Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/netbuf.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/dhcp6.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/sio.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/api.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/ip6_frag.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/netifapi.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/icmp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/def.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/etharp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/inet_chksum.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/tcpbase.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/ip6_zone.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/tcp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/raw.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/igmp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/ip6_addr.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/err.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/netif.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/udp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/ip_addr.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/memp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/ieee.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/dhcp6.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/iana.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/icmp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/etharp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/tcp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/igmp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/udp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/ethernet.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/ip.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/ip6.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/autoip.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/nd6.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/dhcp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/ip4.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/dns.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/mld6.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/prot/icmp6.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/altcp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/mem.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/ip.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/priv/api_msg.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/priv/memp_std.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/priv/tcp_priv.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/priv/nd6_priv.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/priv/raw_priv.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/priv/mem_priv.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/priv/altcp_priv.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/priv/memp_priv.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/priv/tcpip_priv.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/priv/sockets_priv.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/ip6.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/autoip.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/altcp_tcp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/altcp_tls.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/ethip6.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/nd6.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/dhcp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/netdb.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/stats.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/debug.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/init.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/ip4_addr.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/arch.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/ip4.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/pbuf.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/netbiosns.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/http_client.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/altcp_tls_mbedtls_opts.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/lwiperf.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/mqtt.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/sntp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/altcp_proxyconnect.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/mdns_opts.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/smtp_opts.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/snmp_snmpv2_framework.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/fs.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/tftp_opts.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/httpd.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/mqtt_opts.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/snmp_table.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/snmp_core.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/snmpv3.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/snmp_threadsync.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/snmp_snmpv2_usm.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/httpd_opts.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/mdns.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/netbiosns_opts.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/smtp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/mqtt_priv.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/snmp_scalar.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/snmp_mib2.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/snmp_opts.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/sntp_opts.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/tftp_server.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/mdns_priv.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/apps/snmp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/timeouts.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/snmp.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/dns.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/mld6.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/sys.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/icmp6.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/ip4_frag.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/errno.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/inet.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/sockets.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/tcpip.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/opt.h
Examining data/lwip-2.1.2+dfsg1/src/include/lwip/if_api.h
Examining data/lwip-2.1.2+dfsg1/src/include/compat/posix/sys/socket.h
Examining data/lwip-2.1.2+dfsg1/src/include/compat/posix/net/if.h
Examining data/lwip-2.1.2+dfsg1/src/include/compat/posix/arpa/inet.h
Examining data/lwip-2.1.2+dfsg1/src/include/compat/posix/netdb.h
Examining data/lwip-2.1.2+dfsg1/src/include/compat/stdc/errno.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/lowpan6_ble.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/bridgeif.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/etharp.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/lowpan6.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ieee802154.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/lowpan6_common.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ethernet.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/bridgeif_opts.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/lowpan6_opts.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/zepif.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/ipcp.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/upap.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/chap-md5.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/pppos.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/vj.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/ppp_opts.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/eui64.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/fsm.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/magic.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/ipv6cp.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/ccp.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/lcp.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/pppapi.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/arc4.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/md5.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/sha1.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/des.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/md4.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/chap-new.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/eap.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/ppp.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/pppcrypt.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/mppe.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/ppp_impl.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/ecp.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/pppdebug.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/pppoe.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/pppol2tp.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/ppp/chap_ms.h
Examining data/lwip-2.1.2+dfsg1/src/include/netif/slipif.h
Examining data/lwip-2.1.2+dfsg1/src/core/tcp_in.c
Examining data/lwip-2.1.2+dfsg1/src/core/inet_chksum.c
Examining data/lwip-2.1.2+dfsg1/src/core/stats.c
Examining data/lwip-2.1.2+dfsg1/src/core/tcp.c
Examining data/lwip-2.1.2+dfsg1/src/core/memp.c
Examining data/lwip-2.1.2+dfsg1/src/core/pbuf.c
Examining data/lwip-2.1.2+dfsg1/src/core/ipv6/ip6_addr.c
Examining data/lwip-2.1.2+dfsg1/src/core/ipv6/mld6.c
Examining data/lwip-2.1.2+dfsg1/src/core/ipv6/dhcp6.c
Examining data/lwip-2.1.2+dfsg1/src/core/ipv6/inet6.c
Examining data/lwip-2.1.2+dfsg1/src/core/ipv6/icmp6.c
Examining data/lwip-2.1.2+dfsg1/src/core/ipv6/ethip6.c
Examining data/lwip-2.1.2+dfsg1/src/core/ipv6/ip6_frag.c
Examining data/lwip-2.1.2+dfsg1/src/core/ipv6/nd6.c
Examining data/lwip-2.1.2+dfsg1/src/core/ipv6/ip6.c
Examining data/lwip-2.1.2+dfsg1/src/core/ip.c
Examining data/lwip-2.1.2+dfsg1/src/core/tcp_out.c
Examining data/lwip-2.1.2+dfsg1/src/core/sys.c
Examining data/lwip-2.1.2+dfsg1/src/core/altcp_alloc.c
Examining data/lwip-2.1.2+dfsg1/src/core/raw.c
Examining data/lwip-2.1.2+dfsg1/src/core/altcp_tcp.c
Examining data/lwip-2.1.2+dfsg1/src/core/dns.c
Examining data/lwip-2.1.2+dfsg1/src/core/udp.c
Examining data/lwip-2.1.2+dfsg1/src/core/timeouts.c
Examining data/lwip-2.1.2+dfsg1/src/core/ipv4/icmp.c
Examining data/lwip-2.1.2+dfsg1/src/core/ipv4/ip4_addr.c
Examining data/lwip-2.1.2+dfsg1/src/core/ipv4/igmp.c
Examining data/lwip-2.1.2+dfsg1/src/core/ipv4/autoip.c
Examining data/lwip-2.1.2+dfsg1/src/core/ipv4/etharp.c
Examining data/lwip-2.1.2+dfsg1/src/core/ipv4/ip4_frag.c
Examining data/lwip-2.1.2+dfsg1/src/core/ipv4/dhcp.c
Examining data/lwip-2.1.2+dfsg1/src/core/ipv4/ip4.c
Examining data/lwip-2.1.2+dfsg1/src/core/netif.c
Examining data/lwip-2.1.2+dfsg1/src/core/mem.c
Examining data/lwip-2.1.2+dfsg1/src/core/def.c
Examining data/lwip-2.1.2+dfsg1/src/core/altcp.c
Examining data/lwip-2.1.2+dfsg1/src/core/init.c
Examining data/lwip-2.1.2+dfsg1/src/api/api_lib.c
Examining data/lwip-2.1.2+dfsg1/src/api/netbuf.c
Examining data/lwip-2.1.2+dfsg1/src/api/api_msg.c
Examining data/lwip-2.1.2+dfsg1/src/api/netifapi.c
Examining data/lwip-2.1.2+dfsg1/src/api/netdb.c
Examining data/lwip-2.1.2+dfsg1/src/api/err.c
Examining data/lwip-2.1.2+dfsg1/src/api/if_api.c
Examining data/lwip-2.1.2+dfsg1/src/api/tcpip.c
Examining data/lwip-2.1.2+dfsg1/src/api/sockets.c
Examining data/lwip-2.1.2+dfsg1/src/netif/slipif.c
Examining data/lwip-2.1.2+dfsg1/src/netif/zepif.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ethernet.c
Examining data/lwip-2.1.2+dfsg1/src/netif/lowpan6_common.c
Examining data/lwip-2.1.2+dfsg1/src/netif/bridgeif_fdb.c
Examining data/lwip-2.1.2+dfsg1/src/netif/bridgeif.c
Examining data/lwip-2.1.2+dfsg1/src/netif/lowpan6.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/pppoe.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/eui64.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/vj.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/upap.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/pppcrypt.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/ipv6cp.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/chap-md5.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/sha1.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/des.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/md5.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/md4.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/arc4.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/ppp.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/magic.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/pppol2tp.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/lcp.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/ecp.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/mppe.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/chap-new.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/pppapi.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/fsm.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/ccp.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/pppos.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/ipcp.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/demand.c
Examining data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c
Examining data/lwip-2.1.2+dfsg1/src/netif/lowpan6_ble.c
Examining data/lwip-2.1.2+dfsg1/src/apps/netbiosns/netbiosns.c
Examining data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c
Examining data/lwip-2.1.2+dfsg1/src/apps/altcp_tls/altcp_tls_mbedtls_mem.c
Examining data/lwip-2.1.2+dfsg1/src/apps/altcp_tls/altcp_tls_mbedtls.c
Examining data/lwip-2.1.2+dfsg1/src/apps/altcp_tls/altcp_tls_mbedtls_mem.h
Examining data/lwip-2.1.2+dfsg1/src/apps/altcp_tls/altcp_tls_mbedtls_structs.h
Examining data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c
Examining data/lwip-2.1.2+dfsg1/src/apps/tftp/tftp_server.c
Examining data/lwip-2.1.2+dfsg1/src/apps/mqtt/mqtt.c
Examining data/lwip-2.1.2+dfsg1/src/apps/sntp/sntp.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_pbuf_stream.h
