Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/openbsc-1.3.2+dfsg1/openbsc/contrib/nat/test_regexp.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/contrib/testconv/testconv_main.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/compat_af_isdn.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/mISDNif.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/abis_nm.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/abis_om2000.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/abis_rsl.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/acc_ramp.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/arfcn_range_encode.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/auth.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/bsc_api.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/bsc_msc.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/bsc_msc_data.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/bsc_msg_filter.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/bsc_nat.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/bsc_nat_callstats.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/bsc_nat_sccp.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/bsc_rll.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/bsc_subscriber.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/bss.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/bts_ipaccess_nanobts_omlattr.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/chan_alloc.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/common_bsc.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/common_cs.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/ctrl.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/db.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/debug.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/e1_config.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_04_08.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_04_11.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_04_14.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_04_80.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_subscriber.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsup_client.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/handover.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/handover_decision.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/ipaccess.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/meas_feed.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/meas_rep.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/mgcp.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/mgcp_internal.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/mgcp_transcode.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/misdn.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/mncc.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/mncc_int.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/nat_rewrite_trie.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/network_listen.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/oap_client.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/openbscdefines.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/osmo_bsc.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/osmo_bsc_grace.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/osmo_bsc_rf.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/osmo_msc.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/osmux.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/paging.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/pcu_if.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/pcuif_proto.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/rest_octets.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/rrlp.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/rs232.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/rtp_proxy.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/silent_call.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/smpp.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/sms_queue.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/socket.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/system_information.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/token_auth.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/transaction.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/trau_mux.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/trau_upqueue.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/ussd.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/vty.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/signal.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_data.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_data_shared.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm_ipaccess.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm_vty.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_rsl.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/acc_ramp.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/arfcn_range_encode.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_api.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_ctrl_commands.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_ctrl_lookup.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_dyn_ts.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_init.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_msc.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_rf_ctrl.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_rll.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_ericsson_rbs2000.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_init.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_ipaccess_nanobts.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_ipaccess_nanobts_omlattr.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_nokia_site.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_siemens_bs11.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_sysmobts.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_unknown.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/chan_alloc.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/e1_config.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/gsm_04_08_utils.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/gsm_04_80_utils.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/handover_decision.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/handover_logic.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/meas_proc.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/meas_rep.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/net_init.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/paging.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/rest_octets.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/system_information.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/pcu_sock.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_subscriber.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon-cs/common_cs.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon-cs/common_cs_vty.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon/bsc_version.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon/common_vty.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon/debug.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon/gsm_data.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon/gsm_data_shared.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon/gsm_subscriber_base.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon/gsup_client.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon/gsup_test_client.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon/oap_client.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon/socket.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon/talloc_ctx.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libfilter/bsc_msg_acc.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libfilter/bsc_msg_filter.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libfilter/bsc_msg_vty.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/g711common.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_network.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_osmux.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_protocol.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_sdp.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_transcode.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/auth.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/ctrl_commands.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_11.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_14.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_80.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_subscriber.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/meas_feed.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/meas_feed.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/mncc.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/mncc_builtin.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/mncc_sock.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/osmo_msc.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/rrlp.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/silent_call.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_openbsc.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_smsc.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_smsc.h
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_utils.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_vty.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/sms_queue.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/token_auth.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/transaction.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/ussd.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/vty_interface_layer3.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/rtp_proxy.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/trau_mux.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/trau_upqueue.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_api.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_audio.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_bssap.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_ctrl.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_filter.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_grace.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_main.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_msc.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_sccp.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_mgcp/mgcp_main.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_filter.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_ctrl.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_filter.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite_trie.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_sccp.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_ussd.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-nitb/bsc_hack.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/utils/isdnsync.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/src/utils/smpp_mirror.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/tests/abis/abis_test.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/tests/bsc-nat-trie/bsc_nat_trie_test.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/tests/bsc-nat/bsc_data.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/tests/bsc-nat/bsc_nat_test.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/tests/bsc/bsc_test.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/tests/channel/channel_test.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/tests/db/db_test.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/tests/gsm0408/gsm0408_test.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_test.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/tests/mm_auth/mm_auth_test.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/tests/nanobts_omlattr/nanobts_omlattr_test.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/tests/smpp/smpp_test.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/tests/subscr/bsc_subscr_test.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/tests/subscr/subscr_test.c
Examining data/openbsc-1.3.2+dfsg1/openbsc/tests/trau/trau_test.c
FINAL RESULTS:
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1191:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)sw->file_id, file_id);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1193:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)sw->file_version, file_version);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000.c:2491:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "Fault Report: %s (",
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:1444:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(subscriber->extension, "%"PRIu64, try);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_smsc.c:145:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(acl->system_id, sys_id);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_vty.c:159:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(smsc->system_id, argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_vty.c:264:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(acl->passwd, argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/token_auth.c:45:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(sms_str, len, TOKEN_SMS_TEXT, subscr->imsi, token,
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:891:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
ret = sscanf(tok, "%*s %s", buf);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:903:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
slen = sprintf((char *) output->l3h, "%s %s %x@mgw MGCP 1.0%s%s",
data/openbsc-1.3.2+dfsg1/openbsc/tests/db/db_test.c:178:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(scratch_str, sizeof(scratch_str), "%"PRIu32, alice->tmsi);
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_test.c:429:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
int len = sprintf((char *)msg->data, "%s", str);
data/openbsc-1.3.2+dfsg1/openbsc/tests/mm_auth/mm_auth_test.c:21:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
l = snprintf(pos, len, FMT, ## args); \
data/openbsc-1.3.2+dfsg1/openbsc/tests/subscr/bsc_subscr_test.c:36:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(#val " == " fmt "\n", (val)); \
