Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/vdeif.c
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/slirpif.c
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/tunif.c
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/tapif.c
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/sys_arch_pipe.c
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/include/netif/delif.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/include/netif/sio.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/include/netif/tunif.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/include/netif/tcpdump.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/include/netif/dropif.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/include/netif/pcapif.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/include/netif/slirpif.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/include/netif/unixif.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/include/netif/tapif.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/include/netif/fifo.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/include/netif/vdeif.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/include/vde.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/include/arch/cc.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/include/arch/sys_arch.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/include/arch/perf.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/include/lwipv6.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/include/libvdeplug_dyn.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/sys_arch.2sem.c
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/perf.c
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/lwip_chksum.c
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/proj/lib/unixlib.c
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/proj/lib/lwipopts.h
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/proj/lib/sharedlib.c
Examining data/lwipv6-1.5a/lwip-contrib/ports/unix/sys_arch.c
Examining data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/vjbsdhdr.h
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/chap.c
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/md5.h
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/randm.h
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/magic.c
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.h
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/pap.c
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ipcp.c
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/pppdebug.h
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/chpms.c
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/fsm.h
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/chpms.h
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/randm.c
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.c
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/vj.c
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/md5.c
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/fsm.c
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ipcp.h
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/magic.h
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.h
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/chap.h
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/vj.h
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.h
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ppp/pap.h
Examining data/lwipv6-1.5a/lwip-v6/src/netif/slipif.c
Examining data/lwipv6-1.5a/lwip-v6/src/netif/etharp.c
Examining data/lwipv6-1.5a/lwip-v6/src/netif/ethernetif.c
Examining data/lwipv6-1.5a/lwip-v6/src/netif/loopif.c
Examining data/lwipv6-1.5a/lwip-v6/src/api/api_msg.c
Examining data/lwipv6-1.5a/lwip-v6/src/api/api_lib.c
Examining data/lwipv6-1.5a/lwip-v6/src/api/renzosocket.c
Examining data/lwipv6-1.5a/lwip-v6/src/api/err.c
Examining data/lwipv6-1.5a/lwip-v6/src/api/tcpip.c
Examining data/lwipv6-1.5a/lwip-v6/src/api/netlink.c
Examining data/lwipv6-1.5a/lwip-v6/src/api/sockets.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/inet6.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/sys.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/mem.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/tcp.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/tcp_in.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/raw.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/lwslirp.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/memp_dynmalloc.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/tcp_out.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/stats.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/mem_malloc.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/pbufnopool.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/packet.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/udp.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/memp.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/memp_malloc.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_frag.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/ipv6/icmp6.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_radv.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_autoconf.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_addr.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_route.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/dhcp.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/netif.c
Examining data/lwipv6-1.5a/lwip-v6/src/core/pbuf.c
Examining data/lwipv6-1.5a/lwip-v6/src/userfilter/nat/nat_rules.c
Examining data/lwipv6-1.5a/lwip-v6/src/userfilter/nat/nat_track_proto_icmp4.c
Examining data/lwipv6-1.5a/lwip-v6/src/userfilter/nat/nat_track_proto_udp.c
Examining data/lwipv6-1.5a/lwip-v6/src/userfilter/nat/nat_tables.c
Examining data/lwipv6-1.5a/lwip-v6/src/userfilter/nat/nat_track_proto_tcp.c
Examining data/lwipv6-1.5a/lwip-v6/src/userfilter/nat/nat_track_proto_generic.c
Examining data/lwipv6-1.5a/lwip-v6/src/userfilter/nat/nat.c
Examining data/lwipv6-1.5a/lwip-v6/src/userfilter/userfilter.c
