Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/openssh-8.4p1/addrmatch.c
Examining data/openssh-8.4p1/atomicio.c
Examining data/openssh-8.4p1/atomicio.h
Examining data/openssh-8.4p1/audit-bsm.c
Examining data/openssh-8.4p1/audit-linux.c
Examining data/openssh-8.4p1/audit.c
Examining data/openssh-8.4p1/audit.h
Examining data/openssh-8.4p1/auth-bsdauth.c
Examining data/openssh-8.4p1/auth-krb5.c
Examining data/openssh-8.4p1/auth-options.c
Examining data/openssh-8.4p1/auth-options.h
Examining data/openssh-8.4p1/auth-pam.c
Examining data/openssh-8.4p1/auth-pam.h
Examining data/openssh-8.4p1/auth-passwd.c
Examining data/openssh-8.4p1/auth-shadow.c
Examining data/openssh-8.4p1/auth-sia.c
Examining data/openssh-8.4p1/auth-sia.h
Examining data/openssh-8.4p1/auth2-chall.c
Examining data/openssh-8.4p1/auth2-hostbased.c
Examining data/openssh-8.4p1/auth2-kbdint.c
Examining data/openssh-8.4p1/auth2-none.c
Examining data/openssh-8.4p1/auth2-passwd.c
Examining data/openssh-8.4p1/auth2-pubkey.c
Examining data/openssh-8.4p1/authfd.c
Examining data/openssh-8.4p1/authfd.h
Examining data/openssh-8.4p1/authfile.c
Examining data/openssh-8.4p1/authfile.h
Examining data/openssh-8.4p1/bitmap.c
Examining data/openssh-8.4p1/bitmap.h
Examining data/openssh-8.4p1/chacha.c
Examining data/openssh-8.4p1/chacha.h
Examining data/openssh-8.4p1/channels.c
Examining data/openssh-8.4p1/channels.h
Examining data/openssh-8.4p1/cipher-aes.c
Examining data/openssh-8.4p1/cipher-aesctr.c
Examining data/openssh-8.4p1/cipher-aesctr.h
Examining data/openssh-8.4p1/cipher-chachapoly.c
Examining data/openssh-8.4p1/cipher-chachapoly-libcrypto.c
Examining data/openssh-8.4p1/cipher-chachapoly.h
Examining data/openssh-8.4p1/cipher-ctr.c
Examining data/openssh-8.4p1/cipher.c
Examining data/openssh-8.4p1/cipher.h
Examining data/openssh-8.4p1/cleanup.c
Examining data/openssh-8.4p1/clientloop.h
Examining data/openssh-8.4p1/compat.c
Examining data/openssh-8.4p1/compat.h
Examining data/openssh-8.4p1/contrib/gnome-ssh-askpass1.c
Examining data/openssh-8.4p1/contrib/gnome-ssh-askpass2.c
Examining data/openssh-8.4p1/crypto_api.h
Examining data/openssh-8.4p1/defines.h
Examining data/openssh-8.4p1/dh.c
Examining data/openssh-8.4p1/dh.h
Examining data/openssh-8.4p1/digest-libc.c
Examining data/openssh-8.4p1/digest-openssl.c
Examining data/openssh-8.4p1/digest.h
Examining data/openssh-8.4p1/dispatch.c
Examining data/openssh-8.4p1/dispatch.h
Examining data/openssh-8.4p1/dns.h
Examining data/openssh-8.4p1/ed25519.c
Examining data/openssh-8.4p1/entropy.c
Examining data/openssh-8.4p1/entropy.h
Examining data/openssh-8.4p1/fatal.c
Examining data/openssh-8.4p1/fe25519.c
Examining data/openssh-8.4p1/fe25519.h
Examining data/openssh-8.4p1/ge25519.c
Examining data/openssh-8.4p1/ge25519.h
Examining data/openssh-8.4p1/groupaccess.c
Examining data/openssh-8.4p1/groupaccess.h
Examining data/openssh-8.4p1/hash.c
Examining data/openssh-8.4p1/hmac.c
Examining data/openssh-8.4p1/hmac.h
Examining data/openssh-8.4p1/hostfile.c
Examining data/openssh-8.4p1/hostfile.h
Examining data/openssh-8.4p1/includes.h
Examining data/openssh-8.4p1/kexc25519.c
Examining data/openssh-8.4p1/kexecdh.c
Examining data/openssh-8.4p1/kexgex.c
Examining data/openssh-8.4p1/kexgexc.c
Examining data/openssh-8.4p1/kexgexs.c
Examining data/openssh-8.4p1/kexsntrup4591761x25519.c
Examining data/openssh-8.4p1/krl.c
Examining data/openssh-8.4p1/krl.h
Examining data/openssh-8.4p1/log.h
Examining data/openssh-8.4p1/loginrec.c
Examining data/openssh-8.4p1/loginrec.h
Examining data/openssh-8.4p1/logintest.c
Examining data/openssh-8.4p1/mac.c
Examining data/openssh-8.4p1/mac.h
Examining data/openssh-8.4p1/match.c
Examining data/openssh-8.4p1/match.h
Examining data/openssh-8.4p1/md5crypt.c
Examining data/openssh-8.4p1/md5crypt.h
Examining data/openssh-8.4p1/moduli.c
Examining data/openssh-8.4p1/monitor_fdpass.c
Examining data/openssh-8.4p1/monitor_fdpass.h
Examining data/openssh-8.4p1/msg.c
Examining data/openssh-8.4p1/msg.h
Examining data/openssh-8.4p1/mux.c
Examining data/openssh-8.4p1/myproposal.h
Examining data/openssh-8.4p1/nchan.c
Examining data/openssh-8.4p1/openbsd-compat/arc4random.c
Examining data/openssh-8.4p1/openbsd-compat/base64.c
Examining data/openssh-8.4p1/openbsd-compat/base64.h
Examining data/openssh-8.4p1/openbsd-compat/basename.c