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_osmux.c:493:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(random() % rtp_ssrc_winlen));
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/rtp_proxy.c:218:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rs->transmit.sequence = random();
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/rtp_proxy.c:219:28: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rs->transmit.timestamp = random();
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_main.c:111:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hd:DsTVc:e:r:t",
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_main.c:230:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_mgcp/mgcp_main.c:105:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hc:sVD", long_options, &option_index);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_mgcp/mgcp_main.c:296:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat.c:1496:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hd:sTVPc:m:l:D",
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat.c:1667:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-nitb/bsc_hack.c:136:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hd:Dsl:ar:p:TPVc:e:mCr:M:",
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-nitb/bsc_hack.c:350:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c:811:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hp:s:S:td:Dw:fra:",
data/openbsc-1.3.2+dfsg1/openbsc/tests/gsm0408/gsm0408_test.c:450:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(1);
data/openbsc-1.3.2+dfsg1/openbsc/tests/gsm0408/gsm0408_test.c:462:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
min_freq = random() % (1023 - range);
data/openbsc-1.3.2+dfsg1/openbsc/tests/gsm0408/gsm0408_test.c:465:28: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int arfcn = min_freq + random() % (range + 1);
data/openbsc-1.3.2+dfsg1/openbsc/tests/trau/trau_test.c:75:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(42);
data/openbsc-1.3.2+dfsg1/openbsc/tests/trau/trau_test.c:77:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
data[i] = random();
data/openbsc-1.3.2+dfsg1/openbsc/contrib/testconv/testconv_main.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096] = {0x80, 0};
data/openbsc-1.3.2+dfsg1/openbsc/contrib/testconv/testconv_main.c:72:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
out_samples = atoi(argv[3]);
data/openbsc-1.3.2+dfsg1/openbsc/include/mISDNif.h:292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MISDN_MAX_IDLEN];
data/openbsc-1.3.2+dfsg1/openbsc/include/mISDNif.h:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MISDN_MAX_IDLEN];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/bsc_nat.h:395:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bsc_mgcp_parse_response(const char *str, int *code, char transaction[60]);
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/bsc_nat.h:395:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bsc_mgcp_parse_response(const char *str, int *code, char transaction[60]);
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/bsc_nat_sccp.h:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ussd_ti[8];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/bsc_subscriber.h:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[GSM23003_IMSI_MAX_DIGITS+1];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_data.h:457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[21+1];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_data.h:475:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_id[16];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_data.h:490:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[SMS_TEXT_SIZE];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_data_shared.h:709:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[MAX_VERSION_LENGTH];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_data_shared.h:710:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub_model[MAX_VERSION_LENGTH];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_data_shared.h:717:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcu_version[MAX_VERSION_LENGTH];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_subscriber.h:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imei[GSM23003_IMEISV_NUM_DIGITS+1];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_subscriber.h:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GSM_NAME_LENGTH];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_subscriber.h:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[GSM23003_IMSI_MAX_DIGITS+1];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_subscriber.h:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GSM_NAME_LENGTH];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/gsm_subscriber.h:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extension[GSM_EXTENSION_LENGTH];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/ipaccess.h:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[GSM23003_IMSI_MAX_DIGITS+1];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/meas_feed.h:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[15+1];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/meas_feed.h:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[31+1];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/meas_feed.h:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scenario[31+1];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/mncc.h:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[16];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/mncc.h:166:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[0];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/nat_rewrite_trie.h:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[14];
data/openbsc-1.3.2+dfsg1/openbsc/include/openbsc/nat_rewrite_trie.h:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rewrite[6];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:570:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (!handle_attr(bts, str2btsattr((const char *)sw_descr[i].file_id),
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:992:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char next_seg_buf[256];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1018:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seg_buf[256];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char more_magic[4];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_id[12+1];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_version[80+1];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1173:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sw->fd = open(fname, O_RDONLY);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1206:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)sw->file_id, "id");
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1208:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)sw->file_version, "version");
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1624:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, attr, attr_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1642:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, attr, attr_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1893:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, attr, att_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1910:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, rawmsg, len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2080:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, attr, attr_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2338:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char swl_fname[PATH_MAX];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2348:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[PATH_MAX];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2366:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[255];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2371:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
swl = fopen(bs11_sw->swl_fname, "r");
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2382:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_id[12+1];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2383:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_version[80+1];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2385:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dir[PATH_MAX];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2709:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, ipaccess_magic, sizeof(ipaccess_magic));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2721:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, attr, attr_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2793:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&_buf->rac, &ci, sizeof(ci));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm_vty.c:95:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm_vty.c:109:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->obj_inst[0] = atoi(argv[2]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm_vty.c:110:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->obj_inst[1] = atoi(argv[3]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm_vty.c:111:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->obj_inst[2] = atoi(argv[4]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm_vty.c:129:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm_vty.c:142:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->obj_class = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm_vty.c:143:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->obj_inst[0] = atoi(argv[2]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm_vty.c:144:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->obj_inst[1] = atoi(argv[3]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm_vty.c:145:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->obj_inst[2] = atoi(argv[4]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000.c:788:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mo_buf[64];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000.c:1833:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idbuf[64];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000.c:2096:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idbuf[32];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000.c:2311:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idbuf[16];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000.c:2384:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iwd_v->gen_char, cur, 3);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000.c:2386:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iwd_v->rev_char, cur, 3);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000.c:2407:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_cur, last_v->gen_char, 3);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000.c:2409:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_cur, last_v->rev_char, 3);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000.c:2482:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[255];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000.c:2499:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string + strlen(string), "%d", k + i*8);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000.c:2505:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string + strlen(string), ")\n");
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:92:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:112:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->mo.bts = atoi(argv[2]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:113:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->mo.assoc_so = atoi(argv[3]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:114:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->mo.inst = atoi(argv[4]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:132:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:145:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->mo.class = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:146:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->mo.bts = atoi(argv[2]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:147:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->mo.assoc_so = atoi(argv[3]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:148:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->mo.inst = atoi(argv[4]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:232:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int oper = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:324:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t cgid = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:352:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t cgid = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:381:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t ccp = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:382:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t ci = atoi(argv[2]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:383:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t tei = atoi(argv[3]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:403:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t ccp = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:404:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t ci = atoi(argv[2]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:405:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t tag = atoi(argv[3]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:450:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t icp1 = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:451:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t icp2 = atoi(argv[2]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000_vty.c:452:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t ci = atoi(argv[3]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_rsl.c:186:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_rsl.c:197:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, lchan->encr.key, lchan->encr.key_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_rsl.c:1905:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lchan->rqd_ref, rqd_ref, sizeof(*rqd_ref));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_rsl.c:1952:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ia->mob_alloc, lchan->ts->hopping.ma_data, ia->mob_alloc_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_api.c:734:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->lchan->encr.key, key, len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_ctrl_commands.c:403:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int