Examining data/lwipv6-1.5a/lwip-v6/src/include/radv/lwip/radvconf.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/netif/etharp.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/netif/slipif.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/netif/loopif.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/userfilter/lwip/nat/nat_track_icmp.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/userfilter/lwip/nat/nat_tables.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/userfilter/lwip/nat/nat_track_protocol.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/userfilter/lwip/nat/nat_rules.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/userfilter/lwip/nat/nat.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/userfilter/lwip/nat/nat_track_tcp.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/userfilter/lwip/nat/nat_track_udp.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/userfilter/lwip/userfilter.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/ipv6/lwip/ip_autoconf.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/ipv6/lwip/ip_addr.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/ipv6/lwip/ip_radv.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/ipv6/lwip/ip_route.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/ipv6/lwip/icmp.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/ipv6/lwip/ip_frag.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/ipv6/lwip/ip.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/ipv6/lwip/inet.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/err.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/sio.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/arphdr.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/netlinkdefs.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/mem.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/udp.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/raw.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/dhcp.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/netif.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/tcpip.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/debug.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/sys.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/native_syscalls.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/netlink.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/sockets.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/if.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/stats.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/tcp.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/opt.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/arch.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/api_msg.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/memp.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/api.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/pbuf.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/lwslirp.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/snmp.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/stack.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/def.h
Examining data/lwipv6-1.5a/lwip-v6/src/include/lwip/packet.h
FINAL RESULTS:
data/lwipv6-1.5a/lwip-contrib/ports/unix/include/arch/cc.h:77:37: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define LWIP_PLATFORM_DIAG(x) do {printf x;} while(0)
data/lwipv6-1.5a/lwip-contrib/ports/unix/sys_arch.2sem.c:468:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/lwipv6-1.5a/lwip-contrib/ports/unix/sys_arch.c:533:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/lwipv6-1.5a/lwip-contrib/ports/unix/sys_arch_pipe.c:474:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/lwipv6-1.5a/lwip-v6/src/core/dhcp.c:606:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dhcp->boot_file_name, dhcp->msg_in->file);
data/lwipv6-1.5a/lwip-v6/src/core/lwslirp.c:1378:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sl_item->src.srcpath,src);
data/lwipv6-1.5a/lwip-v6/src/core/lwslirp.c:1386:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(srcsockaddr.sun_path,src);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c:109:14: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
extern char *crypt (const char *, const char *);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c:669:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ppp_settings.our_name, ppp_settings.hostname);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c:671:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ppp_settings.user, ppp_settings.our_name);
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:102:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(l, s);
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:123:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(l, s);
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:513:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sec, strlwc(sec));
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:535:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key, strcrop(key));
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:536:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(val, strcrop(val));
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/vdeif.c:164:4: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
(getenv("_INSIDE_VIEWOS_MODULE") != NULL) ? "VIEWOS-" : "",
data/lwipv6-1.5a/lwip-contrib/ports/unix/proj/lib/unixlib.c:120:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("_INSIDE_VIEWOS_MODULE") != NULL) {
data/lwipv6-1.5a/lwip-contrib/ports/unix/proj/lib/unixlib.c:124:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(getpid()+time(NULL));
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/randm.c:199:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)avRandomSeed);
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/slirpif.c:129:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, q->payload, q->len);
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/tapif.c:145:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tapif->fd = open(DEVTAP, O_RDWR);
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/tapif.c:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1514];
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/tapif.c:221:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, q->payload, q->len);