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_table.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_pbuf_stream.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_mib2_tcp.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_snmpv2_usm.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmpv3_priv.h
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_raw.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_mib2_system.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmpv3_mbedtls.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_mib2_interfaces.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_scalar.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_mib2_ip.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_mib2.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_traps.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_asn1.h
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_netconn.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_mib2_snmp.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_asn1.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_msg.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_snmpv2_framework.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmpv3.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_msg.h
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_threadsync.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_core.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_core_priv.h
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_mib2_icmp.c
Examining data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_mib2_udp.c
Examining data/lwip-2.1.2+dfsg1/src/apps/http/fsdata.h
Examining data/lwip-2.1.2+dfsg1/src/apps/http/httpd_structs.h
Examining data/lwip-2.1.2+dfsg1/src/apps/http/http_client.c
Examining data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c
Examining data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c
Examining data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/tinydir.h
Examining data/lwip-2.1.2+dfsg1/src/apps/http/fsdata.c
Examining data/lwip-2.1.2+dfsg1/src/apps/http/fs.c
Examining data/lwip-2.1.2+dfsg1/src/apps/http/altcp_proxyconnect.c
Examining data/lwip-2.1.2+dfsg1/src/apps/lwiperf/lwiperf.c
Examining data/lwip-2.1.2+dfsg1/doc/doxygen/main_page.h
Examining data/lwip-2.1.2+dfsg1/doc/NO_SYS_SampleCode.c
Examining data/lwip-2.1.2+dfsg1/doc/ZeroCopyRx.c
Examining data/lwip-2.1.2+dfsg1/test/unit/ip6/test_ip6.c
Examining data/lwip-2.1.2+dfsg1/test/unit/ip6/test_ip6.h
Examining data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.h
Examining data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.c
Examining data/lwip-2.1.2+dfsg1/test/unit/mdns/test_mdns.c
Examining data/lwip-2.1.2+dfsg1/test/unit/mdns/test_mdns.h
Examining data/lwip-2.1.2+dfsg1/test/unit/etharp/test_etharp.c
Examining data/lwip-2.1.2+dfsg1/test/unit/etharp/test_etharp.h
Examining data/lwip-2.1.2+dfsg1/test/unit/mqtt/test_mqtt.h
Examining data/lwip-2.1.2+dfsg1/test/unit/mqtt/test_mqtt.c
Examining data/lwip-2.1.2+dfsg1/test/unit/lwip_check.h
Examining data/lwip-2.1.2+dfsg1/test/unit/core/test_def.c
Examining data/lwip-2.1.2+dfsg1/test/unit/core/test_netif.h
Examining data/lwip-2.1.2+dfsg1/test/unit/core/test_mem.c
Examining data/lwip-2.1.2+dfsg1/test/unit/core/test_pbuf.h
Examining data/lwip-2.1.2+dfsg1/test/unit/core/test_def.h
Examining data/lwip-2.1.2+dfsg1/test/unit/core/test_pbuf.c
Examining data/lwip-2.1.2+dfsg1/test/unit/core/test_mem.h
Examining data/lwip-2.1.2+dfsg1/test/unit/core/test_netif.c
Examining data/lwip-2.1.2+dfsg1/test/unit/core/test_timers.c
Examining data/lwip-2.1.2+dfsg1/test/unit/core/test_timers.h
Examining data/lwip-2.1.2+dfsg1/test/unit/api/test_sockets.c
Examining data/lwip-2.1.2+dfsg1/test/unit/api/test_sockets.h
Examining data/lwip-2.1.2+dfsg1/test/unit/lwip_unittests.c
Examining data/lwip-2.1.2+dfsg1/test/unit/arch/sys_arch.c
Examining data/lwip-2.1.2+dfsg1/test/unit/arch/sys_arch.h
Examining data/lwip-2.1.2+dfsg1/test/unit/ip4/test_ip4.h
Examining data/lwip-2.1.2+dfsg1/test/unit/ip4/test_ip4.c
Examining data/lwip-2.1.2+dfsg1/test/unit/tcp/test_tcp_oos.h
Examining data/lwip-2.1.2+dfsg1/test/unit/tcp/test_tcp.c
Examining data/lwip-2.1.2+dfsg1/test/unit/tcp/tcp_helper.h
Examining data/lwip-2.1.2+dfsg1/test/unit/tcp/tcp_helper.c
Examining data/lwip-2.1.2+dfsg1/test/unit/tcp/test_tcp.h
Examining data/lwip-2.1.2+dfsg1/test/unit/tcp/test_tcp_oos.c
Examining data/lwip-2.1.2+dfsg1/test/unit/udp/test_udp.c
Examining data/lwip-2.1.2+dfsg1/test/unit/udp/test_udp.h
Examining data/lwip-2.1.2+dfsg1/test/unit/lwipopts.h
Examining data/lwip-2.1.2+dfsg1/test/fuzz/fuzz.c
Examining data/lwip-2.1.2+dfsg1/test/fuzz/lwipopts.h
Examining data/lwip-2.1.2+dfsg1/test/fuzz/config.h
Examining data/lwip-2.1.2+dfsg1/test/sockets/sockets_stresstest.c
Examining data/lwip-2.1.2+dfsg1/test/sockets/sockets_stresstest.h
Examining data/lwip-2.1.2+dfsg1/port/include/posix/inet.h
Examining data/lwip-2.1.2+dfsg1/port/include/posix/sockets.h
Examining data/lwip-2.1.2+dfsg1/port/include/netif/fifo.h
Examining data/lwip-2.1.2+dfsg1/port/include/netif/list.h
Examining data/lwip-2.1.2+dfsg1/port/include/netif/sio.h
Examining data/lwip-2.1.2+dfsg1/port/include/netif/tapif.h
Examining data/lwip-2.1.2+dfsg1/port/include/arch/cc.h
Examining data/lwip-2.1.2+dfsg1/port/include/arch/sys_arch.h
Examining data/lwip-2.1.2+dfsg1/port/include/lwipopts.h
Examining data/lwip-2.1.2+dfsg1/port/netif/fifo.c
Examining data/lwip-2.1.2+dfsg1/port/netif/list.c
Examining data/lwip-2.1.2+dfsg1/port/netif/sio.c
Examining data/lwip-2.1.2+dfsg1/port/netif/tapif.c
Examining data/lwip-2.1.2+dfsg1/port/sys_arch.c
FINAL RESULTS:
data/lwip-2.1.2+dfsg1/port/netif/sio.c:366:3: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl("/usr/sbin/pppd", "pppd",
data/lwip-2.1.2+dfsg1/port/netif/sio.c:418:3: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl("/sbin/slattach", "slattach",
data/lwip-2.1.2+dfsg1/port/netif/sio.c:436:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(buf);
data/lwip-2.1.2+dfsg1/port/netif/tapif.c:174:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, 1024, IFCONFIG_BIN IFCONFIG_ARGS,
data/lwip-2.1.2+dfsg1/port/netif/tapif.c:189:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(buf);
data/lwip-2.1.2+dfsg1/src/apps/http/altcp_proxyconnect.c:105:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return snprintf(buffer, bufsize, PROXY_CONNECT_FORMAT(host, port));
data/lwip-2.1.2+dfsg1/src/apps/http/http_client.c:493:14: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return snprintf(buffer, buffer_size, HTTPC_REQ_11_PROXY_PORT_FORMAT(server_name, server_port, uri, server_name));
data/lwip-2.1.2+dfsg1/src/apps/http/http_client.c:495:14: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return snprintf(buffer, buffer_size, HTTPC_REQ_11_PROXY_FORMAT(server_name, uri, server_name));
data/lwip-2.1.2+dfsg1/src/apps/http/http_client.c:499:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return snprintf(buffer, buffer_size, HTTPC_REQ_11_HOST_FORMAT(uri, server_name));
data/lwip-2.1.2+dfsg1/src/apps/http/http_client.c:501:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return snprintf(buffer, buffer_size, HTTPC_REQ_11_FORMAT(uri));
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:158:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" Usage: htmlgen [targetdir] [-s] [-e] [-11] [-nossi] [-ssi:<filename>] [-c] [-f:<filename>] [-m] [-svr:<name>] [-x:<ext_list>] [-xc:<ext_list>" USAGE_ARG_DEFLATE NEWLINE NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:159:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" targetdir: relative or absolute path to files to convert" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:160:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" switch -s: toggle processing of subdirectories (default is on)" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:161:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" switch -e: exclude HTTP header from file (header is created at runtime, default is off)" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:162:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" switch -11: include HTTP 1.1 header (1.0 is default)" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:163:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" switch -nossi: no support for SSI (cannot calculate Content-Length for SSI)" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:164:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" switch -ssi: ssi filename (ssi support controlled by file list, not by extension)" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:165:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" switch -c: precalculate checksums for all pages (default is off)" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:166:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" switch -f: target filename (default is \"fsdata.c\")" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:167:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" switch -m: include \"Last-Modified\" header based on file time" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:168:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" switch -svr: server identifier sent in HTTP response header ('Server' field)" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:169:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" switch -x: comma separated list of extensions of files to exclude (e.g., -x:json,txt)" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:170:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" switch -xc: comma separated list of extensions of files to not compress (e.g., -xc:mp3,jpg)" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:172:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" switch -defl: deflate-compress all non-SSI files (with opt. compr.-level, default=10)" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:173:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" ATTENTION: browser has to support \"Content-Encoding: deflate\"!" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:175:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" if targetdir not specified, htmlgen will attempt to" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:176:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" process files in subdirectory 'fs'" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:193:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(NEWLINE " makefsdata - HTML to C source converter" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:194:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" by Jim Pettinato - circa 2003 " NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:195:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" extended by Simon Goldschmidt - 2009 " NEWLINE NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:241:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("ERROR: deflate level must be [0..10]" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:247:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("Deflating all non-SSI files with level %d (but only if size is reduced)" NEWLINE, deflate_level);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:253:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("Excluding files with extensions %s" NEWLINE, exclude_list);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:256:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("Skipping compresion for files with extensions %s" NEWLINE, ncompress_list);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:271:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("Invalid path: \"%s\"." NEWLINE, path);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:279:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" Failed to open directory \"%s\"." NEWLINE NEWLINE, path);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:285:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("HTTP %sheader will %s statically included." NEWLINE,
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:292:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" and subdirectories..." NEWLINE NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:294:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("..." NEWLINE NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:311:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, "#include \"lwip/apps/fs.h\"" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:312:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, "#include \"lwip/def.h\"" NEWLINE NEWLINE NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:314:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, "#define file_NULL (struct fsdata_file *) NULL" NEWLINE NEWLINE NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:316:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, "#ifndef FS_FILE_FLAGS_HEADER_INCLUDED" NEWLINE "#define FS_FILE_FLAGS_HEADER_INCLUDED 1" NEWLINE "#endif" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:318:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, "#ifndef FS_FILE_FLAGS_HEADER_PERSISTENT" NEWLINE "#define FS_FILE_FLAGS_HEADER_PERSISTENT 0" NEWLINE "#endif" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:322:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, "/* FSDATA_FILE_ALIGNMENT: 0=off, 1=by variable, 2=by include */" NEWLINE "#ifndef FSDATA_FILE_ALIGNMENT" NEWLINE "#define FSDATA_FILE_ALIGNMENT 0" NEWLINE "#endif" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:324:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, "#ifndef FSDATA_ALIGN_PRE" NEWLINE "#define FSDATA_ALIGN_PRE" NEWLINE "#endif" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:325:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, "#ifndef FSDATA_ALIGN_POST" NEWLINE "#define FSDATA_ALIGN_POST" NEWLINE "#endif" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:327:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, "#if FSDATA_FILE_ALIGNMENT==2" NEWLINE "#include \"fsdata_alignment.h\"" NEWLINE "#endif" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:336:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, NEWLINE NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:337:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(struct_file, "#define FS_ROOT file_%s" NEWLINE, lastFileVar);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:338:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(struct_file, "#define FS_NUMFILES %d" NEWLINE NEWLINE, filesProcessed);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:345:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(NEWLINE "Creating target file..." NEWLINE NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:356:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(NEWLINE "Processed %d files - done." NEWLINE, filesProcessed);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:359:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("(Deflated total byte reduction: %d bytes -> %d bytes (%.02f%%)" NEWLINE,