Examining data/openssh-8.4p1/openbsd-compat/bcrypt_pbkdf.c
Examining data/openssh-8.4p1/openbsd-compat/bindresvport.c
Examining data/openssh-8.4p1/openbsd-compat/blf.h
Examining data/openssh-8.4p1/openbsd-compat/blowfish.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-asprintf.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-closefrom.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-cygwin_util.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-cygwin_util.h
Examining data/openssh-8.4p1/openbsd-compat/bsd-err.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-flock.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-getline.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-getpagesize.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-getpeereid.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-malloc.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-misc.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-misc.h
Examining data/openssh-8.4p1/openbsd-compat/bsd-nextstep.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-nextstep.h
Examining data/openssh-8.4p1/openbsd-compat/bsd-openpty.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-poll.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-poll.h
Examining data/openssh-8.4p1/openbsd-compat/bsd-setres_id.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-setres_id.h
Examining data/openssh-8.4p1/openbsd-compat/bsd-signal.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-signal.h
Examining data/openssh-8.4p1/openbsd-compat/bsd-snprintf.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-statvfs.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-statvfs.h
Examining data/openssh-8.4p1/openbsd-compat/bsd-waitpid.c
Examining data/openssh-8.4p1/openbsd-compat/bsd-waitpid.h
Examining data/openssh-8.4p1/openbsd-compat/chacha_private.h
Examining data/openssh-8.4p1/openbsd-compat/charclass.h
Examining data/openssh-8.4p1/openbsd-compat/daemon.c
Examining data/openssh-8.4p1/openbsd-compat/dirname.c
Examining data/openssh-8.4p1/openbsd-compat/explicit_bzero.c
Examining data/openssh-8.4p1/openbsd-compat/fake-rfc2553.c
Examining data/openssh-8.4p1/openbsd-compat/fake-rfc2553.h
Examining data/openssh-8.4p1/openbsd-compat/fnmatch.c
Examining data/openssh-8.4p1/openbsd-compat/fmt_scaled.c
Examining data/openssh-8.4p1/openbsd-compat/fnmatch.h
Examining data/openssh-8.4p1/openbsd-compat/freezero.c
Examining data/openssh-8.4p1/openbsd-compat/getcwd.c
Examining data/openssh-8.4p1/openbsd-compat/getgrouplist.c
Examining data/openssh-8.4p1/openbsd-compat/getopt.h
Examining data/openssh-8.4p1/openbsd-compat/getopt_long.c
Examining data/openssh-8.4p1/openbsd-compat/getrrsetbyname-ldns.c
Examining data/openssh-8.4p1/openbsd-compat/glob.c
Examining data/openssh-8.4p1/openbsd-compat/glob.h
Examining data/openssh-8.4p1/openbsd-compat/inet_aton.c
Examining data/openssh-8.4p1/openbsd-compat/inet_ntoa.c
Examining data/openssh-8.4p1/openbsd-compat/inet_ntop.c
Examining data/openssh-8.4p1/openbsd-compat/kludge-fd_set.c
Examining data/openssh-8.4p1/openbsd-compat/libressl-api-compat.c
Examining data/openssh-8.4p1/openbsd-compat/md5.c
Examining data/openssh-8.4p1/openbsd-compat/md5.h
Examining data/openssh-8.4p1/openbsd-compat/memmem.c
Examining data/openssh-8.4p1/openbsd-compat/mktemp.c
Examining data/openssh-8.4p1/openbsd-compat/openbsd-compat.h
Examining data/openssh-8.4p1/openbsd-compat/port-aix.c
Examining data/openssh-8.4p1/openbsd-compat/openssl-compat.h
Examining data/openssh-8.4p1/openbsd-compat/port-aix.h
Examining data/openssh-8.4p1/openbsd-compat/port-irix.c
Examining data/openssh-8.4p1/openbsd-compat/port-irix.h
Examining data/openssh-8.4p1/openbsd-compat/port-net.c
Examining data/openssh-8.4p1/openbsd-compat/port-net.h
Examining data/openssh-8.4p1/openbsd-compat/port-solaris.c
Examining data/openssh-8.4p1/openbsd-compat/port-solaris.h
Examining data/openssh-8.4p1/openbsd-compat/port-uw.c
Examining data/openssh-8.4p1/openbsd-compat/port-uw.h
Examining data/openssh-8.4p1/openbsd-compat/pwcache.c
Examining data/openssh-8.4p1/openbsd-compat/readpassphrase.c
Examining data/openssh-8.4p1/openbsd-compat/readpassphrase.h
Examining data/openssh-8.4p1/openbsd-compat/reallocarray.c
Examining data/openssh-8.4p1/openbsd-compat/recallocarray.c
Examining data/openssh-8.4p1/openbsd-compat/regress/closefromtest.c