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/tapif.c:246:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1514];
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/tapif.c:268:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q->payload, bufptr, q->len);
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/tunif.c:113:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tunif->fd = open(DEVTAP, O_RDWR);
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/tunif.c:151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1500];
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/tunif.c:164:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(q->payload, bufptr, q->len);
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/tunif.c:188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1500];
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/tunif.c:211:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(bufptr, q->payload, q->len);
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/vdeif.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descr[MAXDESCR+1];
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/vdeif.c:236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1514];
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/vdeif.c:255:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, q->payload, q->len);
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/vdeif.c:292:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q->payload, bufptr, q->len);
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/vdeif.c:317:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1514];
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/vdeif.c:469:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1514];
data/lwipv6-1.5a/lwip-contrib/ports/unix/perf.c:62:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname, "w");
data/lwipv6-1.5a/lwip-v6/src/api/api_lib.c:188:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)dataptr)[left] = ((char *)p->payload)[i];
data/lwipv6-1.5a/lwip-v6/src/api/api_msg.c:89:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(buf->fromaddr),addr,sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/api/api_msg.c:128:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(buf->fromaddr),addr,sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/api/api_msg.c:166:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(buf->fromaddr),addr,sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/api/netlink.c:190:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*out)->payload,nlbuf.data,offset);
data/lwipv6-1.5a/lwip-v6/src/api/netlink.c:254:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(nl->name),name,sizeof(struct sockaddr_nl));
data/lwipv6-1.5a/lwip-v6/src/api/netlink.c:295:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem,nl->answer[0]->payload,(len < outlen) ? len : outlen);
data/lwipv6-1.5a/lwip-v6/src/api/netlink.c:310:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem,nl->answer[0]->payload,outlen);
data/lwipv6-1.5a/lwip-v6/src/api/netlink.c:346:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(nl->hdr),nlss_data->data,sizeof(struct nlmsghdr));
data/lwipv6-1.5a/lwip-v6/src/api/netlink.c:392:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name,&snl,sizeof(snl));
data/lwipv6-1.5a/lwip-v6/src/api/renzosocket.c:213:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &sin, *addrlen);
data/lwipv6-1.5a/lwip-v6/src/api/renzosocket.c:438:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(from, &sin, *fromlen);
data/lwipv6-1.5a/lwip-v6/src/api/renzosocket.c:960:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, &sin, *namelen);
data/lwipv6-1.5a/lwip-v6/src/api/renzosocket.c:994:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, &sin, *namelen);
data/lwipv6-1.5a/lwip-v6/src/api/renzosocket.c:1643:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &temp_buf[pos], vector[i].iov_base, vector[i].iov_len);
data/lwipv6-1.5a/lwip-v6/src/api/renzosocket.c:1690:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( vector[i].iov_base, &temp_buf[pos], vector[i].iov_len);
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:97:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((ipaddr)->addr[3]),(ip4),sizeof(struct ip4_addr)); } while (0)
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:100:39: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define SOCK_IP46_CONV(ip4, ipaddr) (memcpy((ip4),&((ipaddr)->addr[3]),sizeof(struct ip4_addr)))
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:458:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &sin, *addrlen);
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:465:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sin.sin6_addr),&(naddr.addr),sizeof(sin.sin6_addr));
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:470:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &sin, *addrlen);
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:523:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(local_addr.addr),&(((struct sockaddr_in6 *)name)->sin6_addr),sizeof(local_addr.addr));
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:632:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(remote_addr.addr),&(((struct sockaddr_in6 *)name)->sin6_addr),sizeof(remote_addr.addr));
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:769:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(from, &sin, *fromlen);
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:780:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sin.sin6_addr),&(addr->addr),sizeof(sin.sin6_addr));
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:785:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(from, &sin, *fromlen);
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:801:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(from, &sll, *fromlen);
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:881:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg_iov[i].iov_base,lbuf,qty);
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:995:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(remote_addr.addr),&(((struct sockaddr_in6 *)to)->sin6_addr),sizeof(remote_addr.addr));
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:1041:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lbuf,msg_iov[i].iov_base,qty);