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:363:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:476:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("processing subdirectory %s/..." NEWLINE, curSubdir);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:512:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("skipping %s/%s by exclude list (-x option)..." NEWLINE, curSubdir, curName);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:516:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("processing %s/%s..." NEWLINE, curSubdir, curName);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:519:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(NEWLINE "Error... aborting" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:610:11: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" - deflate: %d bytes -> %d bytes (%.02f%%)" NEWLINE, (int)fsize, (int)out_bytes, (float)((out_bytes * 100.0) / fsize));
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:614:11: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" - uncompressed: (would be %d bytes larger using deflate)" NEWLINE, (int)(out_bytes - fsize));
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:617:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" - uncompressed: (file is larger than deflate bufer)" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:620:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" - cannot be compressed" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:666:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(struct_file, "#if HTTPD_PRECALCULATED_CHECKSUM" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:667:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(struct_file, "const struct fsdata_chksum chksums_%s[] = {" NEWLINE, varname);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:671:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(struct_file, "{%d, 0x%04x, %d}," NEWLINE, 0, hdr_chksum, hdr_len);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:684:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(struct_file, "{%d, 0x%04x, %"SZT_F"}," NEWLINE, offset, chksum, len);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:687:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(struct_file, "};" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:688:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(struct_file, "#endif /* HTTPD_PRECALCULATED_CHECKSUM */" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:715:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_name, qualifiedName);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:737:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qualifiedName, new_name);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:923:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(qualifiedName, "%s/%s", curSubdir, filename);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:925:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(varname, qualifiedName);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:931:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, "#if FSDATA_FILE_ALIGNMENT==1" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:932:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, "static const " PAYLOAD_ALIGN_TYPE " dummy_align_%s = %d;" NEWLINE, varname, payload_alingment_dummy_counter++);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:933:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, "#endif" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:935:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, "static const unsigned char FSDATA_ALIGN_PRE data_%s[] FSDATA_ALIGN_POST = {" NEWLINE, varname);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:937:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, "/* %s (%"SZT_F" chars) */" NEWLINE, qualifiedName, strlen(qualifiedName) + 1);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:946:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:970:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(struct_file, "const struct fsdata_file file_%s[] = { {" NEWLINE, varname);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:971:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(struct_file, "file_%s," NEWLINE, lastFileVar);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:972:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(struct_file, "data_%s," NEWLINE, varname);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:973:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(struct_file, "data_%s + %d," NEWLINE, varname, i);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:974:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(struct_file, "sizeof(data_%s) - %d," NEWLINE, varname, i);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1007:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(struct_file, "#if HTTPD_PRECALCULATED_CHECKSUM" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1008:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(struct_file, "%d, chksums_%s," NEWLINE, chksum_count, varname);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1009:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(struct_file, "#endif /* HTTPD_PRECALCULATED_CHECKSUM */" NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1011:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(struct_file, "}};" NEWLINE NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1012:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lastFileVar, varname);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1016:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, NEWLINE "/* raw file data (%d bytes) */" NEWLINE, file_size);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1018:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, "};" NEWLINE NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1044:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, NEWLINE "/* HTTP header */");
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1063:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, NEWLINE "/* \"%s\" (%"SZT_F" bytes) */" NEWLINE, cur_string, cur_len);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1073:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, NEWLINE "/* \"%s\" (%"SZT_F" bytes) */" NEWLINE, cur_string, cur_len);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1114:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, NEWLINE "/* \"%s%d\r\n\" (%"SZT_F"+ bytes) */" NEWLINE, cur_string, content_len, cur_len + 2);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1150:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, NEWLINE "/* \"%s\"\r\n\" (%"SZT_F"+ bytes) */" NEWLINE, cur_string, cur_len + 2);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1178:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, NEWLINE "/* \"%s\" (%"SZT_F" bytes) */" NEWLINE, cur_string, cur_len);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1193:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, NEWLINE "/* \"%s\" (%d bytes) */" NEWLINE, cur_string, cur_len);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1204:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(data_file, NEWLINE "/* \"%s\" (%"SZT_F" bytes) */" NEWLINE, cur_string, cur_len);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1231:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(file, NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1246:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(&buf[idx], NEWLINE);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/tinydir.h:71:25: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
#define _tinydir_strcpy _tcscpy
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/tinydir.h:72:25: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
#define _tinydir_strcat _tcscat
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/tinydir.h:80:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define _tinydir_strcpy strcpy
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/tinydir.h:81:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define _tinydir_strcat strcat
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:433:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(smtp_username, username);
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:437:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(smtp_pass, pass);
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_core.c:796:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (((node_instance->access & SNMP_NODE_INSTANCE_ACCESS_READ) != 0) && (node_instance->get_value == NULL)) {
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_core.c:799:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (((node_instance->access & SNMP_NODE_INSTANCE_ACCESS_WRITE) != 0) && (node_instance->set_value == NULL)) {
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_core.c:870:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (((node_instance->access & SNMP_NODE_INSTANCE_ACCESS_READ) != 0) && (node_instance->get_value == NULL)) {
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_core.c:873:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (((node_instance->access & SNMP_NODE_INSTANCE_ACCESS_WRITE) != 0) && (node_instance->set_value == NULL)) {
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_msg.c:388:24: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (((node_instance->access & SNMP_NODE_INSTANCE_ACCESS_READ) != SNMP_NODE_INSTANCE_ACCESS_READ) || (node_instance->get_value == NULL)) {
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_msg.c:673:36: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
} else if (((node_instance.access & SNMP_NODE_INSTANCE_ACCESS_WRITE) != SNMP_NODE_INSTANCE_ACCESS_WRITE) || (node_instance.set_value == NULL)) {
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_scalar.c:62:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
instance->access = scalar_node->access;
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_scalar.c:106:55: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
instance->access = array_node_def->access;
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_scalar.c:183:43: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
instance->access = result->access;
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_table.c:72:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
instance->access = col_def->access;
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_table.c:138:50: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
instance->access = next_col_def->access;
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_threadsync.c:196:60: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
instance->access = call_data->proxy_instance.access;
data/lwip-2.1.2+dfsg1/src/include/lwip/apps/snmp_core.h:207:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
snmp_access_t access;
data/lwip-2.1.2+dfsg1/src/include/lwip/apps/snmp_scalar.h:56:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
snmp_access_t access;
data/lwip-2.1.2+dfsg1/src/include/lwip/apps/snmp_scalar.h:66:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
#define SNMP_SCALAR_CREATE_NODE(oid, access, asn1_type, get_value_method, set_test_method, set_value_method) \
data/lwip-2.1.2+dfsg1/src/include/lwip/apps/snmp_scalar.h:70:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
(asn1_type), (access), (get_value_method), (set_test_method), (set_value_method) }
data/lwip-2.1.2+dfsg1/src/include/lwip/apps/snmp_scalar.h:79:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
snmp_access_t access;
data/lwip-2.1.2+dfsg1/src/include/lwip/apps/snmp_table.h:55:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
snmp_access_t access;
data/lwip-2.1.2+dfsg1/src/include/lwip/arch.h:81:35: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define LWIP_PLATFORM_DIAG(x) do {printf x;} while(0)
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:235:14: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
extern char *crypt (const char *, const char *);
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:1639:17: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
&& strcmp(crypt(ppp_settings.passwd, secret), secret) != 0)
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:2437:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ap->word, word);
data/lwip-2.1.2+dfsg1/src/netif/ppp/demand.c:400:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ipstr,inet_ntoa(*( (struct in_addr *) (pkt->data+16))));
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:1365:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rhostname, SRP_PSEUDO_ID);
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipv6cp.c:1375:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(strlocal, llv6_ntoa(ipv6cp_gotoptions[0].ourid));
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipv6cp.c:1376:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(strremote, llv6_ntoa(ipv6cp_hisoptions[0].hisid));
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:92:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, src);
data/lwip-2.1.2+dfsg1/port/netif/tapif.c:121:31: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *preconfigured_tapif = getenv("PRECONFIGURED_TAPIF");
data/lwip-2.1.2+dfsg1/src/netif/ppp/magic.c:226:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)magic_randomseed);
data/lwip-2.1.2+dfsg1/port/netif/sio.c:126:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( device, O_RDWR | O_NOCTTY | O_NONBLOCK );
data/lwip-2.1.2+dfsg1/port/netif/sio.c:324:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[20];
data/lwip-2.1.2+dfsg1/port/netif/sio.c:359:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/lwip-2.1.2+dfsg1/port/netif/sio.c:426:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/lwip-2.1.2+dfsg1/port/netif/tapif.c:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/lwip-2.1.2+dfsg1/port/netif/tapif.c:139:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tapif->fd = open(DEVTAP, O_RDWR);
data/lwip-2.1.2+dfsg1/port/netif/tapif.c:222:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1518]; /* max packet size including VLAN excluding CRC */