Examining data/openssh-8.4p1/openbsd-compat/regress/snprintftest.c
Examining data/openssh-8.4p1/openbsd-compat/regress/strduptest.c
Examining data/openssh-8.4p1/openbsd-compat/regress/strtonumtest.c
Examining data/openssh-8.4p1/openbsd-compat/regress/utimensattest.c
Examining data/openssh-8.4p1/openbsd-compat/regress/opensslvertest.c
Examining data/openssh-8.4p1/openbsd-compat/rresvport.c
Examining data/openssh-8.4p1/openbsd-compat/setenv.c
Examining data/openssh-8.4p1/openbsd-compat/setproctitle.c
Examining data/openssh-8.4p1/openbsd-compat/sha1.c
Examining data/openssh-8.4p1/openbsd-compat/sha1.h
Examining data/openssh-8.4p1/openbsd-compat/sha2.c
Examining data/openssh-8.4p1/openbsd-compat/sha2.h
Examining data/openssh-8.4p1/openbsd-compat/sigact.c
Examining data/openssh-8.4p1/openbsd-compat/sigact.h
Examining data/openssh-8.4p1/openbsd-compat/strcasestr.c
Examining data/openssh-8.4p1/openbsd-compat/strlcat.c
Examining data/openssh-8.4p1/openbsd-compat/strlcpy.c
Examining data/openssh-8.4p1/openbsd-compat/strmode.c
Examining data/openssh-8.4p1/openbsd-compat/strndup.c
Examining data/openssh-8.4p1/openbsd-compat/strnlen.c
Examining data/openssh-8.4p1/openbsd-compat/strptime.c
Examining data/openssh-8.4p1/openbsd-compat/strsep.c
Examining data/openssh-8.4p1/openbsd-compat/strtoll.c
Examining data/openssh-8.4p1/openbsd-compat/strtonum.c
Examining data/openssh-8.4p1/openbsd-compat/strtoul.c
Examining data/openssh-8.4p1/openbsd-compat/strtoull.c
Examining data/openssh-8.4p1/openbsd-compat/sys-queue.h
Examining data/openssh-8.4p1/openbsd-compat/sys-tree.h
Examining data/openssh-8.4p1/openbsd-compat/timingsafe_bcmp.c
Examining data/openssh-8.4p1/openbsd-compat/vis.c
Examining data/openssh-8.4p1/openbsd-compat/vis.h
Examining data/openssh-8.4p1/openbsd-compat/xcrypt.c
Examining data/openssh-8.4p1/openbsd-compat/port-linux.c
Examining data/openssh-8.4p1/openbsd-compat/port-linux.h
Examining data/openssh-8.4p1/openbsd-compat/getrrsetbyname.c
Examining data/openssh-8.4p1/openbsd-compat/getrrsetbyname.h
Examining data/openssh-8.4p1/openbsd-compat/openssl-compat.c
Examining data/openssh-8.4p1/packet.c
Examining data/openssh-8.4p1/packet.h
Examining data/openssh-8.4p1/pathnames.h
Examining data/openssh-8.4p1/pkcs11.h
Examining data/openssh-8.4p1/platform-misc.c
Examining data/openssh-8.4p1/platform-pledge.c
Examining data/openssh-8.4p1/platform-tracing.c
Examining data/openssh-8.4p1/poly1305.c
Examining data/openssh-8.4p1/poly1305.h
Examining data/openssh-8.4p1/progressmeter.c
Examining data/openssh-8.4p1/progressmeter.h
Examining data/openssh-8.4p1/readpass.c
Examining data/openssh-8.4p1/regress/check-perm.c
Examining data/openssh-8.4p1/regress/misc/fuzz-harness/authopt_fuzz.cc
Examining data/openssh-8.4p1/regress/misc/fuzz-harness/privkey_fuzz.cc
Examining data/openssh-8.4p1/regress/misc/fuzz-harness/pubkey_fuzz.cc
Examining data/openssh-8.4p1/regress/misc/fuzz-harness/sig_fuzz.cc
Examining data/openssh-8.4p1/regress/misc/fuzz-harness/ssh-sk-null.cc
Examining data/openssh-8.4p1/regress/misc/fuzz-harness/sshsig_fuzz.cc
Examining data/openssh-8.4p1/regress/misc/fuzz-harness/sshsigopt_fuzz.cc
Examining data/openssh-8.4p1/regress/misc/kexfuzz/kexfuzz.c
Examining data/openssh-8.4p1/regress/misc/sk-dummy/fatal.c
Examining data/openssh-8.4p1/regress/misc/sk-dummy/sk-dummy.c
Examining data/openssh-8.4p1/regress/mkdtemp.c
Examining data/openssh-8.4p1/regress/modpipe.c
Examining data/openssh-8.4p1/regress/netcat.c
Examining data/openssh-8.4p1/regress/setuid-allowed.c
Examining data/openssh-8.4p1/regress/unittests/authopt/tests.c
Examining data/openssh-8.4p1/regress/unittests/bitmap/tests.c
Examining data/openssh-8.4p1/regress/unittests/conversion/tests.c
Examining data/openssh-8.4p1/regress/unittests/hostkeys/test_iterate.c
Examining data/openssh-8.4p1/regress/unittests/hostkeys/tests.c
Examining data/openssh-8.4p1/regress/unittests/kex/test_kex.c
Examining data/openssh-8.4p1/regress/unittests/kex/tests.c
Examining data/openssh-8.4p1/regress/unittests/match/tests.c
Examining data/openssh-8.4p1/regress/unittests/misc/tests.c
Examining data/openssh-8.4p1/regress/unittests/sshbuf/test_sshbuf.c
Examining data/openssh-8.4p1/regress/unittests/sshbuf/test_sshbuf_fixed.c
Examining data/openssh-8.4p1/regress/unittests/sshbuf/test_sshbuf_fuzz.c