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:1427:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, &sin, *namelen);
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:1434:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sin.sin6_addr),&(naddr.addr),sizeof(sin.sin6_addr));
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:1439:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, &sin, *namelen);
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:1490:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, &sin, *namelen);
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:1498:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sin.sin6_addr),&naddr,sizeof(sin.sin6_addr));
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:1503:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, &sin, *namelen);
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:2103:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argp,&tv,sizeof(struct timeval));
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:2498:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &temp_buf[pos], vector[i].iov_base, vector[i].iov_len);
data/lwipv6-1.5a/lwip-v6/src/api/sockets.c:2545:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( vector[i].iov_base, &temp_buf[pos], vector[i].iov_len);
data/lwipv6-1.5a/lwip-v6/src/core/dhcp.c:1912:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(pcb_remote_ip.addr), &(pcb->remote_ip.addr), sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/core/dhcp.c:1916:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(pcb->remote_ip.addr), &(dst_ip->addr), sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/core/dhcp.c:1923:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(pcb->remote_ip.addr), &(pcb_remote_ip.addr), sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/core/inet6.c:331:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[16];
data/lwipv6-1.5a/lwip-v6/src/core/inet6.c:333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inv[3];
data/lwipv6-1.5a/lwip-v6/src/core/inet6.c:373:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[IN4ADDR_SZ], *tp;
data/lwipv6-1.5a/lwip-v6/src/core/inet6.c:405:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, IN4ADDR_SZ);
data/lwipv6-1.5a/lwip-v6/src/core/inet6.c:413:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[IN6ADDR_SZ], *tp, *endp, *colonp;
data/lwipv6-1.5a/lwip-v6/src/core/inet6.c:492:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, IN6ADDR_SZ);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/icmp6.c:214:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &opt->addr, &(inp->hwaddr), inp->hwaddr_len);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/icmp6.c:428:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ins->targetip, ipaddr, sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/icmp6.c:438:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&iopt->addr, &(inp->hwaddr), inp->hwaddr_len);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/icmp6.c:481:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&iopt->addr, &(inp->hwaddr), inp->hwaddr_len);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/icmp6.c:508:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)q->payload + sizeof(struct icmp_dur_hdr), p->payload, IP4_HLEN + 8);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/icmp6.c:526:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)q->payload + sizeof(struct icmp_dur_hdr), p->payload, IP_HLEN + 8);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/icmp6.c:554:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)q->payload + sizeof(struct icmp_te_hdr), (char *)p->payload, IP4_HLEN + 8);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/icmp6.c:573:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)q->payload + sizeof(struct icmp_te_hdr), (char *)p->payload, IP_HLEN + 8);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/icmp6.c:603:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)q->payload + 8, (char *)p->payload, IP_HLEN + 8);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6.c:461:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr->ipaddr, unicast_addr, sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6.c:463:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr->ipaddr, piphdr->dest, sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_addr.c:102:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &ip_addr_any, sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_addr.c:104:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_addr.c:111:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &ip_addr_any, sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_addr.c:123:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &ip_addr_any.addr[3], sizeof(struct ip4_addr));
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_addr.c:125:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &(src->addr[3]), sizeof(struct ip4_addr));
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_addr.c:132:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &ip_addr_any.addr[3], sizeof(struct ip4_addr));
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_addr.c:134:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, sizeof(struct ip4_addr));
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_autoconf.c:102:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ip, prefix, prefixlen / 8);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_autoconf.c:224:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&prefix, &oprefix->prefix, sizeof(struct ip_addr) );