locked = atoi(cmd->value);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_ctrl_commands.c:406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char now_buf[64];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_ctrl_commands.c:439:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int locked = atoi(cmd->value);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_ctrl_commands.c:461:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tmp = atoi(value);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_ctrl_commands.c:484:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trx->max_power_red = atoi(cmd->value);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_rf_ctrl.c:307:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_subscriber.c:116:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:364:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:384:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e1_link->e1_nr = atoi(line);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:385:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e1_link->e1_ts = atoi(ts);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:389:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e1_link->e1_ts_ss = atoi(ss);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:937:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:946:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trx_nr = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1008:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1017:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trx_nr = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1026:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ts_nr = atoi(argv[2]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1309:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1321:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trx_nr = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1333:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ts_nr = atoi(argv[2]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1345:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lchan_nr = atoi(argv[3]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1417:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1445:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1474:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->neci = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1487:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int enable = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1514:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->handover.win_rxlev_avg = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1525:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->handover.win_rxqual_avg = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1536:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->handover.win_rxlev_avg_neigh = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1547:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->handover.pwr_interval = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1558:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->handover.pwr_hysteresis = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1569:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->handover.max_distance = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1582:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->pag_any_tch = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1606:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(argv[0]); \
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1643:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1767:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ci = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1785:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int lac = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1821:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bsic = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1842:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int site_id = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1843:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_id = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1893:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->nokia.skip_reset = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1913:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->nokia.no_loc_rel_cnf = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1933:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->nokia.bts_reset_timer_cnf = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1948:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int stream_id = atoi(argv[0]), linenr = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1948:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int stream_id = atoi(argv[0]), linenr = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1997:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->oml_tei = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2029:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.rach_control.tx_integer = atoi(argv[0]) & 0xf;
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2045:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.rach_control.max_trans = rach_max_trans_val2raw(atoi(argv[0]));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2060:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.chan_desc.att = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2072:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bs_pa_mfrms = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2086:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bs_ag_blks_res = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2103:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->rach_b_thresh = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2116:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->rach_ldavg_slots = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2130:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.rach_control.cell_bar = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2146:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(argv[0]) == 0)
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2184:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
control_class = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2208:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->ms_max_power = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2223:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.cell_sel_par.cell_resel_hyst = atoi(argv[0])/2;
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2237:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.cell_sel_par.rxlev_acc_min = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2250:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.cell_ro_sel_par.cbq = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2265:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.cell_ro_sel_par.cell_resel_off = atoi(argv[0])/2;
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2279:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.cell_ro_sel_par.temp_offs = atoi(argv[0])/10;
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2307:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.cell_ro_sel_par.penalty_time = (atoi(argv[0])-20)/20;
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2337:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.chan_desc.t3212 = atoi(argv[0]) / 6;
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2363:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsm_bts_set_radio_link_timeout(bts, atoi(argv[0]));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2402:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->gprs.cell.bvci = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2420:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->gprs.nse.nsei = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2435:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int idx = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2442:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->gprs.nsvc[idx].nsvci = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2456:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int idx = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2463:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->gprs.nsvc[idx].local_port = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2477:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int idx = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2484:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->gprs.nsvc[idx].remote_port = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2497:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int idx = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2519:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->paging.free_chans_need = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2531:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2568:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2597:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->gprs.rac = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2651:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->gprs.net_ctrl_ord = atoi(argv[0] + 2);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2687:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->gprs.supports_egprs_11bit_rach = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2856:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t arfcn = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2887:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t arfcn = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2888:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t thresh_hi = atoi(argv[1]), thresh_lo = atoi(argv[2]),
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2888:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t thresh_hi = atoi(argv[1]), thresh_lo = atoi(argv[2]),
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2889:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prio = atoi(argv[3]), qrx = atoi(argv[4]), meas = atoi(argv[5]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2889:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prio = atoi(argv[3]), qrx = atoi(argv[4]), meas = atoi(argv[5]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2889:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prio = atoi(argv[3]), qrx = atoi(argv[4]), meas = atoi(argv[5]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2936:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t arfcn = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2955:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t arfcn = atoi(argv[0]), scramble = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2955:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t arfcn = atoi(argv[0]), scramble = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2957:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch(bts_uarfcn_add(bts, arfcn, scramble, atoi(argv[2]))) {
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2984:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (bts_uarfcn_del(bts, atoi(argv[0]), atoi(argv[1])) < 0) {
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:2984:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (bts_uarfcn_del(bts, atoi(argv[0]), atoi(argv[1])) < 0) {
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3002:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t arfcn = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3089:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
error = acc_ramp_set_step_interval(&bts->acc_ramp, atoi(argv[0]));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3112:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
error = acc_ramp_set_step_size(&bts->acc_ramp, atoi(argv[0]));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3241:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int dep = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3273:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int dep = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3296:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mr->gsm48_ie[1] |= 1 << atoi(argv[i]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3309:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
modes[i].threshold = atoi(argv[i + 1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3321:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
modes[i].hysteresis = atoi(argv[i + 1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3342:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (num < atoi(argv[0]))
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3345:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mr_conf->smod = atoi(argv[0]) - 1;
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3564:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int trx_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3594:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int arfcn = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3617:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trx->nominal_power = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3628:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int maxpwr_r = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3684:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trx->rsl_tei = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3696:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int locked = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3710:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ts_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3780:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ts->tsc = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3794:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int enabled = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3816:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ts->hopping.hsn = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3830:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ts->hopping.maio = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3842:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int arfcn = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3856:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int arfcn = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3921:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:3968:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:4006:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:4033:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:4034:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int last_block = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:4078:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_nr = atoi(bts_str);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:4079:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int trx_nr = atoi(trx_str);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:4080:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ts_nr = atoi(ts_str);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:4198:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ss_nr = atoi(argv[3]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:4242:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