data/lwip-2.1.2+dfsg1/port/netif/tapif.c:267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1518]; /* max packet size including VLAN excluding CRC */
data/lwip-2.1.2+dfsg1/src/api/netdb.c:97:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
HOSTENT_STORAGE char s_hostname[DNS_MAX_NAME_LENGTH + 1];
data/lwip-2.1.2+dfsg1/src/api/netdb.c:308:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port_nr = atoi(servname);
data/lwip-2.1.2+dfsg1/src/api/sockets.c:4072:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &addr.addr, sizeof(addr.addr));
data/lwip-2.1.2+dfsg1/src/apps/http/http_client.c:216:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status_num[10];
data/lwip-2.1.2+dfsg1/src/apps/http/http_client.c:234:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int status = atoi(status_num);
data/lwip-2.1.2+dfsg1/src/apps/http/http_client.c:262:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content_len_num[16];
data/lwip-2.1.2+dfsg1/src/apps/http/http_client.c:266:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int len = atoi(content_len_num);
data/lwip-2.1.2+dfsg1/src/apps/http/http_client.c:557:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->server_name, server_name, server_name_len + 1);
data/lwip-2.1.2+dfsg1/src/apps/http/http_client.c:560:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->uri, uri, uri_len + 1);
data/lwip-2.1.2+dfsg1/src/apps/http/http_client.c:739:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(filestate + 1), local_file_name, file_len + 1);
data/lwip-2.1.2+dfsg1/src/apps/http/http_client.c:744:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&filestate->settings, settings, sizeof(httpc_connection_t));
data/lwip-2.1.2+dfsg1/src/apps/http/http_client.c:747:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(local_file_name, "wb");
data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c:166:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char httpd_req_buf[LWIP_HTTPD_MAX_REQ_LENGTH + 1];
data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c:180:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char http_uri_buf[LWIP_HTTPD_URI_BUF_LEN + 1];
data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c:229:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_name[LWIP_HTTPD_MAX_TAG_NAME_LEN + 1]; /* Last tag name extracted */
data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c:230:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_insert[LWIP_HTTPD_MAX_TAG_INSERT_LEN + 1]; /* Insert string for tag_name */
data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c:267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *params[LWIP_HTTPD_MAX_CGI_PARAMETERS]; /* Params extracted from the request URI */
data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c:268:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *param_vals[LWIP_HTTPD_MAX_CGI_PARAMETERS]; /* Values for each extracted param */
data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c:271:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *hdrs[NUM_FILE_HDR_STRINGS]; /* HTTP headers to be sent. */
data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c:272:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hdr_content_len[LWIP_HTTPD_MAX_CONTENT_LEN_SIZE];
data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c:344:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *http_cgi_params[LWIP_HTTPD_MAX_CGI_PARAMETERS]; /* Params extracted from the request URI */
data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c:345:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *http_cgi_param_vals[LWIP_HTTPD_MAX_CGI_PARAMETERS]; /* Values for each extracted param */
data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c:1803:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
content_len = atoi(content_len_num);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:96:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serverIDBuffer[1024];
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:129:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char file_buffer_c[COPY_BUFSIZE * 5 + ((COPY_BUFSIZE / HEX_BYTES_PER_LINE) * 3)];
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:131:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curSubdir[MAX_PATH_LEN];
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:132:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastFileVar[MAX_PATH_LEN];
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:133:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hdr_buf[4096];
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_PATH_LEN];
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char appPath[MAX_PATH_LEN];
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:187:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char targetfile[MAX_PATH_LEN];
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:188:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(targetfile, "fsdata.c");
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:199:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(path, "fs");
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:237:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int defl_level = atoi(&colon[1]);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:297:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
data_file = fopen("fsdata.tmp", "wb");
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:302:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
struct_file = fopen("fshdr.tmp", "wb");
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:330:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lastFileVar, "NULL");
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:409:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(filename_in, "rb");
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:425:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(targetfile, "wb");
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:459:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char currName[256];
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:499:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curName[256];
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:540:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile = fopen(filename, "rb");
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:590:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret_buf, s_outbuf, out_bytes);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:637:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&file_buffer_c[off], "0x%02x,", file_data[i]);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:641:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&file_buffer_c[off], NEWLINE, NEWLINE_LEN);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:728:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&new_name[len], "%d", cnt);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:756:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename_listfile, "r");
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:907:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[MAX_PATH_LEN];
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:909:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qualifiedName[MAX_PATH_LEN];
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1067:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hdr_buf[hdr_len], cur_string, cur_len);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1077:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hdr_buf[hdr_len], cur_string, cur_len);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char intbuf[MAX_PATH_LEN];
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1117:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hdr_buf[hdr_len], cur_string, cur_len);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1122:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(intbuf, "\r\n");
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1127:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hdr_buf[hdr_len], intbuf, cur_len);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modbuf[256];
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1138:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modbuf, "Last-Modified: ");
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1153:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hdr_buf[hdr_len], cur_string, cur_len);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1158:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(modbuf, "\r\n");
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1163:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hdr_buf[hdr_len], modbuf, cur_len);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1182:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hdr_buf[hdr_len], cur_string, cur_len);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1212:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hdr_buf[hdr_len], cur_string, cur_len);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1243:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&buf[idx], "0x%02x,", cur);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/tinydir.h:592:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file, &dir->_files[i], sizeof(tinydir_file));
data/lwip-2.1.2+dfsg1/src/apps/lwiperf/lwiperf.c:418:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&client_conn->settings, settings, sizeof(*settings));
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MDNS_LABEL_MAXLEN + 1];
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service[MDNS_LABEL_MAXLEN + 1];
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:183:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MDNS_LABEL_MAXLEN + 1];
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:522:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/lwip-2.1.2+dfsg1/src/apps/mqtt/mqtt.c:128:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const mqtt_message_type_str[15] = {
data/lwip-2.1.2+dfsg1/src/apps/netbiosns/netbiosns.c:235:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char netbiosns_local_name[NETBIOS_NAME_LEN];
data/lwip-2.1.2+dfsg1/src/apps/netbiosns/netbiosns.c:353:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char netbios_name[NETBIOS_NAME_LEN + 1];
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:239:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tx_buf[SMTP_TX_BUF_LEN + 1];
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:269:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auth_plain[SMTP_MAX_USERNAME_LEN + SMTP_MAX_PASS_LEN + 3];
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:279:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char smtp_server[SMTP_MAX_SERVERNAME_LEN + 1];
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:291:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char smtp_auth_plain[SMTP_MAX_USERNAME_LEN + SMTP_MAX_PASS_LEN + 3];
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:957:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digits[4];
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_snmpv2_usm.c:82:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[32];
data/lwip-2.1.2+dfsg1/src/apps/tftp/tftp_server.c:228:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[TFTP_MAX_FILENAME_LEN + 1];
data/lwip-2.1.2+dfsg1/src/apps/tftp/tftp_server.c:229:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[TFTP_MAX_MODE_LEN + 1];
data/lwip-2.1.2+dfsg1/src/apps/tftp/tftp_server.c:256:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tftp_state.handle = tftp_state.ctx->open(filename, mode, opcode == PP_HTONS(TFTP_WRQ));
data/lwip-2.1.2+dfsg1/src/core/dns.c:232:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DNS_MAX_NAME_LENGTH];
data/lwip-2.1.2+dfsg1/src/core/ipv4/ip4_addr.c:269:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[IP4ADDR_STRLEN_MAX];
data/lwip-2.1.2+dfsg1/src/core/ipv4/ip4_addr.c:286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inv[3];
data/lwip-2.1.2+dfsg1/src/core/ipv6/ip6_addr.c:208:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[40];
data/lwip-2.1.2+dfsg1/src/core/ipv6/ip6_addr.c:239:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, IP4MAPPED_HEADER, sizeof(IP4MAPPED_HEADER));
data/lwip-2.1.2+dfsg1/src/core/mem.c:107:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errstr[128];
data/lwip-2.1.2+dfsg1/src/core/mem.c:118:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errstr[128];
data/lwip-2.1.2+dfsg1/src/core/netif.c:1712:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = (u8_t)atoi(&name[2]);
data/lwip-2.1.2+dfsg1/src/core/pbuf.c:1049:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MEMCPY(&((char *)dataptr)[left], &((char *)p->payload)[offset], buf_copy_len);
data/lwip-2.1.2+dfsg1/src/core/pbuf.c:1220:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MEMCPY(p->payload, &((const char *)dataptr)[copied_total], buf_copy_len);
data/lwip-2.1.2+dfsg1/src/core/tcp.c:904:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lpcb->ext_args, &pcb->ext_args, sizeof(pcb->ext_args));
data/lwip-2.1.2+dfsg1/src/include/lwip/apps/smtp.h:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[SMTP_BODYDH_BUFFER_SIZE]; /* buffer for generated content */
data/lwip-2.1.2+dfsg1/src/include/lwip/apps/tftp_server.h:63:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void* (*open)(const char* fname, const char* mode, u8_t write);
data/lwip-2.1.2+dfsg1/src/include/lwip/dhcp.h:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boot_file_name[DHCP_BOOT_FILE_LEN];
data/lwip-2.1.2+dfsg1/src/include/lwip/netif.h:347:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[2];
data/lwip-2.1.2+dfsg1/src/include/lwip/opt.h:137:41: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MEMCPY(dst,src,len) memcpy(dst,src,len)
data/lwip-2.1.2+dfsg1/src/include/lwip/opt.h:145:41: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define SMEMCPY(dst,src,len) memcpy(dst,src,len)
data/lwip-2.1.2+dfsg1/src/include/lwip/priv/api_msg.h:172:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DNS_MAX_NAME_LENGTH];
data/lwip-2.1.2+dfsg1/src/include/lwip/priv/api_msg.h:257:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NETIF_NAMESIZE];
data/lwip-2.1.2+dfsg1/src/include/lwip/sockets.h:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sin_zero[SIN_ZERO_LEN];
data/lwip-2.1.2+dfsg1/src/include/lwip/sockets.h:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa_data[14];
data/lwip-2.1.2+dfsg1/src/include/lwip/sockets.h:105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2_data1[2];