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_frag.c:100:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, p->payload, l);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_frag.c:281:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry_iphdr, fragment_hdr, IP4_HLEN);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_frag.c:385:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q->payload, &ip_reassembly_pool[pos].buf[i], q->len > ip_reassembly_pool[pos].len - i ? ip_reassembly_pool[pos].len - i : q->len);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_frag.c:442:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iphdr, p->payload, IP4_HLEN);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_frag.c:569:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry_iphdr, fragment_hdr, unfragpart_len);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_frag.c:686:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q->payload, &ip_reassembly_pool[pos].buf[i], q->len > ip_reassembly_pool[pos].len - i ? ip_reassembly_pool[pos].len - i : q->len);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_frag.c:795:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iphdr, p->payload, unfragpart_len);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_radv.c:334:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&opt_addr->addr, netif->hwaddr, netif->hwaddr_len);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_route.c:67:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%lx:%lx:%lx:%lx:%lx:%lx:",
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_route.c:78:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%ld.%ld.%ld.%ld",
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_route.c:84:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%lx:%lx",
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_route.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip_tmp[40];
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_route.c:456:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ipaddr,IP_ADDR_ANY,sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_route.c:518:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ipaddr,IP_ADDR_ANY,sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_route.c:519:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nexthop,IP_ADDR_ANY,sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/core/lwslirp.c:185:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr->ipaddr, &piphdr.dest, sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/core/lwslirp.c:925:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_addr6[INET6_ADDRSTRLEN];
data/lwipv6-1.5a/lwip-v6/src/core/lwslirp.c:1032:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_addr[INET6_ADDRSTRLEN];
data/lwipv6-1.5a/lwip-v6/src/core/lwslirp.c:1088:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_addr6[INET6_ADDRSTRLEN];
data/lwipv6-1.5a/lwip-v6/src/core/lwslirp.c:1099:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, q->payload, q->len);
data/lwipv6-1.5a/lwip-v6/src/core/lwslirp.c:1224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcpath[1];
data/lwipv6-1.5a/lwip-v6/src/core/lwslirp.c:1296:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_addr6[INET6_ADDRSTRLEN];
data/lwipv6-1.5a/lwip-v6/src/core/lwslirp.c:1362:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&srcsockaddr.sin6_addr,src,sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/core/mem.c:181:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nmem, rmem, newsize);
data/lwipv6-1.5a/lwip-v6/src/core/memp_dynmalloc.c:118:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *newpool=(char *)malloc(memp_sizes[type]*memp_num[type]);
data/lwipv6-1.5a/lwip-v6/src/core/netif.c:611:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)&((struct sockaddr_in*)(&ifr_v[i].ifr_addr))->sin_addr,
data/lwipv6-1.5a/lwip-v6/src/core/netif.c:861:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[4];
data/lwipv6-1.5a/lwip-v6/src/core/netif.c:1080:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ipaddr,IP_ADDR_ANY,sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/core/packet.c:142:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, q->payload, q->len);
data/lwipv6-1.5a/lwip-v6/src/core/pbuf.c:940:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q->payload, p->payload, p->len);
data/lwipv6-1.5a/lwip-v6/src/core/pbuf.c:1024:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, q->payload, q->len);
data/lwipv6-1.5a/lwip-v6/src/core/pbuf.c:1064:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, q->payload, q->len);
data/lwipv6-1.5a/lwip-v6/src/core/pbufnopool.c:737:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q->payload, p->payload, p->len);
data/lwipv6-1.5a/lwip-v6/src/core/pbufnopool.c:820:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, q->payload, q->len);
data/lwipv6-1.5a/lwip-v6/src/core/raw.c:132:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, q->payload, q->len);
data/lwipv6-1.5a/lwip-v6/src/core/raw.c:271:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q->payload,p->payload,p->len);
data/lwipv6-1.5a/lwip-v6/src/core/tcp.c:918:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)cseg, (const char *)seg, sizeof(struct tcp_seg));
data/lwipv6-1.5a/lwip-v6/src/core/tcp_out.c:240:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seg->p->payload, ptr, seglen);
data/lwipv6-1.5a/lwip-v6/src/core/tcp_out.c:307:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seg->dataptr, optdata, optlen);
data/lwipv6-1.5a/lwip-v6/src/core/udp.c:485:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(pcb_remote_ip.addr),&(pcb->remote_ip.addr),sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/core/udp.c:488:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(pcb->remote_ip.addr),&(dst_ip->addr),sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/core/udp.c:493:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(pcb->remote_ip.addr),&(pcb_remote_ip.addr),sizeof(struct ip_addr));
data/lwipv6-1.5a/lwip-v6/src/include/lwip/if.h:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifrn_name[IFNAMSIZ]; /* Interface name, e.g. "en0". */
data/lwipv6-1.5a/lwip-v6/src/include/lwip/if.h:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifru_slave[IFNAMSIZ]; /* Just fits the size */
data/lwipv6-1.5a/lwip-v6/src/include/lwip/if.h:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifru_newname[IFNAMSIZ];
data/lwipv6-1.5a/lwip-v6/src/include/lwip/netif.h:159:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hwaddr[NETIF_MAX_HWADDR_LEN];
data/lwipv6-1.5a/lwip-v6/src/include/lwip/netif.h:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[2];
data/lwipv6-1.5a/lwip-v6/src/include/lwip/sockets.h:72:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s6_addr[16];/* IPv6 address */
data/lwipv6-1.5a/lwip-v6/src/include/lwip/sockets.h:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sin_zero[8];