amr_mode = atoi(argv[6]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:4264:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ss_nr = atoi(argv[3]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:4265:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int port = atoi(argv[5]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:4296:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ctrl_cmd_send_trap(net->ctrl, argv[0], (char *) argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_ipaccess_nanobts_omlattr.c:29:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &val, sizeof(val));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_ipaccess_nanobts_omlattr.c:34:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &val, sizeof(val));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_ipaccess_nanobts_omlattr.c:44:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "\x55\x5b\x61\x67\x6d\x73", 6);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_ipaccess_nanobts_omlattr.c:62:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "\x1e\x24\x24\xa8\x34\x21\xa8", 7);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_ipaccess_nanobts_omlattr.c:68:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "\x00\x01\x0a", 3);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_ipaccess_nanobts_omlattr.c:123:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, bts->gprs.nse.timer, ARRAY_SIZE(bts->gprs.nse.timer));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_ipaccess_nanobts_omlattr.c:140:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, bts->gprs.cell.timer, ARRAY_SIZE(bts->gprs.cell.timer));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_nokia_site.c:701:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fu_config, fu_config_template, sizeof(fu_config_template));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_nokia_site.c:996:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fu_config, bts_config_insite, sizeof(bts_config_insite));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_nokia_site.c:1004:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fu_config + len, bts_config_1, sizeof(bts_config_1));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_nokia_site.c:1013:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fu_config + len, bts_config_2, sizeof(bts_config_2));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_nokia_site.c:1021:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fu_config + len, bts_config_3, sizeof(bts_config_3));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_nokia_site.c:1026:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fu_config + len, bts_config_4, sizeof(bts_config_4));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_nokia_site.c:1071:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(noh->data, data, len_data);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_nokia_site.c:1193:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(noh->data, data, len_to_send);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_nokia_site.c:1208:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oh->data, data, len_to_send);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_nokia_site.c:1232:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oh->data, data, len_to_send);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_nokia_site.c:1368:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char indent[100] = ""; /* TODO: move static to BTS context */
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_nokia_site.c:1401:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(indent, " ");
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/gsm_04_08_utils.c:161:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(network->ctype_by_chreq, ctype_by_chreq, sizeof(ctype_by_chreq));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/gsm_04_08_utils.c:406:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lv + 1, mr->gsm48_ie, 2);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/gsm_04_08_utils.c:456:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, si1->cell_channel_description,
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/handover_logic.c:136:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_lchan->mr_ms_lv, &old_lchan->mr_ms_lv, ARRAY_SIZE(new_lchan->mr_ms_lv));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/handover_logic.c:137:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_lchan->mr_bts_lv, &old_lchan->mr_bts_lv, ARRAY_SIZE(new_lchan->mr_bts_lv));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/pcu_sock.c:163:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info_ind->nse_timer, bts->gprs.nse.timer, 7);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/pcu_sock.c:164:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info_ind->cell_timer, bts->gprs.cell.timer, 11);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/pcu_sock.c:364:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi_digit_buf[4];
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/pcu_sock.c:394:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l3h, data_req->data, data_req->len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/pcu_sock.c:417:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l3h, data_req->data + 4, data_req->len - 4);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/system_information.c:1182:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&si_info.selection_params,
data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon-cs/common_cs_vty.c:165:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->reject_cause = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon-cs/common_cs_vty.c:180:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->a5_encryption = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon-cs/common_cs_vty.c:209:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->send_mm_info = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon-cs/common_cs_vty.c:222:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->dyn_ts_allow_tch_f = atoi(argv[0]) ? true : false;
data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon-cs/common_cs_vty.c:233:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->subscr_group->keep_subscr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon-cs/common_cs_vty.c:249:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tzhr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon-cs/common_cs_vty.c:250:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tzmn = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon-cs/common_cs_vty.c:273:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tzhr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon-cs/common_cs_vty.c:274:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tzmn = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon-cs/common_cs_vty.c:275:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tzdst = atoi(argv[2]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon/gsm_data_shared.c:431:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ts2str[255];
data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon/gsup_test_client.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[17];
data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon/gsup_test_client.c:286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi_buf[17];
data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon/oap_client.c:123:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tx_xres, vec.res, 8);
data/openbsc-1.3.2+dfsg1/openbsc/src/libfilter/bsc_msg_filter.c:114:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entry->cm_reject_cause = atoi(cfg_entry->mnc);
data/openbsc-1.3.2+dfsg1/openbsc/src/libfilter/bsc_msg_filter.c:115:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entry->lu_reject_cause = atoi(cfg_entry->option);
data/openbsc-1.3.2+dfsg1/openbsc/src/libfilter/bsc_msg_filter.c:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/openbsc-1.3.2+dfsg1/openbsc/src/libfilter/bsc_msg_filter.c:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/openbsc-1.3.2+dfsg1/openbsc/src/libfilter/bsc_msg_filter.c:276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/openbsc-1.3.2+dfsg1/openbsc/src/libfilter/bsc_msg_filter.c:303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/openbsc-1.3.2+dfsg1/openbsc/src/libfilter/bsc_msg_vty.c:125:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entry->cm_reject_cause = atoi(argv[2]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libfilter/bsc_msg_vty.c:127:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entry->lu_reject_cause = atoi(argv[3]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_network.c:88:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out.sin_addr, addr, sizeof(*addr));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_network.c:602:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data, buf, len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_network.c:704:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[RTP_BUF_SIZE];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_network.c:800:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[RTP_BUF_SIZE];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_network.c:867:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[RTP_BUF_SIZE];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_osmux.c:49:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out.sin_addr, &handle->rem_addr, sizeof(handle->rem_addr));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_osmux.c:163:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data, buf, rc);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_osmux.c:302:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(osmux_cid, &msg->data[1], sizeof(*osmux_cid));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_osmux.c:546:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1 + sizeof(uint8_t)];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_osmux.c:550:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[1], &endp->osmux.cid, sizeof(endp->osmux.cid));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_protocol.c:135:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l2h, endp->last_response, msgb_l2len(msg));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_protocol.c:272:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdp_record[4096];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_protocol.c:275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osmux_extension[strlen("\nX-Osmux: 255") + 1];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_protocol.c:281:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(osmux_extension, "\nX-Osmux: %u", endp->osmux.cid);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_protocol.c:633:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codec[9];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_protocol.c:1038:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stats[1048];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_protocol.c:1411:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2096];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_protocol.c:1439:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2096];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_protocol.c:1471:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_sdp.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audio_codec[64];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_sdp.c:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audio_codec[64];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_sdp.c:168:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audio_codec[64];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_sdp.c:207:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audio_name[64];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_sdp.c:248:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv4[16];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:312:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int port = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:330:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int port = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:338:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
range->range_start = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:339:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
range->range_end = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:458:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int dscp = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:476:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->bts_force_ptime = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:530:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int payload = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:603:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->trunk.audio_loop = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:613:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->trunk.force_realloc = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:623:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->trunk.number_endpoints = atoi(argv[0]) + 1;