Examining data/openssh-8.4p1/regress/unittests/sshbuf/test_sshbuf_getput_basic.c
Examining data/openssh-8.4p1/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
Examining data/openssh-8.4p1/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
Examining data/openssh-8.4p1/regress/unittests/sshbuf/test_sshbuf_misc.c
Examining data/openssh-8.4p1/regress/unittests/sshbuf/tests.c
Examining data/openssh-8.4p1/regress/unittests/sshkey/common.c
Examining data/openssh-8.4p1/regress/unittests/sshkey/common.h
Examining data/openssh-8.4p1/regress/unittests/sshkey/test_file.c
Examining data/openssh-8.4p1/regress/unittests/sshkey/test_fuzz.c
Examining data/openssh-8.4p1/regress/unittests/sshkey/test_sshkey.c
Examining data/openssh-8.4p1/regress/unittests/sshkey/tests.c
Examining data/openssh-8.4p1/regress/unittests/sshsig/tests.c
Examining data/openssh-8.4p1/regress/unittests/test_helper/fuzz.c
Examining data/openssh-8.4p1/regress/unittests/test_helper/test_helper.c
Examining data/openssh-8.4p1/regress/unittests/test_helper/test_helper.h
Examining data/openssh-8.4p1/regress/unittests/utf8/tests.c
Examining data/openssh-8.4p1/rijndael.c
Examining data/openssh-8.4p1/rijndael.h
Examining data/openssh-8.4p1/sandbox-capsicum.c
Examining data/openssh-8.4p1/sandbox-darwin.c
Examining data/openssh-8.4p1/sandbox-null.c
Examining data/openssh-8.4p1/sandbox-pledge.c
Examining data/openssh-8.4p1/sandbox-rlimit.c
Examining data/openssh-8.4p1/sandbox-seccomp-filter.c
Examining data/openssh-8.4p1/sandbox-solaris.c
Examining data/openssh-8.4p1/sandbox-systrace.c
Examining data/openssh-8.4p1/sc25519.c
Examining data/openssh-8.4p1/sc25519.h
Examining data/openssh-8.4p1/serverloop.c
Examining data/openssh-8.4p1/serverloop.h
Examining data/openssh-8.4p1/sftp-client.c
Examining data/openssh-8.4p1/sftp-client.h
Examining data/openssh-8.4p1/sftp-common.c
Examining data/openssh-8.4p1/sftp-common.h
Examining data/openssh-8.4p1/sftp-glob.c
Examining data/openssh-8.4p1/sftp-realpath.c
Examining data/openssh-8.4p1/sftp-server-main.c
Examining data/openssh-8.4p1/sftp-server.c
Examining data/openssh-8.4p1/sftp.c
Examining data/openssh-8.4p1/sftp.h
Examining data/openssh-8.4p1/sk-api.h
Examining data/openssh-8.4p1/sk-usbhid.c
Examining data/openssh-8.4p1/smult_curve25519_ref.c
Examining data/openssh-8.4p1/sntrup4591761.c
Examining data/openssh-8.4p1/ssh-add.c
Examining data/openssh-8.4p1/ssh-agent.c
Examining data/openssh-8.4p1/ssh-dss.c
Examining data/openssh-8.4p1/ssh-ecdsa-sk.c
Examining data/openssh-8.4p1/ssh-ecdsa.c
Examining data/openssh-8.4p1/ssh-ed25519-sk.c
Examining data/openssh-8.4p1/ssh-ed25519.c
Examining data/openssh-8.4p1/ssh-keygen.c
Examining data/openssh-8.4p1/ssh-keyscan.c
Examining data/openssh-8.4p1/ssh-keysign.c
Examining data/openssh-8.4p1/ssh-pkcs11-client.c
Examining data/openssh-8.4p1/ssh-rsa.c
Examining data/openssh-8.4p1/ssh-pkcs11-helper.c
Examining data/openssh-8.4p1/ssh-pkcs11.c
Examining data/openssh-8.4p1/ssh-pkcs11.h
Examining data/openssh-8.4p1/ssh-sandbox.h
Examining data/openssh-8.4p1/ssh-sk-client.c
Examining data/openssh-8.4p1/ssh-sk-helper.c
Examining data/openssh-8.4p1/ssh-sk.c
Examining data/openssh-8.4p1/ssh-sk.h
Examining data/openssh-8.4p1/ssh-xmss.c
Examining data/openssh-8.4p1/ssh.h
Examining data/openssh-8.4p1/ssh2.h
Examining data/openssh-8.4p1/ssh_api.c
Examining data/openssh-8.4p1/ssh_api.h
Examining data/openssh-8.4p1/sshbuf-getput-basic.c
Examining data/openssh-8.4p1/sshbuf-getput-crypto.c
Examining data/openssh-8.4p1/sshbuf-io.c
Examining data/openssh-8.4p1/sshbuf.c
Examining data/openssh-8.4p1/sshbuf-misc.c
Examining data/openssh-8.4p1/sshbuf.h
Examining data/openssh-8.4p1/sshconnect.h
Examining data/openssh-8.4p1/ssherr.c
Examining data/openssh-8.4p1/ssherr.h
Examining data/openssh-8.4p1/sshkey-xmss.c
Examining data/openssh-8.4p1/sshkey-xmss.h
Examining data/openssh-8.4p1/sshlogin.c
Examining data/openssh-8.4p1/sshlogin.h
Examining data/openssh-8.4p1/sshsig.c
Examining data/openssh-8.4p1/sshsig.h
Examining data/openssh-8.4p1/sshtty.c
Examining data/openssh-8.4p1/ttymodes.c
Examining data/openssh-8.4p1/ttymodes.h
Examining data/openssh-8.4p1/uidswap.c
Examining data/openssh-8.4p1/uidswap.h
Examining data/openssh-8.4p1/umac.c
Examining data/openssh-8.4p1/umac.h
Examining data/openssh-8.4p1/umac128.c
Examining data/openssh-8.4p1/utf8.c
Examining data/openssh-8.4p1/utf8.h