data/lwip-2.1.2+dfsg1/src/include/lwip/sockets.h:188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifr_name[IFNAMSIZ]; /* Interface name */
data/lwip-2.1.2+dfsg1/src/include/lwip/sockets.h:487:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fd_bits [(FD_SETSIZE+7)/8];
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/chap-new.h:160:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char priv[64]; /* private area for digest's use */
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/chap-new.h:171:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char challenge[CHAL_MAX_PKTLEN];
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/eap.h:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_peer[MAXNAMELEN +1]; /* Peer's name */
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/eui64.h:65:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define eui64_copy(s, d) memcpy(&(d), &(s), sizeof(eui64_t))
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/lcp.h:108:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char value[MAX_ENDP_LEN];
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/arc4.h:49:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m[256]; /*!< permutation table */
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/des.h:65:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void des_setkey_enc( des_context *ctx, unsigned char key[8] );
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/des.h:73:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void des_setkey_dec( des_context *ctx, unsigned char key[8] );
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/des.h:83:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[8],
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/des.h:84:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[8] );
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/md4.h:49:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /*!< data block being processed */
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/md4.h:79:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void md4_finish( md4_context *ctx, unsigned char output[16] );
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/md4.h:88:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void md4( unsigned char *input, int ilen, unsigned char output[16] );
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/md4.h:88:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void md4( unsigned char *input, int ilen, unsigned char output[16] );
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/md5.h:49:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /*!< data block being processed */
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/md5.h:79:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void md5_finish( md5_context *ctx, unsigned char output[16] );
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/md5.h:88:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void md5( unsigned char *input, int ilen, unsigned char output[16] );
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/md5.h:88:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void md5( unsigned char *input, int ilen, unsigned char output[16] );
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/sha1.h:49:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /*!< data block being processed */
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/sha1.h:79:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sha1_finish( sha1_context *ctx, unsigned char output[20] );
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/sha1.h:88:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sha1( unsigned char *input, int ilen, unsigned char output[20] );
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/polarssl/sha1.h:88:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sha1( unsigned char *input, int ilen, unsigned char output[20] );
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/ppp.h:257:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_name[MAXNAMELEN + 1]; /* Peer's name for authentication */
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/ppp.h:357:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char peer_authname[MAXNAMELEN + 1]; /* The name by which the peer authenticated itself to us. */
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/ppp_impl.h:294:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void (*open) (ppp_pcb *pcb);
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/pppos.h:87:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
unsigned int open :1; /* Set if PPPoS is open */
data/lwip-2.1.2+dfsg1/src/include/netif/ppp/vj.h:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char csu_hdr[MAX_HDR];
data/lwip-2.1.2+dfsg1/src/netif/bridgeif.c:151:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&br->fdbs[i].addr, addr, sizeof(struct eth_addr));
data/lwip-2.1.2+dfsg1/src/netif/bridgeif.c:494:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(netif->hwaddr, &br->ethaddr, ETH_HWADDR_LEN);
data/lwip-2.1.2+dfsg1/src/netif/bridgeif_fdb.c:108:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&e->addr, src_addr, sizeof(struct eth_addr));
data/lwip-2.1.2+dfsg1/src/netif/lowpan6_ble.c:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, 3);
data/lwip-2.1.2+dfsg1/src/netif/lowpan6_ble.c:116:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dst[5], &src[3], 3);
data/lwip-2.1.2+dfsg1/src/netif/lowpan6_ble.c:142:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst,src,3);
data/lwip-2.1.2+dfsg1/src/netif/lowpan6_ble.c:143:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dst[3],&src[5],3);
data/lwip-2.1.2+dfsg1/src/netif/lowpan6_ble.c:166:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr->addr, in_addr, 8);
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:151:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_number[MAXNAMELEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:232:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:422:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char u[MAXNAMELEN], p[MAXSECRETLEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:436:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ufile = fopen(fname, "r");
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:899:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(*cbcp_protent.open)(pcb);
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:953:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
&& protp->open != NULL)
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:954:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(*protp->open)(pcb);
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:986:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
&& protp->open != NULL) {
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:987:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(*protp->open)(pcb);
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:1571:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd[256], user[256];
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:1572:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secret[MAXWORDLEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:1610:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:1692:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secret[MAXWORDLEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:1707:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:1741:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secret[MAXWORDLEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:1753:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:1790:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:1834:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:1875:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:1928:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secbuf[MAXWORDLEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:1945:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:2005:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:2334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[MAXWORDLEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:2335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atfile[MAXWORDLEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:2336:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lsecret[MAXWORDLEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:2410:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sf = fopen(atfile, "r")) == NULL) {
data/lwip-2.1.2+dfsg1/src/netif/ppp/ccp.c:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bsd_value[8];
data/lwip-2.1.2+dfsg1/src/netif/ppp/ccp.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char deflate_value[8];
data/lwip-2.1.2+dfsg1/src/netif/ppp/ccp.c:1389:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[64];
data/lwip-2.1.2+dfsg1/src/netif/ppp/ccp.c:1463:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char method1[64];
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap-md5.c:67:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[MD5_HASH_SIZE];
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap-new.c:267:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + 1 + clen, pcb->chap_server.name, nlen);
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap-new.c:293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rname[MAXNAMELEN+1];
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap-new.c:294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[256];
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap-new.c:364:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outp + CHAP_HDRLEN, message, mlen);
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap-new.c:416:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char secret[MAXSECRETLEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap-new.c:441:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rname[MAXNAMELEN+1];
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap-new.c:442:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secret[MAXSECRETLEN+1];
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap-new.c:484:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outp + clen + 1, pcb->chap_client.name, nlen);
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:156:68: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void ChallengeHash (const u_char[16], const u_char *, const char *, u_char[8]);
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:157:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void ChapMS_NT (const u_char *, const char *, int, u_char[24]);
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:158:65: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void ChapMS2_NT (const u_char *, const u_char[16], const char *, const char *, int,
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:158:79: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void ChapMS2_NT (const u_char *, const u_char[16], const char *, const char *, int,
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:162:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *, u_char[41]);
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:169:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const u_char *rchallenge, const char *username,
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:174:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void SetMasterKeys (ppp_pcb *pcb, const char *, int, u_char[24], int);
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:178:74: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void ChapMS2 (ppp_pcb *pcb, const u_char *, const u_char *, const char *, const char *, int,
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:178:88: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void ChapMS2 (ppp_pcb *pcb, const u_char *, const u_char *, const char *, const char *, int,
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:231:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(challenge, mschap_challenge, 8);
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:243:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(challenge, mschap_challenge, 16);
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:253:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[MS_CHAP_RESPONSE_LEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:301:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[MS_CHAP2_RESPONSE_LEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saresponse[MS_AUTH_RESPONSE_LENGTH+1];
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:434:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:535:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *username, u_char Challenge[8]) {
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:582:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void ChapMS_NT(const u_char *rchallenge, const char *secret, int secret_len,
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:594:88: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void ChapMS2_NT(const u_char *rchallenge, const u_char PeerChallenge[16], const char *username,
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:595:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *secret, int secret_len, u_char NTResponse[24]) {
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:644:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const u_char *rchallenge, const char *username,
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:686:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *)&authResponse[i * 2], "%02X", Digest[i]);
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:691:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *secret, int secret_len,
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:693:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const u_char *rchallenge, const char *username,
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:744:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void SetMasterKeys(ppp_pcb *pcb, const char *secret, int secret_len, u_char NTResponse[24], int IsServer) {
data/lwip-2.1.2+dfsg1/src/netif/ppp/demand.c:71:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[1];
data/lwip-2.1.2+dfsg1/src/netif/ppp/demand.c:303:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt->data, frame, len);
data/lwip-2.1.2+dfsg1/src/netif/ppp/demand.c:328:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipstr[16];
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[9];
