Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/openr2-1.3.3/misc/mfdetectors.c
Examining data/openr2-1.3.3/misc/dtmf_detect.c
Examining data/openr2-1.3.3/src/r2chan.c
Examining data/openr2-1.3.3/src/r2context.c
Examining data/openr2-1.3.3/src/r2log.c
Examining data/openr2-1.3.3/src/r2dtmf_detect.c
Examining data/openr2-1.3.3/src/queue.c
Examining data/openr2-1.3.3/src/r2engine.c
Examining data/openr2-1.3.3/src/r2utils.c
Examining data/openr2-1.3.3/src/r2proto.c
Examining data/openr2-1.3.3/src/openr2/r2context.h
Examining data/openr2-1.3.3/src/openr2/r2context-pvt.h
Examining data/openr2-1.3.3/src/openr2/r2proto-pvt.h
Examining data/openr2-1.3.3/src/openr2/r2log.h
Examining data/openr2-1.3.3/src/openr2/openr2.h
Examining data/openr2-1.3.3/src/openr2/queue.h
Examining data/openr2-1.3.3/src/openr2/r2proto.h
Examining data/openr2-1.3.3/src/openr2/r2log-pvt.h
Examining data/openr2-1.3.3/src/openr2/r2utils-pvt.h
Examining data/openr2-1.3.3/src/openr2/r2utils.h
Examining data/openr2-1.3.3/src/openr2/r2chan.h
Examining data/openr2-1.3.3/src/openr2/r2hwcompat.h
Examining data/openr2-1.3.3/src/openr2/r2engine.h
Examining data/openr2-1.3.3/src/openr2/r2chan-pvt.h
Examining data/openr2-1.3.3/src/r2test.c
FINAL RESULTS:
data/openr2-1.3.3/misc/dtmf_detect.c:62:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, USAGE, argv[0]);
data/openr2-1.3.3/misc/dtmf_detect.c:75:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, USAGE, argv[0]);
data/openr2-1.3.3/src/r2context.c:726:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
else if (1 == sscanf(line, #mytone "=%c", (char *)&intvalue)) { \
data/openr2-1.3.3/src/r2context.c:740:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
else if (1 == sscanf(line, #mytimer "=%d", &intvalue)) { \
data/openr2-1.3.3/src/r2context.c:750:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
else if (1 == sscanf(line, #mysetting "=%d", &intvalue)) { \
data/openr2-1.3.3/src/r2dtmf_detect.c:61:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, USAGE, argv[0]);
data/openr2-1.3.3/src/r2dtmf_detect.c:74:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, USAGE, argv[0]);
data/openr2-1.3.3/src/r2log.c:55:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/openr2-1.3.3/src/r2log.c:64:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/openr2-1.3.3/src/r2log.c:88:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(r2chan->logfile, fmt, ap);
data/openr2-1.3.3/src/r2test.c:130:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dahdi_operation.dialstr, forward_signals ? "O" : "R");
data/openr2-1.3.3/src/r2test.c:496:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(confdata[g].dnid, dnid);
data/openr2-1.3.3/src/r2test.c:497:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(confdata[g].cid, cid);
data/openr2-1.3.3/src/r2test.c:498:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(confdata[g].r2file, r2file);
data/openr2-1.3.3/src/r2test.c:499:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(confdata[g].audiofile, audiofile);
data/openr2-1.3.3/src/r2test.c:505:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "advancedprotocolfile=%s", r2file)) {
data/openr2-1.3.3/src/r2test.c:507:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "chargecalls=%s", strvalue)) {
data/openr2-1.3.3/src/r2test.c:516:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "collectcalls=%s", strvalue)) {
data/openr2-1.3.3/src/r2test.c:525:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "callfiles=%s", strvalue)) {
data/openr2-1.3.3/src/r2test.c:534:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "doubleanswer=%s", strvalue)) {
data/openr2-1.3.3/src/r2test.c:543:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "immediateaccept=%s", strvalue)) {
data/openr2-1.3.3/src/r2test.c:552:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "skipcategory=%s", strvalue)) {
data/openr2-1.3.3/src/r2test.c:561:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "meteringpulsetimeout=%s", strvalue)) {
data/openr2-1.3.3/src/r2test.c:569:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "loglevel=%s", strvalue)) {
data/openr2-1.3.3/src/r2test.c:588:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "mfthreshold=%s", strvalue)) {
data/openr2-1.3.3/src/r2test.c:596:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "mfbacktimeout=%s", strvalue)) {
data/openr2-1.3.3/src/r2test.c:604:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "getanifirst=%s", strvalue)) {
data/openr2-1.3.3/src/r2test.c:613:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "usedahdimf=%s", strvalue)) {
data/openr2-1.3.3/src/r2test.c:630:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "cid=%s", cid)) {
data/openr2-1.3.3/src/r2test.c:632:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "dnid=%s", dnid)) {
data/openr2-1.3.3/src/r2test.c:634:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "category=%s", strvalue)) {