Examining data/openssh-8.4p1/verify.c
Examining data/openssh-8.4p1/xmalloc.c
Examining data/openssh-8.4p1/xmalloc.h
Examining data/openssh-8.4p1/xmss_commons.c
Examining data/openssh-8.4p1/xmss_commons.h
Examining data/openssh-8.4p1/xmss_fast.c
Examining data/openssh-8.4p1/xmss_fast.h
Examining data/openssh-8.4p1/xmss_hash.c
Examining data/openssh-8.4p1/xmss_hash.h
Examining data/openssh-8.4p1/xmss_hash_address.c
Examining data/openssh-8.4p1/xmss_hash_address.h
Examining data/openssh-8.4p1/xmss_wots.c
Examining data/openssh-8.4p1/xmss_wots.h
Examining data/openssh-8.4p1/debian/keygen-test/getpid.c
Examining data/openssh-8.4p1/kexgssc.c
Examining data/openssh-8.4p1/kexgsss.c
Examining data/openssh-8.4p1/auth2-gss.c
Examining data/openssh-8.4p1/canohost.c
Examining data/openssh-8.4p1/canohost.h
Examining data/openssh-8.4p1/clientloop.c
Examining data/openssh-8.4p1/gss-genr.c
Examining data/openssh-8.4p1/gss-serv-krb5.c
Examining data/openssh-8.4p1/gss-serv.c
Examining data/openssh-8.4p1/kexdh.c
Examining data/openssh-8.4p1/kexgen.c
Examining data/openssh-8.4p1/readconf.h
Examining data/openssh-8.4p1/ssh-gss.h
Examining data/openssh-8.4p1/sshconnect2.c
Examining data/openssh-8.4p1/sshkey.c
Examining data/openssh-8.4p1/sshkey.h
Examining data/openssh-8.4p1/auth.h
Examining data/openssh-8.4p1/auth2.c
Examining data/openssh-8.4p1/monitor.c
Examining data/openssh-8.4p1/monitor.h
Examining data/openssh-8.4p1/monitor_wrap.c
Examining data/openssh-8.4p1/monitor_wrap.h
Examining data/openssh-8.4p1/platform.c
Examining data/openssh-8.4p1/platform.h
Examining data/openssh-8.4p1/session.c
Examining data/openssh-8.4p1/session.h
Examining data/openssh-8.4p1/sshpty.c
Examining data/openssh-8.4p1/sshpty.h
Examining data/openssh-8.4p1/log.c
Examining data/openssh-8.4p1/ssh.c
Examining data/openssh-8.4p1/auth-rhosts.c
Examining data/openssh-8.4p1/auth.c
Examining data/openssh-8.4p1/misc.c
Examining data/openssh-8.4p1/misc.h
Examining data/openssh-8.4p1/scp.c
Examining data/openssh-8.4p1/dns.c
Examining data/openssh-8.4p1/version.h
Examining data/openssh-8.4p1/kex.c
Examining data/openssh-8.4p1/kex.h
Examining data/openssh-8.4p1/servconf.h
Examining data/openssh-8.4p1/sshconnect.c
Examining data/openssh-8.4p1/sshd.c
Examining data/openssh-8.4p1/readconf.c
Examining data/openssh-8.4p1/servconf.c
FINAL RESULTS:
data/openssh-8.4p1/openbsd-compat/bsd-misc.c:177:9: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
return chown(path, owner, group);
data/openssh-8.4p1/openbsd-compat/bsd-misc.c:208:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
return chmod(path, mode);
data/openssh-8.4p1/scp.c:1432:13: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
(void) chmod(np, mode);
data/openssh-8.4p1/scp.c:1447:12: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
(void) chmod(vect[0], mode);
data/openssh-8.4p1/scp.c:1520:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(np, omode)) {
data/openssh-8.4p1/scp.c:1530:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(np, omode & ~mask)) {
data/openssh-8.4p1/sftp-client.c:1465:24: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (preserve_flag && chmod(local_path, mode) == -1)
data/openssh-8.4p1/sftp-realpath.c:174:11: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
slen = readlink(resolved, symlink, sizeof(symlink) - 1);
data/openssh-8.4p1/sftp-server.c:932:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
r = chmod(name, a.perm & 07777);
data/openssh-8.4p1/sftp-server.c:950:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
r = chown(name, a.uid, a.gid);
data/openssh-8.4p1/sftp-server.c:988:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
r = chmod(name, a.perm & 07777);
data/openssh-8.4p1/sftp-server.c:1014:8: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
r = chown(name, a.uid, a.gid);
data/openssh-8.4p1/sftp-server.c:1263:13: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((len = readlink(path, buf, sizeof(buf) - 1)) == -1)
data/openssh-8.4p1/sshpty.c:89:6: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(tty, (uid_t) 0, (gid_t) 0) == -1)
data/openssh-8.4p1/sshpty.c:91:6: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(tty, (mode_t) 0666) == -1)
data/openssh-8.4p1/sshpty.c:193:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(tty, pw->pw_uid, gid) == -1) {