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:427:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char secbuf[MAXSECRETLEN], clear[8], *sp, *dp;
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:1231:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, modebits, S_IRUSR | S_IWUSR);
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:1315:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secret[MAXSECRETLEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:1316:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rhostname[MAXNAMELEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:1729:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secret[MAXSECRETLEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:1730:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rhostname[MAXNAMELEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/eui64.c:48:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[20];
data/lwip-2.1.2+dfsg1/src/netif/ppp/eui64.c:50:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%02x%02x:%02x%02x:%02x%02x:%02x%02x",
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipcp.c:106:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char vj_value[8]; /* string form of vj option value */
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipcp.c:107:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char netmask_str[20]; /* string form of netmask value */
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipcp.c:333:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char b[64];
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipcp.c:2386:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define get_iphl(x) (((unsigned char *)(x))[0] & 0xF)
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipcp.c:2388:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define get_ipproto(x) (((unsigned char *)(x))[9])
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipcp.c:2389:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define get_tcpoff(x) (((unsigned char *)(x))[12] >> 4)
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipcp.c:2390:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define get_tcpflags(x) (((unsigned char *)(x))[13])
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipv6cp.c:415:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char b[26];
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipv6cp.c:417:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(b, "fe80::%02x%02x:%02x%02x:%02x%02x:%02x%02x",
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipv6cp.c:1371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strspeed[32], strlocal[32], strremote[32];
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipv6cp.c:1372:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[8];
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipv6cp.c:1374:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strspeed, "%d", baud_rate);
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipv6cp.c:1509:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define get_ip6nh(x) (((unsigned char *)(x))[6])
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipv6cp.c:1510:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define get_tcpoff(x) (((unsigned char *)(x))[12] >> 4)
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipv6cp.c:1511:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define get_tcpflags(x) (((unsigned char *)(x))[13])
data/lwip-2.1.2+dfsg1/src/netif/ppp/magic.c:86:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char magic_randpool[MD5_HASH_SIZE]; /* Pool of randomness. */
data/lwip-2.1.2+dfsg1/src/netif/ppp/mppe.c:140:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mkey[sizeof(state->master_key) * 2 + 1];
data/lwip-2.1.2+dfsg1/src/netif/ppp/mppe.c:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char skey[sizeof(state->session_key) * 2 + 1];
data/lwip-2.1.2+dfsg1/src/netif/ppp/mppe.c:148:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mkey + i * 2, "%02x", state->master_key[i]);
data/lwip-2.1.2+dfsg1/src/netif/ppp/mppe.c:150:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(skey + i * 2, "%02x", state->session_key[i]);
data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c:308:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry[32];
data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c:347:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry[32];
data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c:435:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifkey[32];
data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c:496:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[MAX_ENDP_LEN*3+8];
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/des.c:300:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void des_setkey( unsigned long SK[32], unsigned char key[8] )
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/des.c:372:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void des_setkey_enc( des_context *ctx, unsigned char key[8] )
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/des.c:380:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void des_setkey_dec( des_context *ctx, unsigned char key[8] )
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/des.c:397:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[8],
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/des.c:398:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[8] )
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/md4.c:86:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void md4_process( md4_context *ctx, const unsigned char data[64] )
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/md4.c:233:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char md4_padding[64] =
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/md4.c:244:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void md4_finish( md4_context *ctx, unsigned char output[16] )
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/md4.c:248:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msglen[8];
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/md4.c:272:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void md4( unsigned char *input, int ilen, unsigned char output[16] )
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/md4.c:272:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void md4( unsigned char *input, int ilen, unsigned char output[16] )
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/md5.c:85:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void md5_process( md5_context *ctx, const unsigned char data[64] )
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/md5.c:252:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char md5_padding[64] =
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/md5.c:263:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void md5_finish( md5_context *ctx, unsigned char output[16] )
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/md5.c:267:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msglen[8];
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/md5.c:291:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void md5( unsigned char *input, int ilen, unsigned char output[16] )
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/md5.c:291:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void md5( unsigned char *input, int ilen, unsigned char output[16] )
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/sha1.c:86:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void sha1_process( sha1_context *ctx, const unsigned char data[64] )
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/sha1.c:286:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char sha1_padding[64] =
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/sha1.c:297:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sha1_finish( sha1_context *ctx, unsigned char output[20] )
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/sha1.c:301:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msglen[8];
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/sha1.c:326:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sha1( unsigned char *input, int ilen, unsigned char output[20] )
data/lwip-2.1.2+dfsg1/src/netif/ppp/polarssl/sha1.c:326:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sha1( unsigned char *input, int ilen, unsigned char output[20] )
data/lwip-2.1.2+dfsg1/src/netif/ppp/ppp.c:1601:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[32];
data/lwip-2.1.2+dfsg1/src/netif/ppp/pppoe.c:489:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_tmp[PPPOE_ERRORSTRING_LEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/pppos.c:499:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!pppos->open) {
data/lwip-2.1.2+dfsg1/src/netif/ppp/upap.c:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rhostname[256];
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[32];
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:162:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, fmt, len);
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:396:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, str, len);
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:492:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[256]; /* line to be logged accumulated here */
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:527:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:539:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(linep, buf, l);
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:562:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line, p, n);
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:606:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:772:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lock_file[MAXPATHLEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:798:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock_buffer[12];
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:817:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lockdev[MAXPATHLEN];
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:834:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:841:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(lock_file, O_RDONLY, 0);
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:863:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(lock_buffer);
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:916:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock_buffer[12];
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:920:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(lock_file, O_WRONLY, 0);
data/lwip-2.1.2+dfsg1/src/netif/ppp/vj.c:469:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
|| (hlen += TCPH_HDRLEN_BYTES((struct tcp_hdr *)&((char *)ip)[hlen]))
data/lwip-2.1.2+dfsg1/src/netif/zepif.c:235:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state->init, init_state, sizeof(struct zepif_init));
data/lwip-2.1.2+dfsg1/src/netif/zepif.c:274:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(netif->hwaddr, init_state->addr, 6);
data/lwip-2.1.2+dfsg1/test/fuzz/fuzz.c:122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&frame_len, ptr, sizeof(u16_t));
data/lwip-2.1.2+dfsg1/test/fuzz/fuzz.c:178:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/lwip-2.1.2+dfsg1/test/sockets/sockets_stresstest.c:408:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rxbuf[TEST_TXRX_BUFSIZE];
data/lwip-2.1.2+dfsg1/test/sockets/sockets_stresstest.c:436:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txbuf[TEST_TXRX_BUFSIZE];
data/lwip-2.1.2+dfsg1/test/sockets/sockets_stresstest.c:437:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rxbuf[TEST_TXRX_BUFSIZE];
data/lwip-2.1.2+dfsg1/test/sockets/sockets_stresstest.c:513:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txbuf[TEST_TXRX_BUFSIZE];
data/lwip-2.1.2+dfsg1/test/sockets/sockets_stresstest.c:514:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rxbuf[TEST_TXRX_BUFSIZE];
data/lwip-2.1.2+dfsg1/test/sockets/sockets_stresstest.c:591:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr, &settings->addr, sizeof(struct sockaddr_storage));
data/lwip-2.1.2+dfsg1/test/unit/api/test_sockets.c:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/lwip-2.1.2+dfsg1/test/unit/api/test_sockets.c:377:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(riovs_tmp, riovs, sizeof(riovs));
data/lwip-2.1.2+dfsg1/test/unit/api/test_sockets.c:423:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(riovs_tmp, riovs, sizeof(riovs));
data/lwip-2.1.2+dfsg1/test/unit/api/test_sockets.c:697:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rxbuf[16];
data/lwip-2.1.2+dfsg1/test/unit/core/test_def.c:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TEST_BUFSIZE];
data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.c:161:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q->payload, data, q->len);
data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.c:458:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dhcp_offer[46], &xid, 4);
data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.c:468:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dhcp_offer[46], &xid, 4); /* insert correct transaction id */
data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.c:473:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dhcp_ack[46], &xid, 4);
data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.c:478:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dhcp_ack[46], &xid, 4); /* insert transaction id */
data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.c:531:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dhcp_offer[46], &xid, 4);
data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.c:541:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dhcp_offer[46], &xid, 4); /* insert correct transaction id */
data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.c:546:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dhcp_ack[46], &xid, 4);
data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.c:551:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dhcp_ack[46], &xid, 4); /* insert transaction id */
data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.c:760:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&relay_offer[46], &xid, 4); /* insert correct transaction id */
data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.c:766:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&relay_ack1[46], &xid, 4); /* insert transaction id */
