen (salt),
data/libxcrypt-4.4.17/test/crypt-gost-yescrypt.c:76:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crypt_gost_yescrypt_rn (pass, strlen (pass), salt, strlen (salt),
data/libxcrypt-4.4.17/test/crypt-gost-yescrypt.c:90:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(h);
data/libxcrypt-4.4.17/test/gensalt.c:435:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen (salt);
data/libxcrypt-4.4.17/test/gensalt.c:447:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp (salt, tcase->prefix, strlen (tcase->prefix)))
data/libxcrypt-4.4.17/test/ka-tester.c:191:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(u.pass + 1, t->input, CRYPT_MAX_PASSPHRASE_SIZE);
data/libxcrypt-4.4.17/test/ka-tester.c:192:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("[%zu]: %s %s\n", strlen(t->input),
data/libxcrypt-4.4.17/test/preferred-method.c:45:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (gs, pm, strlen (pm)))
data/libxcrypt-4.4.17/test/preferred-method.c:74:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (gs, pm, strlen (pm)))
data/libxcrypt-4.4.17/test/preferred-method.c:104:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (cd.output, pm, strlen (pm)))
data/libxcrypt-4.4.17/test/short-outbuf.c:70:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (testcases[i].exp_ra, *outbuf, strlen(*outbuf)))
ANALYSIS SUMMARY:
Hits = 297
Lines analyzed = 24509 in approximately 1.14 seconds (21475 lines/second)
Physical Source Lines of Code (SLOC) = 18899
Hits@level = [0] 268 [1] 66 [2] 207 [3] 1 [4] 23 [5] 0
Hits@level+ = [0+] 565 [1+] 297 [2+] 231 [3+] 24 [4+] 23 [5+] 0
Hits/KSLOC@level+ = [0+] 29.8958 [1+] 15.7151 [2+] 12.2229 [3+] 1.26991 [4+] 1.217 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.