data/openssh-8.4p1/sshpty.c:207:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(tty, mode) == -1) {
data/openssh-8.4p1/auth.c:672:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/openssh-8.4p1/auth.h:147:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 2, 3)))
data/openssh-8.4p1/auth.h:223:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/openssh-8.4p1/channels.c:4717:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof buf, _PATH_UNIX_X, dnr);
data/openssh-8.4p1/clientloop.c:374:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(cmd) == 0)
data/openssh-8.4p1/clientloop.c:392:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen(cmd, "r");
data/openssh-8.4p1/defines.h:715:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf (char *, size_t, const char *, ...);
data/openssh-8.4p1/defines.h:717:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
char *crypt (const char *, const char *);
data/openssh-8.4p1/log.c:461:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args);
data/openssh-8.4p1/log.c:463:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msgbuf, sizeof(msgbuf), fmt, args);
data/openssh-8.4p1/log.h:65:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/openssh-8.4p1/log.h:66:57: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void error(const char *, ...) __attribute__((format(printf, 1, 2)));
data/openssh-8.4p1/log.h:68:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/openssh-8.4p1/log.h:70:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/openssh-8.4p1/log.h:71:57: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void logit(const char *, ...) __attribute__((format(printf, 1, 2)));
data/openssh-8.4p1/log.h:72:59: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void verbose(const char *, ...) __attribute__((format(printf, 1, 2)));
data/openssh-8.4p1/log.h:73:57: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void debug(const char *, ...) __attribute__((format(printf, 1, 2)));
data/openssh-8.4p1/log.h:74:58: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
data/openssh-8.4p1/log.h:75:58: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
data/openssh-8.4p1/log.h:80:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/openssh-8.4p1/logintest.c:163:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(cmdstring);
data/openssh-8.4p1/logintest.c:181:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(cmdstring);
data/openssh-8.4p1/logintest.c:210:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(cmdstring);
data/openssh-8.4p1/misc.h:77:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 3, 4))) __attribute__((__nonnull__ (3)));
data/openssh-8.4p1/misc.h:106:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/openssh-8.4p1/misc.h:108:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)));
data/openssh-8.4p1/misc.h:190:62: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
data/openssh-8.4p1/misc.h:192:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/openssh-8.4p1/openbsd-compat/bsd-asprintf.c:51:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
data/openssh-8.4p1/openbsd-compat/bsd-asprintf.c:65:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(newstr, len, fmt, ap2);
data/openssh-8.4p1/openbsd-compat/bsd-err.c:44:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/openssh-8.4p1/openbsd-compat/bsd-err.c:58:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/openssh-8.4p1/openbsd-compat/bsd-err.c:73:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/openssh-8.4p1/openbsd-compat/bsd-misc.h:146:56: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void err(int, const char *, ...) __attribute__((format(printf, 2, 3)));
data/openssh-8.4p1/openbsd-compat/bsd-misc.h:149:57: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void errx(int, const char *, ...) __attribute__((format(printf, 2, 3)));
data/openssh-8.4p1/openbsd-compat/bsd-misc.h:152:52: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void warn(const char *, ...) __attribute__((format(printf, 1, 2)));
data/openssh-8.4p1/openbsd-compat/bsd-snprintf.c:862:1: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (char *str, size_t count, const char *fmt, va_list args)
data/openssh-8.4p1/openbsd-compat/bsd-snprintf.c:870:1: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(char *str, size_t count, SNPRINTF_CONST char *fmt, ...)