data/openr2-1.3.3/src/r2test.c:641:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "variant=%s", strvalue)) {
data/openr2-1.3.3/src/r2test.c:647:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "caller=%s", strvalue)) {
data/openr2-1.3.3/src/r2test.c:655:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "playaudio=%s", strvalue)) {
data/openr2-1.3.3/src/r2test.c:663:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (1 == sscanf(line, "audiofile=%s", audiofile)) {
data/openr2-1.3.3/src/r2test.c:795:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((o = getopt(argc, argv, ":c:lv")) != -1) {
data/openr2-1.3.3/misc/dtmf_detect.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alaw_buffer[CHUNK_SAMPLES];
data/openr2-1.3.3/misc/dtmf_detect.c:85:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
audiofp = fopen(argv[2], "r");
data/openr2-1.3.3/misc/mfdetectors.c:10:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digitsbuf[255];
data/openr2-1.3.3/misc/mfdetectors.c:11:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(argv[1], O_RDONLY);
data/openr2-1.3.3/src/openr2/r2chan-pvt.h:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cas_buff[10];
data/openr2-1.3.3/src/openr2/r2chan-pvt.h:166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ani[OR2_MAX_ANI];
data/openr2-1.3.3/src/openr2/r2chan-pvt.h:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dnis[OR2_MAX_DNIS];
data/openr2-1.3.3/src/openr2/r2context-pvt.h:154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logdir[OR2_MAX_PATH];
data/openr2-1.3.3/src/openr2/r2engine.h:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digits[OR2_MAX_DTMF_DIGITS + 1];
data/openr2-1.3.3/src/queue.c:107:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s->data + optr, to_end);
data/openr2-1.3.3/src/queue.c:108:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + to_end, s->data, real_len - to_end);
data/openr2-1.3.3/src/queue.c:116:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s->data + optr, real_len);
data/openr2-1.3.3/src/queue.c:158:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s->data + optr, to_end);
data/openr2-1.3.3/src/queue.c:159:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + to_end, s->data, real_len - to_end);
data/openr2-1.3.3/src/queue.c:168:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s->data + optr, real_len);
data/openr2-1.3.3/src/queue.c:241:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data + iptr, buf, real_len);
data/openr2-1.3.3/src/queue.c:250:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data + iptr, buf, to_end);
data/openr2-1.3.3/src/queue.c:251:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data, buf + to_end, real_len - to_end);
data/openr2-1.3.3/src/queue.c:355:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data + iptr, &lenx, sizeof(uint16_t));
data/openr2-1.3.3/src/queue.c:356:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data + iptr + sizeof(uint16_t), buf, len);
data/openr2-1.3.3/src/queue.c:368:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data + iptr, &lenx, sizeof(uint16_t));
data/openr2-1.3.3/src/queue.c:369:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data + iptr + sizeof(uint16_t), buf, to_end - sizeof(uint16_t));
data/openr2-1.3.3/src/queue.c:370:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data, buf + to_end - sizeof(uint16_t), real_len - to_end);
data/openr2-1.3.3/src/queue.c:375:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data + iptr, (uint8_t *) &lenx, to_end);
data/openr2-1.3.3/src/queue.c:376:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data, ((uint8_t *) &lenx) + to_end, sizeof(uint16_t) - to_end);
data/openr2-1.3.3/src/queue.c:377:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data + sizeof(uint16_t) - to_end, buf, len);
data/openr2-1.3.3/src/r2chan.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfile[1024];
data/openr2-1.3.3/src/r2chan.c:158:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
r2chan->mf_write_fd = open(logfile, O_CREAT | O_TRUNC | O_WRONLY, 0666);
data/openr2-1.3.3/src/r2chan.c:170:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
r2chan->mf_read_fd = open(logfile, O_CREAT | O_TRUNC | O_WRONLY, 0666);
data/openr2-1.3.3/src/r2chan.c:247:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
chanfd = open(OR2_HW_CHANNEL_FILE_NAME, O_RDWR | O_NONBLOCK);
data/openr2-1.3.3/src/r2chan.c:309:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&to_dispatch[i], &r2chan->sched_timers[t], sizeof(to_dispatch[0]));
data/openr2-1.3.3/src/r2chan.c:521:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&r2chan->sched_timers[i], &newtimer, sizeof(newtimer));
data/openr2-1.3.3/src/r2chan.c:527:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&r2chan->sched_timers[i], &newtimer, sizeof(newtimer));