data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.c:802:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&relay_ack2[46], &xid, 4); /* insert transaction id */
data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.c:899:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dhcp_offer[46], &xid, 4);
data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.c:909:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dhcp_offer[46], &xid, 4); /* insert correct transaction id */
data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.c:916:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dhcp_nack_no_endmarker[46], &xid, 4); /* insert transaction id */
data/lwip-2.1.2+dfsg1/test/unit/dhcp/test_dhcp.c:1005:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dhcp_offer_invalid_overload[46], &xid, 4); /* insert correct transaction id */
data/lwip-2.1.2+dfsg1/test/unit/ip6/test_ip6.c:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/lwip-2.1.2+dfsg1/test/unit/ip6/test_ip6.c:232:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/lwip-2.1.2+dfsg1/test/unit/ip6/test_ip6.c:261:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(test_netif6.hwaddr, test_mac_addr, 6);
data/lwip-2.1.2+dfsg1/test/unit/tcp/test_tcp.c:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[PBUF_POOL_BUFSIZE*2];
data/lwip-2.1.2+dfsg1/test/unit/tcp/test_tcp.c:457:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data6[TCP_MSS] = {21, 22, 23, 24};
data/lwip-2.1.2+dfsg1/test/unit/tcp/test_tcp_oos.c:456:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char data_full_wnd[TCP_WND + TCP_MSS];
data/lwip-2.1.2+dfsg1/port/netif/fifo.c:88:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cnt = read( fd, &fifo->data[fifo->emptyslot], fifo->dataslot - fifo->emptyslot );
data/lwip-2.1.2+dfsg1/port/netif/fifo.c:92:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cnt = read( fd, &fifo->data[fifo->emptyslot], FIFOSIZE-fifo->emptyslot );
data/lwip-2.1.2+dfsg1/port/netif/sio.c:240:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen( (const char *)str );
data/lwip-2.1.2+dfsg1/port/netif/sio.c:311:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rsz = read( siostat->fd, buf, size );
data/lwip-2.1.2+dfsg1/port/netif/tapif.c:156:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, preconfigured_tapif, sizeof(ifr.ifr_name));
data/lwip-2.1.2+dfsg1/port/netif/tapif.c:158:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, DEVTAP_DEFAULT_IF, sizeof(ifr.ifr_name));
data/lwip-2.1.2+dfsg1/port/netif/tapif.c:272:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readlen = read(tapif->fd, buf, sizeof(buf));
data/lwip-2.1.2+dfsg1/src/api/api_lib.c:1287:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) >= DNS_MAX_NAME_LENGTH) {
data/lwip-2.1.2+dfsg1/src/api/api_lib.c:1304:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(API_VAR_REF(msg).name, name, DNS_MAX_NAME_LENGTH - 1);
data/lwip-2.1.2+dfsg1/src/api/netdb.c:111:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s_hostname, name, DNS_MAX_NAME_LENGTH);
data/lwip-2.1.2+dfsg1/src/api/netdb.c:189:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(name);
data/lwip-2.1.2+dfsg1/src/api/netdb.c:353:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(nodename);
data/lwip-2.1.2+dfsg1/src/api/netifapi.c:336:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(NETIFAPI_VAR_REF(msg).msg.ifs.name, name, NETIF_NAMESIZE - 1);
data/lwip-2.1.2+dfsg1/src/api/netifapi.c:372:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, NETIFAPI_VAR_REF(msg).msg.ifs.name, NETIF_NAMESIZE - 1);
data/lwip-2.1.2+dfsg1/src/apps/http/fs.c:118:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/lwip-2.1.2+dfsg1/src/apps/http/fs.c:137:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read > count) {
data/lwip-2.1.2+dfsg1/src/apps/http/fs.c:141:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
MEMCPY(buffer, (file->data + file->index), read);
data/lwip-2.1.2+dfsg1/src/apps/http/fs.c:142:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file->index += read;
data/lwip-2.1.2+dfsg1/src/apps/http/fs.c:144:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (read);
data/lwip-2.1.2+dfsg1/src/apps/http/http_client.c:528:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
server_name_len = server_name ? strlen(server_name) : 0;
data/lwip-2.1.2+dfsg1/src/apps/http/http_client.c:529:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri_len = strlen(uri);
data/lwip-2.1.2+dfsg1/src/apps/http/http_client.c:730:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_len = strlen(local_file_name);
data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c:823:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = LWIP_MIN(sizeof(ssi->tag_name), LWIP_MIN(strlen(ssi->tag_name),
data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c:830:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ssi->tag_insert);
data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c:967:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(hs->hdr_content_len);
data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c:1019:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hdrlen = (u16_t)strlen(hs->hdrs[hs->hdr_index]);
data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c:2193:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t uri_len = strlen(uri);
data/lwip-2.1.2+dfsg1/src/apps/http/httpd.c:2212:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_len = strlen(httpd_default_filenames[loop].name);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:227:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(targetfile, &argv[i][3], sizeof(targetfile) - 1);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:265:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, argv[i], sizeof(path) - 1);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:388:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(path);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:442:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sublen = strlen(curSubdir);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:473:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(curSubdir, "/", freelen);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:474:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(curSubdir, currName, freelen - 1);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:706:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(qualifiedName);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:842:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sublen = strlen(curSubdir);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:844:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(curSubdir, "/", freelen);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:845:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(curSubdir, filename, freelen - 1);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:879:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t filename_size = strlen(filename);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:937:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(data_file, "/* %s (%"SZT_F" chars) */" NEWLINE, qualifiedName, strlen(qualifiedName) + 1);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:938:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_put_ascii(data_file, qualifiedName, strlen(qualifiedName) + 1, &i);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1062:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur_len = strlen(cur_string);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1072:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur_len = strlen(cur_string);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1113:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur_len = strlen(cur_string);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1123:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur_len = strlen(intbuf);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1149:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur_len = strlen(cur_string);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1159:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur_len = strlen(modbuf);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1177:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur_len = strlen(cur_string);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1192:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur_len = strlen(cur_string);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1203:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur_len = strlen(cur_string);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/makefsdata.c:1215:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LWIP_ASSERT("strlen(hdr_buf) == hdr_len", strlen(hdr_buf) == hdr_len);
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/tinydir.h:70:25: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tinydir_strlen _tcslen
data/lwip-2.1.2+dfsg1/src/apps/http/makefsdata/tinydir.h:79:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tinydir_strlen strlen
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:526:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = mdns_domain_add_label(domain, buf, (u8_t)strlen(buf));
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:609:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = mdns_domain_add_label(domain, mdns->name, (u8_t)strlen(mdns->name));
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:629:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = mdns_domain_add_label(domain, dnssd_protos[DNSSD_PROTO_UDP], (u8_t)strlen(dnssd_protos[DNSSD_PROTO_UDP]));
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:650:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = mdns_domain_add_label(domain, service->name, (u8_t)strlen(service->name));
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:653:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = mdns_domain_add_label(domain, service->service, (u8_t)strlen(service->service));
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:655:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = mdns_domain_add_label(domain, dnssd_protos[service->proto], (u8_t)strlen(dnssd_protos[service->proto]));
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:2067:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LWIP_ERROR("mdns_resp_add_netif: Hostname too long", (strlen(hostname) <= MDNS_LABEL_MAXLEN), return ERR_VAL);
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:2075:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MEMCPY(&mdns->name, hostname, LWIP_MIN(MDNS_LABEL_MAXLEN, strlen(hostname)));
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:2162:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(hostname);
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:2204:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LWIP_ERROR("mdns_resp_add_service: Name too long", (strlen(name) <= MDNS_LABEL_MAXLEN), return ERR_VAL);
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:2205:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LWIP_ERROR("mdns_resp_add_service: Service too long", (strlen(service) <= MDNS_LABEL_MAXLEN), return ERR_VAL);
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:2219:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MEMCPY(&srv->name, name, LWIP_MIN(MDNS_LABEL_MAXLEN, strlen(name)));
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:2220:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MEMCPY(&srv->service, service, LWIP_MIN(MDNS_LABEL_MAXLEN, strlen(service)));
data/lwip-2.1.2+dfsg1/src/apps/mdns/mdns.c:2274:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/lwip-2.1.2+dfsg1/src/apps/mqtt/mqtt.c:1112:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
topic_strlen = strlen(topic);
data/lwip-2.1.2+dfsg1/src/apps/mqtt/mqtt.c:1186:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
topic_strlen = strlen(topic);
data/lwip-2.1.2+dfsg1/src/apps/mqtt/mqtt.c:1319:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(client_info->will_topic);
data/lwip-2.1.2+dfsg1/src/apps/mqtt/mqtt.c:1323:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(client_info->will_msg);
data/lwip-2.1.2+dfsg1/src/apps/mqtt/mqtt.c:1332:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(client_info->client_user);
data/lwip-2.1.2+dfsg1/src/apps/mqtt/mqtt.c:1342:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(client_info->client_pass);
data/lwip-2.1.2+dfsg1/src/apps/mqtt/mqtt.c:1354:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(client_info->client_id);
data/lwip-2.1.2+dfsg1/src/apps/netbiosns/netbiosns.c:452:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MEMCPY(resp->answer_name, NETBIOS_LOCAL_NAME, strlen(NETBIOS_LOCAL_NAME));
data/lwip-2.1.2+dfsg1/src/apps/netbiosns/netbiosns.c:482:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LWIP_ASSERT("NetBIOS name is too long!", strlen(NETBIOS_LWIP_NAME) < NETBIOS_NAME_LEN);
data/lwip-2.1.2+dfsg1/src/apps/netbiosns/netbiosns.c:504:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t copy_len = strlen(hostname);
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:357:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(server);
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:411:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uname_len = strlen(username);
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:420:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pass_len = strlen(pass);
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:589:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t from_len = strlen(from);
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:590:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t to_len = strlen(to);
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:591:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t subject_len = strlen(subject);
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:592:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t body_len = strlen(body);
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:655:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(from);
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:659:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(to);
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:663:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(subject);
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:667:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(body);
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:1036:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ipa_len = strlen(ipa);