data/openssh-8.4p1/openbsd-compat/bsd-snprintf.c:876:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(str, count, fmt, ap);
data/openssh-8.4p1/openbsd-compat/inet_ntop.c:92:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
l = snprintf(tmp, size, fmt, src[0], src[1], src[2], src[3]);
data/openssh-8.4p1/openbsd-compat/mktemp.c:110:19: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
__warn_references(mktemp,
data/openssh-8.4p1/openbsd-compat/mktemp.c:114:1: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
mktemp(char *path)
data/openssh-8.4p1/openbsd-compat/openbsd-compat.h:231:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf(char *, size_t, SNPRINTF_CONST char *, ...);
data/openssh-8.4p1/openbsd-compat/openbsd-compat.h:297:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int vsnprintf(char *, size_t, const char *, va_list);
data/openssh-8.4p1/openbsd-compat/port-net.c:174:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), name, tun);
data/openssh-8.4p1/openbsd-compat/port-solaris.c:172:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(ctl_path, sizeof(ctl_path),
data/openssh-8.4p1/openbsd-compat/readpassphrase.c:198:1: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
getpass(const char *prompt)
data/openssh-8.4p1/openbsd-compat/regress/snprintftest.c:41:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(str, count, fmt, ap);
data/openssh-8.4p1/openbsd-compat/setproctitle.c:148:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
r = vsnprintf(buf + len, sizeof(buf) - len , fmt, ap);
data/openssh-8.4p1/openbsd-compat/xcrypt.c:63:11: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
# define crypt DES_crypt
data/openssh-8.4p1/openbsd-compat/xcrypt.c:115:13: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypted = crypt(password, salt);
data/openssh-8.4p1/openbsd-compat/xcrypt.c:120:13: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypted = crypt(password, salt);
data/openssh-8.4p1/openbsd-compat/xcrypt.c:124:12: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypted = crypt(password, salt);
data/openssh-8.4p1/packet.c:1828:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/openssh-8.4p1/packet.c:1943:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/openssh-8.4p1/packet.c:2729:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/openssh-8.4p1/packet.h:118:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/openssh-8.4p1/packet.h:135:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)))
data/openssh-8.4p1/packet.h:137:90: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void ssh_packet_send_debug(struct ssh *, const char *fmt, ...) __attribute__((format(printf, 2, 3)));
data/openssh-8.4p1/packet.h:177:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/openssh-8.4p1/packet.h:180:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)))
data/openssh-8.4p1/readconf.c:536:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(shell, X_OK) == -1) {
data/openssh-8.4p1/readconf.c:565:3: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(argv[0], argv);
data/openssh-8.4p1/readpass.c:80:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(askpass, askpass, msg, (char *)NULL);
data/openssh-8.4p1/readpass.c:206:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(prompt, sizeof(prompt), fmt, args);
data/openssh-8.4p1/readpass.c:280:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(askpass, askpass, prompt, (char *)NULL);
data/openssh-8.4p1/regress/check-perm.c:28:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/openssh-8.4p1/regress/misc/sk-dummy/fatal.c:16:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/openssh-8.4p1/regress/misc/sk-dummy/sk-dummy.c:55:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 2, 3)));
data/openssh-8.4p1/regress/misc/sk-dummy/sk-dummy.c:65:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/openssh-8.4p1/regress/netcat.c:329:8: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
if (mktemp(unix_dg_tmp_socket_buf) == NULL)
data/openssh-8.4p1/regress/unittests/test_helper/fuzz.c:44:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf x; \
data/openssh-8.4p1/regress/unittests/test_helper/test_helper.c:220:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(ret, F_OK) != 0) {
data/openssh-8.4p1/regress/unittests/test_helper/test_helper.c:288:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(subtest_info, sizeof(subtest_info), fmt, ap);
data/openssh-8.4p1/regress/unittests/test_helper/test_helper.h:53:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/openssh-8.4p1/scp.c:220:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(a->list[0], a->list);
data/openssh-8.4p1/scp.c:307:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(ssh_program, args.list);
data/openssh-8.4p1/scp.c:364:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(ssh_program, args.list);
data/openssh-8.4p1/scp.c:385:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 1, 2)))
data/openssh-8.4p1/scp.c:388:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 1, 2)));
data/openssh-8.4p1/scp.c:1624:10: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) vfprintf(fp, fmt, ap);
data/openssh-8.4p1/session.c:1226:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen(cmd, "w");
data/openssh-8.4p1/session.c:1239:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen(_PATH_BSHELL " " _PATH_SSH_SYSTEM_RC, "w");
data/openssh-8.4p1/session.c:1261:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen(cmd, "w");
data/openssh-8.4p1/session.c:1461:3: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name,
data/openssh-8.4p1/session.c:1464:3: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL);
data/openssh-8.4p1/sftp-client.c:97:52: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
const char *errfmt, ...) __attribute__((format(printf, 4, 5)));