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:706:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mgcp_trunk_set_keepalive(&g_cfg->trunk, atoi(argv[0]));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:781:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->transcoder_remote_base = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:790:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int index = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:876:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int payload = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:914:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trunk->audio_loop = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:1049:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mgcp_trunk_set_keepalive(trunk, atoi(argv[0]));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:1105:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trunk = find_trunk(g_cfg, atoi(argv[0]));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:1108:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[0]), VTY_NEWLINE);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:1127:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int loop = atoi(argv[2]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:1157:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trunk = find_trunk(g_cfg, atoi(argv[0]));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:1160:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[0]), VTY_NEWLINE);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:1195:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tap->forward.sin_port = htons(atoi(argv[4]));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:1208:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trunk = find_trunk(g_cfg, atoi(argv[0]));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:1211:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[0]), VTY_NEWLINE);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:1242:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trunk = find_trunk(g_cfg, atoi(argv[0]));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:1245:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[0]), VTY_NEWLINE);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:1325:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->osmux_batch = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:1334:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->osmux_batch_size = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:1343:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->osmux_port = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:1384:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->bts_jitter_delay_min = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:1403:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->bts_jitter_delay_max = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:270:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sms->user_data, user_data, sms->user_data_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:416:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sms->user_data, user_data, sms->user_data_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:558:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
db_rev = atoi(rev_s);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:747:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cm1 = atoi(string) & 0xff;
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:756:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(equip->classmark2, cm2, equip->classmark2_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:763:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(equip->classmark3, cm3, equip->classmark3_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:792:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ainfo->a3a8_ki, a3a8_ki, ainfo->a3a8_ki_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:883:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(atuple->vec.rand, blob, len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:890:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(atuple->vec.sres, blob, len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:897:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(atuple->vec.kc, blob, len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:1081:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:1085:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%llu", subscr->id);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:1111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmsi[14];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:1123:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmsi, "%u", subscriber->tmsi);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:1375:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmsi[14];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:1387:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmsi, "%u", subscriber->tmsi);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:1504:65: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int db_subscriber_assoc_imei(struct gsm_subscriber *subscriber, char imei[GSM23003_IMEISV_NUM_DIGITS])
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/db.c:1678:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sms->user_data, user_data, sms->user_data_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:229:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&op->atuple, &atuple, sizeof(struct gsm_auth_tuple));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:516:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mid, mi, len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:561:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:633:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:925:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ar->rand, rand, 16);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:1003:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:1071:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subscr->equipment.classmark2, classmark2, classmark2_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:1088:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:1162:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, ar->sres, sizeof(ar->sres));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:1214:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res + 4, &data[2], ie_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:1452:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:1498:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subscr->equipment.classmark2, classmark2_lv+1, *classmark2_lv);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:1571:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gh->data+2, apdu, apdu_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:1702:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, mncc, sizeof(struct gsm_mncc));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:2722:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&trans->cc.msg, disc, sizeof(struct gsm_mncc));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:2807:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&trans->cc.msg, rel, sizeof(struct gsm_mncc));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:3747:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&trans->cc.msg, data, sizeof(struct gsm_mncc));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_11.c:240:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(smsp, oa, oa_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_11.c:267:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(smsp, sms->user_data, octet_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_11.c:272:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(smsp, sms->user_data, sms->user_data_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_11.c:309:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(smsp, oa, oa_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_11.c:447:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(address_lv, smsp, da_len_bytes);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_11.c:490:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gsms->user_data, smsp, gsms->user_data_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_subscriber.c:243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmsi_string[14];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_subscriber.c:252:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmsi_string, "%u", tmsi);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_subscriber.c:286:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_subscriber.c:287:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%llu", id);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/meas_feed.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scenario[31+1];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/meas_feed.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/osmo_msc.c:93:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subscr->equipment.classmark2, cm2, cm2_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/osmo_msc.c:96:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subscr->equipment.classmark3, cm3, cm3_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_openbsc.c:216:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sms->user_data, sms_msg, sms_msg_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_openbsc.c:255:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)submit_r->message_id, "msg_id_not_implemented");
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_openbsc.c:428:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tlv.value.octet, data, tlv.length);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_openbsc.c:651:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)deliver.service_type, "CMT");
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_openbsc.c:705:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, sms->user_data, udh_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_openbsc.c:713:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(deliver.short_message, sms->user_data, deliver.sm_length);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_smsc.c:369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SMALL_BUFF];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_smsc.c:400:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SMALL_BUFF];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_smsc.c:841:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, lenptr, sizeof(uint32_t));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_smsc.c:930:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&esme->sa, s, esme->sa_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_smsc.h:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[21+1];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_smsc.h:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char system_id[SMPP_SYS_ID_LEN+1];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_smsc.h:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char system_id[SMPP_SYS_ID_LEN+1];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_smsc.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd[SMPP_PASSWD_LEN+1];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_smsc.h:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char system_id[SMPP_SYS_ID_LEN+1];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_vty.c:134:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t port = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_vty.c:145:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t port = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_vty.c:527:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[128], serv[128];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/ussd.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response_string[GSM_EXTENSION_LENGTH + 20];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/vty_interface_layer3.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expire_time[200];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/vty_interface_layer3.c:197:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return subscr_get_by_tmsi(gsmnet->subscr_group, atoi(id));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/vty_interface_layer3.c:199:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return subscr_get_by_id(gsmnet->subscr_group, atoi(id));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/vty_interface_layer3.c:462:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
level = atoi(argv[2]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/vty_interface_layer3.c:647:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
subscr->authorized = atoi(argv[2]);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/vty_interface_layer3.c:754:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts = gsm_bts_num(gsmnet, atoi(argv[2]));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/vty_interface_layer3.c:757:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[2]), VTY_NEWLINE);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/vty_interface_layer3.c:991:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sms_queue_set_max_pending(net->sms_queue, atoi(argv[0]));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/vty_interface_layer3.c:1013:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sms_queue_set_max_failure(net->sms_queue, atoi(argv[0]));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/vty_interface_layer3.c:1115:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rc = meas_feed_cfg_set(argv[0], atoi(argv[1]));
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/rtp_proxy.c:193:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload_out, payload, payload_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/rtp_proxy.c:285:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload, frame->data + 1, payload_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/rtp_proxy.c:287:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload, frame->data, payload_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/rtp_proxy.c:339:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, new_cname, strlen(new_cname));
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/rtp_proxy.c:371:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_cname[255];
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/trau_mux.c:67:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(check_bits + 0 , d_bits + 0, 22);
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/trau_mux.c:68:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(check_bits + 22 , d_bits + 24, 3);
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/trau_mux.c:74:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(check_bits + 0 , d_bits + 42, 10);
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/trau_mux.c:75:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(check_bits + 10 , d_bits + 90, 2);