data/openr2-1.3.3/src/r2context.c:765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[255];
data/openr2-1.3.3/src/r2context.c:769:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variant_file = fopen(filename, "r");
data/openr2-1.3.3/src/r2dtmf_detect.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alaw_buffer[CHUNK_SAMPLES];
data/openr2-1.3.3/src/r2dtmf_detect.c:84:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
audiofp = fopen(argv[2], "r");
data/openr2-1.3.3/src/r2proto.c:228:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *cas_names[OR2_NUM_CAS_SIGNALS] =
data/openr2-1.3.3/src/r2proto.c:379:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r2context->cas_signals, standard_cas_signals, sizeof(standard_cas_signals));
data/openr2-1.3.3/src/r2proto.c:787:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringbuf[512];
data/openr2-1.3.3/src/r2proto.c:788:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char currdir[512];
data/openr2-1.3.3/src/r2proto.c:789:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[30];
data/openr2-1.3.3/src/r2proto.c:841:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
r2chan->logfile = fopen(stringbuf, "w");
data/openr2-1.3.3/src/r2test.c:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dnid[OR2_MAX_DNIS];
data/openr2-1.3.3/src/r2test.c:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cid[OR2_MAX_ANI];
data/openr2-1.3.3/src/r2test.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r2file[512];
data/openr2-1.3.3/src/r2test.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audiofile[512];
data/openr2-1.3.3/src/r2test.c:229:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(chandata->audiofp = fopen(chandata->conf->audiofile, "rb"))) {
data/openr2-1.3.3/src/r2test.c:321:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char write_buf[OR2_CHAN_READ_SIZE];
data/openr2-1.3.3/src/r2test.c:427:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/openr2-1.3.3/src/r2test.c:449:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strvalue[512];
data/openr2-1.3.3/src/r2test.c:450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r2file[512];
data/openr2-1.3.3/src/r2test.c:451:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audiofile[512];
data/openr2-1.3.3/src/r2test.c:453:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dnid[OR2_MAX_DNIS];
data/openr2-1.3.3/src/r2test.c:454:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cid[OR2_MAX_ANI];
data/openr2-1.3.3/src/r2test.c:563:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int_test = atoi(strvalue);
data/openr2-1.3.3/src/r2test.c:590:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int_test = atoi(strvalue);
data/openr2-1.3.3/src/r2test.c:598:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int_test = atoi(strvalue);
data/openr2-1.3.3/src/r2test.c:828:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
config = fopen(cfgfile, "r");
data/openr2-1.3.3/src/r2utils.c:97:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, lib_tp, sizeof(*result));
data/openr2-1.3.3/src/r2utils.c:116:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, lib_buf, len);
data/openr2-1.3.3/misc/mfdetectors.c:47:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, readbuf, sizeof(readbuf)/sizeof(readbuf[0]));
data/openr2-1.3.3/src/r2chan.c:375:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(r2chan->fd, read_buf, sizeof(read_buf));
data/openr2-1.3.3/src/r2context.c:608:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(directory) >= sizeof(r2context->logdir)) {
data/openr2-1.3.3/src/r2context.c:623:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r2context->logdir, directory, sizeof(r2context->logdir)-1);
data/openr2-1.3.3/src/r2context.c:635:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(directory, r2context->logdir, len-1);
data/openr2-1.3.3/src/r2engine.c:2757:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(digits)) == 0)
data/openr2-1.3.3/src/r2proto.c:849:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
timestr[strlen(timestr)-1] = 0; /* remove end of line */
data/openr2-1.3.3/src/r2proto.c:2465:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r2chan->ani, ani, sizeof(r2chan->ani)-1);
data/openr2-1.3.3/src/r2proto.c:2472:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r2chan->dnis, dnis, sizeof(r2chan->dnis)-1);
data/openr2-1.3.3/src/r2utils.c:115:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(lib_buf);
ANALYSIS SUMMARY:
Hits = 107
Lines analyzed = 11824 in approximately 0.35 seconds (33483 lines/second)
Physical Source Lines of Code (SLOC) = 9177
Hits@level = [0] 129 [1] 10 [2] 61 [3] 1 [4] 35 [5] 0
Hits@level+ = [0+] 236 [1+] 107 [2+] 97 [3+] 36 [4+] 35 [5+] 0
Hits/KSLOC@level+ = [0+] 25.7165 [1+] 11.6596 [2+] 10.5699 [3+] 3.92285 [4+] 3.81388 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.