data/lwipv6-1.5a/lwip-v6/src/include/lwip/sockets.h:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa_data[14];
data/lwipv6-1.5a/lwip-v6/src/include/lwip/sockets.h:329:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fd_bits [(FD_SETSIZE+7)/8];
data/lwipv6-1.5a/lwip-v6/src/include/userfilter/lwip/nat/nat.h:219:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nat_tcp_table[TCP_PORTS_TABLE_SIZE];
data/lwipv6-1.5a/lwip-v6/src/include/userfilter/lwip/nat/nat.h:220:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nat_udp_table[UDP_PORTS_TABLE_SIZE];
data/lwipv6-1.5a/lwip-v6/src/include/userfilter/lwip/nat/nat.h:221:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nat_icmp_table[ICMP_PORTS_TABLE_SIZE];
data/lwipv6-1.5a/lwip-v6/src/netif/etharp.c:1020:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sll.sll_addr,&(eh->src),sizeof(struct eth_addr));
data/lwipv6-1.5a/lwip-v6/src/netif/etharp.c:1059:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&eh->dest,sll->sll_addr,sizeof(struct eth_addr));
data/lwipv6-1.5a/lwip-v6/src/netif/etharp.c:1060:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&eh->src,netif->hwaddr,sizeof(struct eth_addr));
data/lwipv6-1.5a/lwip-v6/src/netif/etharp.c:1093:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ipaddr),&(((struct sockaddr_in6 *)(&arpreq->arp_pa))->sin6_addr),
data/lwipv6-1.5a/lwip-v6/src/netif/etharp.c:1099:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ipaddr.addr[3]),&(((struct sockaddr_in *)(&arpreq->arp_pa))->sin_addr),
data/lwipv6-1.5a/lwip-v6/src/netif/etharp.c:1143:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arpreq->arp_ha.sa_data,&(arp_table[err].ethaddr),sizeof(ethaddr));
data/lwipv6-1.5a/lwip-v6/src/netif/loopif.c:89:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, q->payload, q->len);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[1];
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c:144:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char peer_authname[MAXNAMELEN];
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c:518:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd[256], user[256];
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c:519:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secret[MAXWORDLEN];
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c:629:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secbuf[MAXWORDLEN];
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c:722:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(*cbcp_protent.open)(unit);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c:730:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
&& protp->open != NULL) {
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c:731:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(*protp->open)(unit);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c:826:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(user, "none");
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c:828:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(passwd, "none");
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/chap.c:422:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secret[MAXSECRETLEN];
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/chap.c:423:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rhostname[256];
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/chap.c:516:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rhostname[256];
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/chap.c:518:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secret[MAXSECRETLEN];
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/chap.c:725:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/chap.c:728:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg, "Welcome!");
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/chap.c:730:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg, "I don't like you. Go 'way.");
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/chpms.c:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ZPasswordHash[21];
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ipcp.c:1348:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define get_iphl(x) (((unsigned char *)(x))[0] & 0xF)
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ipcp.c:1350:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define get_ipproto(x) (((unsigned char *)(x))[9])
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ipcp.c:1351:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define get_tcpoff(x) (((unsigned char *)(x))[12] >> 4)
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ipcp.c:1352:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define get_tcpflags(x) (((unsigned char *)(x))[13])
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char traceBuf[80];
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1238:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&traceBuf[traceNdx], " MRU %d", cishort);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1271:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&traceBuf[traceNdx], " ASYNCMAP=%lX", cilong);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1323:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&traceBuf[traceNdx], " PAP (%X)", cishort);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1361:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&traceBuf[traceNdx], " CHAP %X,%d", cishort, cichar);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1393:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&traceBuf[traceNdx], " QUALITY (%x %x)", cishort, (unsigned int) cilong);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1425:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&traceBuf[traceNdx], " MAGICNUMBER (%lX)", cilong);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1448:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&traceBuf[traceNdx], " PCOMPRESSION");
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1461:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&traceBuf[traceNdx], " ACCOMPRESSION");
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1474:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&traceBuf[traceNdx], " CI_MRRU");