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/trau_mux.c:80:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(check_bits + 0 , d_bits + 98, 5);
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/trau_mux.c:82:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(check_bits + 6 , d_bits + 143, 2);
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/trau_mux.c:87:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(check_bits + 0 , d_bits + 151, 10);
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/trau_mux.c:88:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(check_bits + 10 , d_bits + 199, 2);
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/trau_mux.c:93:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(check_bits + 0 , d_bits + 207, 5);
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/trau_mux.c:95:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(check_bits + 6 , d_bits + 252, 2);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_api.c:331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _dest_nr[35];
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_api.c:356:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_dest_nr + 2, called.number, sizeof(called.number));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_api.c:358:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_dest_nr, called.number, sizeof(called.number));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_api.c:511:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lchan->mr_bts_lv, lchan->mr_ms_lv, sizeof(lchan->mr_ms_lv));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_bssap.c:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_bssap.c:531:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, msg->l3h + sizeof(*header), length - sizeof(*header));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_ctrl.c:298:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curloc->tstamp = atol(tstamp);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_ctrl.c:345:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tstamp = atol(tstampstr);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_ctrl.c:409:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tz->hr = hourstr ? atol(hourstr) : 0;
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_ctrl.c:410:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tz->mn = minstr ? atol(minstr) : 0;
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_ctrl.c:411:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tz->dst = dststr ? atol(dststr) : 0;
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_ctrl.c:450:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tz_hours = atol(hourstr);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_ctrl.c:451:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tz_mins = atol(minstr);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_ctrl.c:452:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tz_dst = atol(dststr);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_ctrl.c:548:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cic = atoi(cic_str);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_ctrl.c:549:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
alert = atoi(alert_str);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_filter.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_main.c:141:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_set_log_level(osmo_stderr_target, atoi(optarg));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_msc.c:112:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mgcp->data, msg->l2h, mgcp->len);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_msc.c:477:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth.u.umts.opc, data->bsc_key, 16);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_msc.c:478:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth.u.umts.k, data->bsc_key, 16);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c:65:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int index = argc == 1 ? atoi(argv[0]) : 0;
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c:303:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->core_lac = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c:313:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->core_ci = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c:325:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->rtp_base = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c:364:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->audio_support[i]->ver = atoi(argv[i] + 2);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c:411:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dest->port = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c:412:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dest->dscp = atoi(argv[2]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c:426:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int port = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c:427:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int dscp = atoi(argv[2]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c:458:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->ping_timeout = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c:468:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->pong_timeout = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c:725:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->mid_call_timeout = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c:746:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->auto_off_timeout = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c:821:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[50];
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c:862:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:233:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *) TLVP_VAL(&tp, GSM0808_IE_CIRCUIT_IDENTITY_CODE),
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:263:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2096];
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2096];
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:734:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char transaction_id[60];
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:779:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(save, msg->l2h, msgb_l2len(msg) + 1);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:848:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bsc_mgcp_parse_response(const char *str, int *code, char transaction[60])
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:848:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bsc_mgcp_parse_response(const char *str, int *code, char transaction[60])
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:887:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:888:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osmux_extension[strlen("\nX-Osmux: 255") + 1];
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:899:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(osmux_extension, "\nX-Osmux: %u", osmux_cid & 0xff);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:921:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:956:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output->l3h, ip_str, strlen(ip_str));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:958:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output->l3h, ip, strlen(ip));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:981:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output->l3h, buf, strlen(buf));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:988:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output->l3h, token, len);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:1002:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output->l3h, buf, strlen(buf));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:1029:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nat->mgcp_msg, msg->l2h, msgb_l2len(msg));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:1067:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l2h, nat->mgcp_msg, msgb_l2len(msg));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat.c:219:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(id_req, s_id_req, sizeof(s_id_req));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat.c:229:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, mrand, 16);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat.c:423:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data, data, length);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat.c:836:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l2h, reset, msgb_l2len(msg));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat.c:1022:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth.u.umts.opc, conf->key, 16);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat.c:1023:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth.u.umts.k, conf->key, 16);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_ctrl.c:212:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*nr = atoi(nr_str);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char int_number[sizeof(called->number) + 2];
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c:120:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&int_number[1], number, strlen(number) + 1);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c:225:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outptr, hdr48, sizeof(*hdr48));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c:230:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outptr, &hdr48->data[0], sec_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c:244:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outptr, msgptr, sec_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c:359:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, new_addr, new_addr_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c:419:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &data_ptr[2 + 1 + old_dest_len], data_len - 2 - 1 - old_dest_len);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c:430:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_hdr48, old_hdr48, sizeof(*old_hdr48));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c:450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smsc_addr[30];
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c:454:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _dest_nr[30];
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite_trie.c:92:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->rules[pos]->prefix, rule->prefix, sizeof(rule->prefix));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite_trie.c:93:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->rules[pos]->rewrite, rule->rewrite, sizeof(rule->rewrite));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite_trie.c:156:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rule->prefix, line, size_prefix);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite_trie.c:160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rule->rewrite, split, size_end);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite_trie.c:175:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "r");
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c:395:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l3h, data, length);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c:492:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lac, &data[0], sizeof(*lac));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c:493:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ci, &data[2], sizeof(*ci));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:260:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:381:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (by_nr && conf->nr != atoi(id))
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:385:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (by_lac && !bsc_config_handles_lac(conf, atoi(id)))
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:421:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bsc_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:458:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_nat->main_dest->port = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:469:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_nat->auth_timeout = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:480:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_nat->ping_timeout = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:491:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_nat->pong_timeout = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:508:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_nat->bsc_ip_dscp = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:897:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bsc_nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:957:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int lac = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:985:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int lac = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:1047:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
conf->max_endpoints = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:1084:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
conf->paging_group = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:1130:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nr = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:1131:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int endp = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:1164:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int group = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:1183:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int group = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:1201:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int lac = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:1216:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int lac = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:1299:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
conf->bts_jitter_delay_min = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c:1320:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