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:1111:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SMTP_USERNAME(s), strlen(SMTP_USERNAME(s)));
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:1127:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SMTP_PASS(s), strlen(SMTP_PASS(s)));
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:1489:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(from);
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:1493:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(to);
data/lwip-2.1.2+dfsg1/src/apps/smtp/smtp.c:1497:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(subject);
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_mib2_system.c:272:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (s16_t)strlen((const char *)var);
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_msg.c:181:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LWIP_ASSERT("community string is too long!", strlen(community) <= SNMP_MAX_COMMUNITY_STR_LEN);
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_msg.c:220:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LWIP_ASSERT("community string is too long!", strlen(community) <= SNMP_MAX_COMMUNITY_STR_LEN);
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_msg.c:236:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LWIP_ASSERT("community string is too long!", strlen(community) <= SNMP_MAX_COMMUNITY_STR_LEN);
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_msg.c:816:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)request->community, snmp_community, SNMP_MAX_COMMUNITY_STR_LEN);
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_snmpv2_usm.c:257:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
test_oid[1 + eid_len] = strlen(username);
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_snmpv2_usm.c:258:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snmp_name_to_oid(username, &test_oid[2 + eid_len], strlen(username));
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_snmpv2_usm.c:261:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snmp_next_oid_check(&state, test_oid, (u8_t)(1 + eid_len + 1 + strlen(username)), LWIP_PTR_NUMERIC_CAST(void *, i));
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_snmpv2_usm.c:271:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cell_instance->reference_len = strlen(username);
data/lwip-2.1.2+dfsg1/src/apps/snmp/snmp_traps.c:354:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
trap->comlen = (u16_t)LWIP_MIN(strlen(snmp_community_trap), 0xFFFF);
data/lwip-2.1.2+dfsg1/src/apps/tftp/tftp_server.c:120:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int str_length = strlen(str);
data/lwip-2.1.2+dfsg1/src/apps/tftp/tftp_server.c:192:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = tftp_state.ctx->read(tftp_state.handle, &payload[2], TFTP_MAX_PAYLOAD_SIZE);
data/lwip-2.1.2+dfsg1/src/core/def.c:108:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t tokenlen = strlen(token);
data/lwip-2.1.2+dfsg1/src/core/dns.c:414:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(init_entry->name);
data/lwip-2.1.2+dfsg1/src/core/dns.c:568:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(hostname);
data/lwip-2.1.2+dfsg1/src/core/dns.c:777:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = pbuf_alloc(PBUF_TRANSPORT, (u16_t)(SIZEOF_DNS_HDR + strlen(entry->name) + 2 +
data/lwip-2.1.2+dfsg1/src/core/dns.c:1565:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostnamelen = strlen(hostname);
data/lwip-2.1.2+dfsg1/src/core/ipv4/dhcp.c:1476:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namelen = strlen(netif->hostname);
data/lwip-2.1.2+dfsg1/src/core/pbuf.c:1509:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
substr_len = strlen(substr);
data/lwip-2.1.2+dfsg1/src/include/lwip/apps/tftp_server.h:76:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(void* handle, void* buf, int bytes);
data/lwip-2.1.2+dfsg1/src/include/lwip/sockets.h:566:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define lwip_read read
data/lwip-2.1.2+dfsg1/src/include/lwip/sockets.h:668:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read(s,mem,len) lwip_read(s,mem,len)
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:456:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(u);
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:459:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(p);
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:509:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(addr) + 1;
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:531:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(number) + 1;
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:1011:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
secretuserlen = (int)strlen(pcb->settings.user);
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:1012:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
secretpasswdlen = (int)strlen(pcb->settings.passwd);
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:1913:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(pcb->settings.passwd);
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:1965:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(secbuf);
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:2276:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(wp->word);
data/lwip-2.1.2+dfsg1/src/netif/ppp/auth.c:2433:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
malloc(sizeof(struct wordlist) + strlen(word) + 1);
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap-new.c:266:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(pcb->chap_server.name);
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap-new.c:346:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mlen = strlen(message);
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap-new.c:395:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name, strlen(name));
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap-new.c:483:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(pcb->chap_client.name);
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:230:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mschap_challenge && strlen(mschap_challenge) == 8)
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:242:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mschap_challenge && strlen(mschap_challenge) == 16)
data/lwip-2.1.2+dfsg1/src/netif/ppp/chap_ms.c:550:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lwip_sha1_update(&sha1Context, (const unsigned char*)user, strlen(user));
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:232:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb->eap.es_client.ea_namelen = strlen(localname);
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:328:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA1Update(&ctxt, pn_secret, strlen(pn_secret));
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:330:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA1Update(&ctxt, tbuf, strlen(tbuf));
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:664:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)strlen(pcb->remote_name);
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:707:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:880:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb->eap.es_server.ea_namelen = strlen(localname);
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:1210:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pl = strlen(user) + strlen(file) + 2;
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:1210:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pl = strlen(user) + strlen(file) + 2;
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:1366:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, rhostname + SRP_PSEUDO_LEN,
data/lwip-2.1.2+dfsg1/src/netif/ppp/eap.c:1515:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rhostnamelen = (int)strlen(rhostname);
data/lwip-2.1.2+dfsg1/src/netif/ppp/fsm.c:239:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f->term_reason_len = (reason == NULL? 0: (u8_t)LWIP_MIN(strlen(reason), 0xFF) );
data/lwip-2.1.2+dfsg1/src/netif/ppp/ipv6cp.c:351:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
comma = arg + strlen(arg);
data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c:168:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = 4 * strlen(peer_authname) + 10;
data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c:172:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += 3 * strlen(bundle_name) + 2;
data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c:294:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key.dsize = strlen(blinks_id);
data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c:312:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key.dsize = strlen(blinks_id);
data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c:324:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = rec.dsize + strlen(entry);
data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c:336:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rec.dsize = strlen(p) + 1;
data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c:352:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key.dsize = strlen(blinks_id);
data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c:364:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = p + strlen(entry);
data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c:365:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(q) + 1;
data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c:380:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key.dsize = strlen(blinks_id);
data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c:417:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(key);
data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c:441:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kd.dsize = strlen(ifkey);
data/lwip-2.1.2+dfsg1/src/netif/ppp/multilink.c:552:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sl = strlen(endp_class_names[i]);
data/lwip-2.1.2+dfsg1/src/netif/ppp/pppoe.c:491:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(error_tmp, (char*)pb->payload + off + sizeof(pt), error_len);
data/lwip-2.1.2+dfsg1/src/netif/ppp/pppoe.c:768:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = (int)strlen(sc->sc_service_name);
data/lwip-2.1.2+dfsg1/src/netif/ppp/pppoe.c:772:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = (int)strlen(sc->sc_concentrator_name);
data/lwip-2.1.2+dfsg1/src/netif/ppp/pppoe.c:992:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = strlen(sc->sc_service_name);
data/lwip-2.1.2+dfsg1/src/netif/ppp/pppoe.c:1112:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = strlen(sc->sc_service_name);
data/lwip-2.1.2+dfsg1/src/netif/ppp/upap.c:162:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb->upap.us_userlen = (u8_t)LWIP_MIN(strlen(user), 0xff);
data/lwip-2.1.2+dfsg1/src/netif/ppp/upap.c:164:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcb->upap.us_passwdlen = (u8_t)LWIP_MIN(strlen(password), 0xff);
data/lwip-2.1.2+dfsg1/src/netif/ppp/upap.c:430:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msglen = strlen(msg);
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:88:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ret = strlen(src);
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:94:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, len - 1);
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:106:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dlen = strlen(dest);
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:292:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen((const char *)p);
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:381:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:504:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linep = line + strlen(line);
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:618:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(buf);
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:745:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nb = read(fd, ptr, count - done);
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:821:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lockdev, dev, MAXPATHLEN-1);
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:849:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, lock_buffer, 11);
data/lwip-2.1.2+dfsg1/src/netif/ppp/utils.c:851:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, &pid, sizeof(pid));
data/lwip-2.1.2+dfsg1/test/unit/core/test_def.c:36:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t exp_len = strlen(expected);
data/lwip-2.1.2+dfsg1/test/unit/mdns/test_mdns.c:399:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = mdns_domain_add_label(&domain, toolong, (u8_t)strlen(toolong));
data/lwip-2.1.2+dfsg1/test/unit/mdns/test_mdns.c:412:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = mdns_domain_add_label(&domain, label, (u8_t)strlen(label));
data/lwip-2.1.2+dfsg1/test/unit/mdns/test_mdns.c:415:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = mdns_domain_add_label(&domain, label, (u8_t)strlen(label));
data/lwip-2.1.2+dfsg1/test/unit/mdns/test_mdns.c:418:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = mdns_domain_add_label(&domain, label, (u8_t)strlen(label));
data/lwip-2.1.2+dfsg1/test/unit/mdns/test_mdns.c:421:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = mdns_domain_add_label(&domain, label, (u8_t)strlen(label));
data/lwip-2.1.2+dfsg1/test/unit/mdns/test_mdns.c:424:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = mdns_domain_add_label(&domain, label, (u8_t)strlen(label));
data/lwip-2.1.2+dfsg1/test/unit/mdns/test_mdns.c:427:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = mdns_domain_add_label(&domain, label, (u8_t)strlen(label));
data/lwip-2.1.2+dfsg1/test/unit/mdns/test_mdns.c:430:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = mdns_domain_add_label(&domain, label, (u8_t)strlen(label));
data/lwip-2.1.2+dfsg1/test/unit/mdns/test_mdns.c:433:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = mdns_domain_add_label(&domain, label, (u8_t)strlen(label));
ANALYSIS SUMMARY:
Hits = 651
Lines analyzed = 143218 in approximately 3.83 seconds (37436 lines/second)
Physical Source Lines of Code (SLOC) = 89963
Hits@level = [0] 128 [1] 187 [2] 328 [3] 2 [4] 134 [5] 0
Hits@level+ = [0+] 779 [1+] 651 [2+] 464 [3+] 136 [4+] 134 [5+] 0
Hits/KSLOC@level+ = [0+] 8.65912 [1+] 7.23631 [2+] 5.15768 [3+] 1.51173 [4+] 1.4895 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.