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1482:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&traceBuf[traceNdx], " CI_SSNHF");
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1490:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&traceBuf[traceNdx], " CI_EPDISC");
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1498:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&traceBuf[traceNdx], " unknown %d", citype);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/md5.c:54:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char PADDING[64] = {
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/md5.c:202:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, mdContext->digest, 16);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/md5.h:47:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[64]; /* input buffer */
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/md5.h:48:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16]; /* actual digest after MD5Final call */
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.c:843:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pppControl[unit].outACCM, accm, sizeof(ext_accm));
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.c:1076:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pc->addrs.our_ipaddr, &o, sizeof(o));
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.c:1077:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pc->addrs.his_ipaddr, &h, sizeof(h));
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.c:1078:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pc->addrs.netmask, &m, sizeof(m));
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.c:1079:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pc->addrs.dns1, &ns1, sizeof(ns1));
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.c:1080:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pc->addrs.dns2, &ns2, sizeof(ns2));
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.c:1270:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pl, b->payload, b->len);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.c:1381:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nb->payload, &protocol, sizeof(protocol));
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.h:209:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define BCOPY(s, d, l) memcpy((d), (s), (l))
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.h:273:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void (*open) (int unit);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.h:318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[MAXNAMELEN + 1];/* Username for PAP */
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.h:319:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd[MAXSECRETLEN + 1]; /* Password for PAP, secret for CHAP */
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.h:320:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char our_name[MAXNAMELEN + 1]; /* Our name for authentication purposes */
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.h:321:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_name[MAXNAMELEN + 1]; /* Peer's name for authentication */
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/randm.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char randPool[RANDPOOLSZ]; /* Pool of randomness. */
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/randm.c:130:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, tmp, n);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/vj.c:428:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
|| (hlen += getth_off(*((struct tcphdr *)&((char *)ip)[hlen])) << 2)
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/vj.c:593:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q->payload, bufptr, q->len);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/vj.c:619:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n0->payload, &cs->cs_ip, cs->cs_hlen);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/vj.h:110:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char csu_hdr[MAX_HDR];
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:57:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char l[ASCIILINESZ+1];
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:73:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char l[ASCIILINESZ+1];
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:97:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char l[ASCIILINESZ+1];
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:115:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char l[ASCIILINESZ+1];
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:306:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tokens[31];
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:330:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pref_tok[3];
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opt_tok[3];
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:478:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lin[ASCIILINESZ+1];
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:479:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sec[ASCIILINESZ+1];
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:480:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[ASCIILINESZ+1];
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:481:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[ASCIILINESZ+1];
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:552:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((filein=fopen(path, "r"))==NULL) {
data/lwipv6-1.5a/lwip-v6/src/userfilter/nat/nat.c:639:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pcb->tuple[CONN_DIR_ORIGINAL], tuple, sizeof (struct ip_tuple));
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/tapif.c:156:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1);
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/tapif.c:251:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(tapif->fd, buf, sizeof(buf));
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/tunif.c:123:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1);
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/tunif.c:193:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(tunif->fd, buf, sizeof(buf));