conf->bts_jitter_delay_max = atoi(argv[0]);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_ussd.c:309:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->l2h, input->l2h, msgb_l2len(input));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_ussd.c:342:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->l2h, input->l2h, msgb_l2len(input));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_ussd.c:351:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state->src_ref, &con->remote_ref, sizeof(con->remote_ref));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_ussd.c:352:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state->dst_ref, &con->real_ref, sizeof(con->real_ref));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_ussd.c:353:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->imsi, con->filter_state.imsi, strlen(con->filter_state.imsi));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-nitb/bsc_hack.c:78:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(file, O_WRONLY|O_TRUNC|O_CREAT, mode);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-nitb/bsc_hack.c:171:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_set_log_level(osmo_stderr_target, atoi(optarg));
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c:134:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, obj_bbsig0_attr, sizeof(obj_bbsig0_attr));
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c:346:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char retbuf[256];
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c:352:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(retbuf, "BS11 ");
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c:355:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(retbuf+strlen(retbuf), "Power Amplifier %d ",
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c:359:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(retbuf+strlen(retbuf), "Line Interface ");
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c:362:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(retbuf+strlen(retbuf), "CCLK ");
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c:367:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(retbuf, "SITE MANAGER ");
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c:370:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(retbuf+strlen(retbuf), "BPORT%u ",
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c:567:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
abis_nm_bs11_set_pll(g_bts, atoi(value));
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c:577:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
abis_nm_bs11_set_pll(g_bts, atoi(value));
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c:834:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delay_ms = atoi(optarg);
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c:837:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
win_size = atoi(optarg);
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/isdnsync.c:91:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2048];
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/isdnsync.c:177:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
card = atoi(argv[1]);
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/smpp_mirror.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char system_id[SMPP_SYS_ID_LEN+1];
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/smpp_mirror.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[SMPP_SYS_ID_LEN+1];
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/smpp_mirror.c:246:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, lenptr, sizeof(uint32_t));
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/smpp_mirror.c:348:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(argv[2]);
data/openbsc-1.3.2+dfsg1/openbsc/tests/bsc-nat/bsc_nat_test.c:242:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data, results[i].data, results[i].length);
data/openbsc-1.3.2+dfsg1/openbsc/tests/bsc-nat/bsc_nat_test.c:266:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l2h, data, msgb_l2len(msg));
data/openbsc-1.3.2+dfsg1/openbsc/tests/bsc-nat/bsc_nat_test.c:659:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char transaction[60];
data/openbsc-1.3.2+dfsg1/openbsc/tests/bsc-nat/bsc_nat_test.c:1514:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l2h, bssmap_cr, ARRAY_SIZE(bssmap_cr));
data/openbsc-1.3.2+dfsg1/openbsc/tests/bsc/bsc_test.c:90:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fprintf(stderr, "get_int(%s) -> %d\n", key, atoi(kv));
data/openbsc-1.3.2+dfsg1/openbsc/tests/bsc/bsc_test.c:95:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return kv ? atoi(kv) : def;
data/openbsc-1.3.2+dfsg1/openbsc/tests/bsc/bsc_test.c:157:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l3h, test_def->data, test_def->length);
data/openbsc-1.3.2+dfsg1/openbsc/tests/db/db_test.c:83:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sms->src.addr, "1234", strlen("1234") + 1);
data/openbsc-1.3.2+dfsg1/openbsc/tests/db/db_test.c:87:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sms->dst.addr, subscr->extension, sizeof(subscr->extension));
data/openbsc-1.3.2+dfsg1/openbsc/tests/db/db_test.c:89:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sms->text, "Text123", strlen("Text123") + 1);
data/openbsc-1.3.2+dfsg1/openbsc/tests/db/db_test.c:90:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sms->user_data, "UserData123", strlen("UserData123") + 1);
data/openbsc-1.3.2+dfsg1/openbsc/tests/db/db_test.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch_str[256];
data/openbsc-1.3.2+dfsg1/openbsc/tests/gsm0408/gsm0408_test.c:294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_parsed[GSM48_MI_SIZE];
data/openbsc-1.3.2+dfsg1/openbsc/tests/gsm0408/gsm0408_test.c:459:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rnd_arfcns_set[1024] = {0};
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_test.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_test.c:460:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (len == 1 && ((const char *)buf)[0] == MGCP_DUMMY_LOAD ) {
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_test.c:919:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096] = {0x80, 0};
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c:240:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, src_pkts, src_pkt_size);
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c:275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c:293:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, audio_packets_pcma[0].data, len);
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c:311:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, audio_packets_pcma[0].data, len);
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c:325:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c:338:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, audio_packets_gsm[0].data, len);
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c:357:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, audio_packets_gsm[0].data, len);
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c:376:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, audio_packets_pcma[1].data, len);
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c:384:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, audio_packets_pcma[2].data, len);
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c:403:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, audio_packets_pcma[1].data, len);
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c:412:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, audio_packets_pcma[2].data, len);
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c:427:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, audio_packets_pcma[2].data, len);
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c:443:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096] = {0x80, 0};
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c:468:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, audio_packets_pcma[0].data, len);
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c:486:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, audio_packets_pcma[1].data, len);
data/openbsc-1.3.2+dfsg1/openbsc/tests/mgcp/mgcp_transcoding_test.c:503:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096] = {0x80, 0};
data/openbsc-1.3.2+dfsg1/openbsc/tests/mm_auth/mm_auth_test.c:15:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/openbsc-1.3.2+dfsg1/openbsc/tests/trau/trau_test.c:66:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[33];
data/openbsc-1.3.2+dfsg1/openbsc/contrib/testconv/testconv_main.c:95:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((cc = read(0, buf + 12, in_size))) {
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1040:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line_buf) + 2;
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1047:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line_buf)+2;
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1051:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(sw->fd, &seg_buf, IPACC_SEGMENT_SIZE);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1127:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(sw->fd, &firmware_header, sizeof(firmware_header));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1185:8: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
rc = fscanf(sw->stream, "@(#)%12s:%80s\r\n",
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1192:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sw->file_id_len = strlen(file_id);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:1194:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sw->file_version_len = strlen(file_version);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2250:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen(name);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2258:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(name), (uint8_t *)name);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2272:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(password) != 10)
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2277:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fill_om_fom_hdr(oh, 2+strlen(password), NM_MT_BS11_SET_ATTR,
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2387:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(linebuf) < 4)
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2390:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
rc = sscanf(linebuf+4, "%12s:%80s\r\n", file_id, file_version);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2407:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fle->fname, dirname(dir), sizeof(fle->fname) - 1);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2408:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fle->fname, "/");
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2409:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fle->fname, file_id, sizeof(fle->fname) - 1 -strlen(fle->fname));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_nm.c:2409:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fle->fname, file_id, sizeof(fle->fname) - 1 -strlen(fle->fname));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000.c:2498:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(string + strlen(string), ",");
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000.c:2498:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(string + strlen(string), ",");
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000.c:2499:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(string + strlen(string), "%d", k + i*8);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_om2000.c:2505:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(string + strlen(string), ")\n");
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/abis_rsl.c:1044:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, len = strlen(str_in);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_ctrl_commands.c:52:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(value);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_msc.c:307:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msgb_put_u8(msg, strlen(token) + 2);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_msc.c:308:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msgb_tv_fixed_put(msg, IPAC_IDTAG_UNITNAME, strlen(token) + 1, (uint8_t *) token);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_msc.c:315:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msgb_l16tv_put(msg, strlen(token) + 1,
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_rf_ctrl.c:310:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd->fd, buf, sizeof(buf));
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_rf_ctrl.c:459:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
local.sun_len = strlen(local.sun_path);
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_rf_ctrl.c:464:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(local.sun_path) +
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1074:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(subscr->name))
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1076:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(subscr->extension))
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bsc_vty.c:1089:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bsub->imsi))
data/openbsc-1.3.2+dfsg1/openbsc/src/libbsc/bts_nokia_site.c:1400:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int indent_len = strlen(indent);
data/openbsc-1.3.2+dfsg1/openbsc/src/libcommon/gsm_subscriber_base.c:50:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(subscr->name))
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_protocol.c:71:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t line_len = strlen(line);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_protocol.c:134:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg->l2h = msgb_put(msg, strlen(endp->last_response));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_protocol.c:275:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char osmux_extension[strlen("\nX-Osmux: 255") + 1];
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_protocol.c:752:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp("Osmux: ", line + 2, strlen("Osmux: ")) == 0)
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_sdp.c:210:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(line, "a=rtpmap:%d %63s",
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_sdp.c:250:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(line, "c=IN IP4 %15s", ipv4) == 1) {
data/openbsc-1.3.2+dfsg1/openbsc/src/libmgcp/mgcp_vty.c:72:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_cfg->bts_ip && strlen(g_cfg->bts_ip) != 0)