data/lwipv6-1.5a/lwip-contrib/ports/unix/netif/vdeif.c:472:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len=read(fddata->fd,buf,1514);
data/lwipv6-1.5a/lwip-contrib/ports/unix/sys_arch_pipe.c:189:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n=read(mbox->pipe[0],msg,sizeof(void *));
data/lwipv6-1.5a/lwip-contrib/ports/unix/sys_arch_pipe.c:191:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n=read(mbox->pipe[0],&fdn,sizeof(void *));
data/lwipv6-1.5a/lwip-v6/src/core/dhcp.c:605:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dhcp->boot_file_name = mem_malloc(strlen(dhcp->msg_in->file) + 1);
data/lwipv6-1.5a/lwip-v6/src/core/ipv6/ip6_route.c:75:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += strlen(str);
data/lwipv6-1.5a/lwip-v6/src/core/lwslirp.c:500:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(slirp_fd, buf, n);
data/lwipv6-1.5a/lwip-v6/src/core/lwslirp.c:533:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(slirp_fd, buf, n);
data/lwipv6-1.5a/lwip-v6/src/core/lwslirp.c:1230:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(struct slirp_listen) - sizeof(struct ip_addr) + strlen(src) + 1 : \
data/lwipv6-1.5a/lwip-v6/src/core/lwslirp.c:1373:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src) + 1 > sizeof(srcsockaddr.sun_path)) {
data/lwipv6-1.5a/lwip-v6/src/core/netif.c:187:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = read(stack->netif_pipe[0],
data/lwipv6-1.5a/lwip-v6/src/include/lwip/sockets.h:511:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read(a,b,c) lwip_read(a,b,c)
data/lwipv6-1.5a/lwip-v6/src/netif/ethernetif.c:178:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read data into(q->payload, q->len);
data/lwipv6-1.5a/lwip-v6/src/netif/ethernetif.c:180:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
acknowledge that packet has been read();
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c:537:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*msglen = strlen(*msg);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c:557:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*msglen = strlen(*msg);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c:617:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ppp_settings.passwd);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/auth.c:641:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(secbuf);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/chap.c:459:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rhostname, ppp_settings.remote_name, sizeof(rhostname));
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/chap.c:693:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(cstate->chal_name);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/chap.c:731:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msglen = strlen(msg);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/chap.c:787:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(cstate->resp_name);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/fsm.c:256:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f->term_reason_len = (reason == NULL? 0: strlen(reason));
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1239:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
traceNdx = strlen(traceBuf);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1272:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
traceNdx = strlen(traceBuf);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1324:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
traceNdx = strlen(traceBuf);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1362:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
traceNdx = strlen(traceBuf);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1394:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
traceNdx = strlen(traceBuf);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1426:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
traceNdx = strlen(traceBuf);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1449:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
traceNdx = strlen(traceBuf);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1462:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
traceNdx = strlen(traceBuf);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1475:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
traceNdx = strlen(traceBuf);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1483:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
traceNdx = strlen(traceBuf);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1491:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
traceNdx = strlen(traceBuf);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/lcp.c:1499:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
traceNdx = strlen(traceBuf);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/pap.c:124:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u->us_userlen = strlen(luser);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/pap.c:126:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u->us_passwdlen = strlen(lpassword);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.c:365:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ppp_settings.user, user, sizeof(ppp_settings.user)-1);
data/lwipv6-1.5a/lwip-v6/src/netif/ppp/ppp.c:371:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ppp_settings.passwd, passwd, sizeof(ppp_settings.passwd)-1);
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:103:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last = l + strlen(l);
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:124:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last = l + strlen(l);
data/lwipv6-1.5a/lwip-v6/src/radv/radvconf.c:146:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last = str + strlen(str);
ANALYSIS SUMMARY:
Hits = 283
Lines analyzed = 60095 in approximately 1.65 seconds (36363 lines/second)
Physical Source Lines of Code (SLOC) = 36520
Hits@level = [0] 121 [1] 45 [2] 219 [3] 4 [4] 15 [5] 0
Hits@level+ = [0+] 404 [1+] 283 [2+] 238 [3+] 19 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 11.0624 [1+] 7.74918 [2+] 6.51698 [3+] 0.520263 [4+] 0.410734 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.