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/ctrl_commands.c:67:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(imsi) > GSM23003_IMSI_MAX_DIGITS)
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/ctrl_commands.c:69:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(msisdn) >= GSM_EXTENSION_LENGTH)
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:766:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(net->name_long);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:780:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = (strlen(net->name_long)*7)/8;
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:781:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_pad = (8 - strlen(net->name_long)*7)%8;
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:797:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(net->name_short);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:808:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = (strlen(net->name_short)*7)/8;
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:809:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_pad = (8 - strlen(net->name_short)*7)%8;
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/gsm_04_08.c:1495:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subscr->name && strlen(subscr->name) ? subscr->name : subscr->imsi);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/meas_feed.c:103:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(ofd->fd, buf, sizeof(buf));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_openbsc.c:484:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t imei_len = strlen(subscr->equipment.imei);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_smsc.c:134:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sys_id) > SMPP_SYS_ID_LEN)
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_smsc.c:287:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(r->u.prefix.addr))) {
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_smsc.c:438:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(acl->passwd) &&
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_smsc.c:820:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(ofd->fd, lenptr + esme->read_idx, rdlen);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_smsc.c:849:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(ofd->fd, msg->tail, OSMO_MIN(rdlen, msgb_tailroom(msg)));
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_vty.c:156:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[0])+1 > sizeof(smsc->system_id))
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_vty.c:192:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(smsc->system_id) > 0)
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_vty.c:211:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(id) > 16) {
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_vty.c:261:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[0])+1 > sizeof(acl->passwd))
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_vty.c:283:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(str); i++) {
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/smpp_vty.c:575:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(acl->passwd))
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/token_auth.c:40:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(subscr->imsi) + 8 + strlen(TOKEN_SMS_TEXT);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/token_auth.c:40:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(subscr->imsi) + 8 + strlen(TOKEN_SMS_TEXT);
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/vty_interface_layer3.c:73:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(subscr->name))
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/vty_interface_layer3.c:75:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(subscr->extension))
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/vty_interface_layer3.c:678:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > sizeof(subscr->name)-1) {
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/vty_interface_layer3.c:712:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ext) > sizeof(subscr->extension)-1) {
data/openbsc-1.3.2+dfsg1/openbsc/src/libmsc/vty_interface_layer3.c:1064:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(meas_scenario) > 0)
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/rtp_proxy.c:324:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len < strlen(new_cname)) {
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/rtp_proxy.c:326:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int increase = strlen(new_cname) - len;
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/rtp_proxy.c:339:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(cur, new_cname, strlen(new_cname));
data/openbsc-1.3.2+dfsg1/openbsc/src/libtrau/rtp_proxy.c:397:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(rss->bfd.fd, msg->data, RTP_ALLOC_SIZE);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_msc.c:67:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd->fd, mgcp->data, 4096 - 128);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c:355:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[i]) != 3
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc/osmo_bsc_vty.c:841:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
timestr[strlen(timestr)-1] = 0;
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:672:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t line_len = strlen(line);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:689:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t x_osmux_prefix_len = strlen(x_osmux_prefix);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:792:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(line, "X-Osmux: ", strlen("X-Osmux: ")) == 0)
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:852:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
rc = sscanf(str, "%3d %59s\n", code, transaction) != 2;
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:861:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t ci_prefix_len = strlen(ci_prefix);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:888:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char osmux_extension[strlen("\nX-Osmux: 255") + 1];
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:945:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(token);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:955:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output->l3h = msgb_put(output, strlen(ip_str));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:956:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(output->l3h, ip_str, strlen(ip_str));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:957:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output->l3h = msgb_put(output, strlen(ip));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:958:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(output->l3h, ip, strlen(ip));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:980:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output->l3h = msgb_put(output, strlen(buf));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:981:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(output->l3h, buf, strlen(buf));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:1001:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output->l3h = msgb_put(output, strlen(buf));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:1002:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(output->l3h, buf, strlen(buf));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c:1051:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd->fd, nat->mgcp_msg, sizeof(nat->mgcp_msg) - 1);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_ctrl.c:405:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += strlen("net.0.add.allow.access-list.");
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_ctrl.c:406:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) == 0)
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c:120:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(&int_number[1], number, strlen(number) + 1);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c:184:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(new_number_pre) > sizeof(called.number)) {
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c:201:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(chosen_number) > sizeof(called.number)) {
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c:360:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data[0] = strlen(new_number);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c:584:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!imsi || strlen(imsi) < 5)
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite_trie.c:48:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = strlen(rule->prefix);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite_trie.c:117:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite_trie.c:133:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_end = strlen(split) - 1;
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite_trie.c:205:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = OSMO_MIN(strlen(prefix), (sizeof(rule->prefix) - 1));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c:195:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int token_len = strlen(conf->token) + 1;
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_sccp.c:33:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static int equal(struct sccp_source_reference *ref1, struct sccp_source_reference *ref2)
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_sccp.c:48:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal(ref, &conn->patched_ref))
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_sccp.c:94:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal(parsed->src_local_ref, &conn->real_ref))
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_sccp.c:162:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal(parsed->src_local_ref, &conn->patched_ref)) {
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_sccp.c:190:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal(parsed->dest_local_ref, &conn->patched_ref))
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_sccp.c:220:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal(parsed->src_local_ref, &conn->real_ref)) {
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_sccp.c:225:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal(parsed->dest_local_ref, &conn->remote_ref))
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_sccp.c:242:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal(ref, &conn->real_ref))
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_ussd.c:193:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(conn->nat->ussd_token) != len - 1)
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_ussd.c:353:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(state->imsi, con->filter_state.imsi, strlen(con->filter_state.imsi));
data/openbsc-1.3.2+dfsg1/openbsc/src/osmo-bsc_nat/bsc_ussd.c:402:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(con->filter_state.imsi) > GSM23003_IMSI_MAX_DIGITS)
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c:355:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(retbuf+strlen(retbuf), "Power Amplifier %d ",
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c:359:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(retbuf+strlen(retbuf), "Line Interface ");
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c:362:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(retbuf+strlen(retbuf), "CCLK ");
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/bs11_config.c:370:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(retbuf+strlen(retbuf), "BPORT%u ",
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/smpp_mirror.c:231:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(ofd->fd, lenptr + esme->read_idx, rdlen);
data/openbsc-1.3.2+dfsg1/openbsc/src/utils/smpp_mirror.c:254:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(ofd->fd, msg->tail, OSMO_MIN(rdlen, msgb_tailroom(msg)));
data/openbsc-1.3.2+dfsg1/openbsc/tests/bsc-nat/bsc_nat_test.c:627:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output = bsc_mgcp_rewrite(input, strlen(input), 0x1e,
data/openbsc-1.3.2+dfsg1/openbsc/tests/bsc-nat/bsc_nat_test.c:640:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (msgb_l2len(output) != strlen(patc)) {
data/openbsc-1.3.2+dfsg1/openbsc/tests/bsc-nat/bsc_nat_test.c:641:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("Wrong sizes for test: %d %u != %zu != %zu\n", i, msgb_l2len(output), strlen(patc), strlen(orig));
data/openbsc-1.3.2+dfsg1/openbsc/tests/bsc-nat/bsc_nat_test.c:641:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("Wrong sizes for test: %d %u != %zu != %zu\n", i, msgb_l2len(output), strlen(patc), strlen(orig));
data/openbsc-1.3.2+dfsg1/openbsc/tests/bsc/bsc_test.c:89:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kv += strlen(key) + 1;
data/openbsc-1.3.2+dfsg1/openbsc/tests/db/db_test.c:83:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(sms->src.addr, "1234", strlen("1234") + 1);
data/openbsc-1.3.2+dfsg1/openbsc/tests/db/db_test.c:89:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(sms->text, "Text123", strlen("Text123") + 1);
data/openbsc-1.3.2+dfsg1/openbsc/tests/db/db_test.c:90:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(sms->user_data, "UserData123", strlen("UserData123") + 1);
data/openbsc-1.3.2+dfsg1/openbsc/tests/db/db_test.c:91:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sms->user_data_len = strlen("UserData123");
data/openbsc-1.3.2+dfsg1/openbsc/tests/db/db_test.c:118:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OSMO_ASSERT(sms->user_data_len == strlen("UserData123"));
data/openbsc-1.3.2+dfsg1/openbsc/tests/mm_auth/mm_auth_test.c:46:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = strlen(expect_str);
data/openbsc-1.3.2+dfsg1/openbsc/tests/mm_auth/mm_auth_test.c:47:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen(tuple_str);
ANALYSIS SUMMARY:
Hits = 754
Lines analyzed = 81528 in approximately 1.96 seconds (41493 lines/second)
Physical Source Lines of Code (SLOC) = 60272
Hits@level = [0] 598 [1] 135 [2] 588 [3] 17 [4] 14 [5] 0
Hits@level+ = [0+] 1352 [1+] 754 [2+] 619 [3+] 31 [4+] 14 [5+] 0
Hits/KSLOC@level+ = [0+] 22.4316 [1+] 12.51 [2+] 10.2701 [3+] 0.514335 [4+] 0.23228 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.