data/openssh-8.4p1/sftp-client.c:260:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(errmsg, sizeof(errmsg), errfmt, args);
data/openssh-8.4p1/sftp.c:335:4: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(shell, shell, "-c", args, (char *)NULL);
data/openssh-8.4p1/sftp.c:338:4: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(shell, shell, (char *)NULL);
data/openssh-8.4p1/sftp.c:363:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, len, _PATH_LS " %s", args);
data/openssh-8.4p1/sftp.c:2344:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(path, args);
data/openssh-8.4p1/sk-usbhid.c:130:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 2, 3)));
data/openssh-8.4p1/sk-usbhid.c:149:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/openssh-8.4p1/ssh-agent.c:1399:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format, SSH_AUTHSOCKET_ENV_NAME);
data/openssh-8.4p1/ssh-agent.c:1400:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format, SSH_AGENTPID_ENV_NAME);
data/openssh-8.4p1/ssh-agent.c:1455:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
data/openssh-8.4p1/ssh-agent.c:1471:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
data/openssh-8.4p1/ssh-agent.c:1473:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
data/openssh-8.4p1/ssh-agent.c:1483:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(av[0], av);
data/openssh-8.4p1/ssh-pkcs11-client.c:305:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(helper, helper, verbosity, (char *)NULL);
data/openssh-8.4p1/ssh-sk-client.c:61:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(helper, X_OK) != 0) {
data/openssh-8.4p1/ssh-sk-client.c:98:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(helper, helper, verbosity, (char *)NULL);
data/openssh-8.4p1/ssh-sk-helper.c:54:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 2, 3)));
data/openssh-8.4p1/ssh.c:1286:37: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (strchr(argv0, '/') != NULL && access(argv0, X_OK) != 0)
data/openssh-8.4p1/sshbuf-getput-basic.c:366:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if ((len = vsnprintf(NULL, 0, fmt, ap2)) < 0) {
data/openssh-8.4p1/sshbuf-getput-basic.c:378:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if ((r = vsnprintf((char *)p, len + 1, fmt, ap2)) != len) {
data/openssh-8.4p1/sshbuf.h:166:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/openssh-8.4p1/sshbuf.h:401:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf x; \
data/openssh-8.4p1/sshconnect.c:184:3: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(argv[0], argv);
data/openssh-8.4p1/sshconnect.c:266:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], argv);
data/openssh-8.4p1/sshconnect.c:1402:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(shell, shell, "-c", args, (char *)NULL);
data/openssh-8.4p1/sshconnect2.c:2155:3: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);
data/openssh-8.4p1/sshd.c:332:2: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(saved_argv[0], saved_argv);
data/openssh-8.4p1/sshd.c:2130:3: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(rexec_argv[0], rexec_argv);
data/openssh-8.4p1/sshkey.h:274:70: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
typedef void sshkey_printfn(const char *, ...) __attribute__((format(printf, 1, 2)));
data/openssh-8.4p1/utf8.h:20:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/openssh-8.4p1/utf8.h:22:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/openssh-8.4p1/utf8.h:25:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 4, 5)));
data/openssh-8.4p1/utf8.h:27:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 4, 5)));
data/openssh-8.4p1/xmalloc.h:25:44: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 2, 3)))
data/openssh-8.4p1/auth-pam.c:487:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *tz = getenv("TZ");
data/openssh-8.4p1/auth.c:828:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("LANG")) != NULL)
data/openssh-8.4p1/authfd.c:129:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
data/openssh-8.4p1/authfd.c:188:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv(SSH_AUTHSOCKET_ENV_NAME))
data/openssh-8.4p1/channels.c:4759:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
display = getenv("DISPLAY");
data/openssh-8.4p1/contrib/gnome-ssh-askpass1.c:75:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
data/openssh-8.4p1/contrib/gnome-ssh-askpass1.c:76:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
data/openssh-8.4p1/contrib/gnome-ssh-askpass2.c:117:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv(env)) == NULL)
data/openssh-8.4p1/contrib/gnome-ssh-askpass2.c:163:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
data/openssh-8.4p1/contrib/gnome-ssh-askpass2.c:164:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
data/openssh-8.4p1/contrib/gnome-ssh-askpass2.c:333:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((prompt_mode = getenv("SSH_ASKPASS_PROMPT")) != NULL) {
data/openssh-8.4p1/debian/keygen-test/getpid.c:38:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return atoi(getenv("FORCE_PID"));
data/openssh-8.4p1/defines.h:615:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
# undef getopt
data/openssh-8.4p1/defines.h:621:10: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
# define getopt(ac, av, o) BSDgetopt(ac, av, o)
data/openssh-8.4p1/misc.c:1155:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((val = getenv(var)) == NULL) {
data/openssh-8.4p1/misc.c:1723:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((tmpdir = getenv("TMPDIR")) != NULL) {
data/openssh-8.4p1/misc.c:2097:6: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(name, buf) == NULL) {
data/openssh-8.4p1/misc.c:2102:24: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (pw_dir != NULL && realpath(pw_dir, homedir) != NULL)
data/openssh-8.4p1/mux.c:1396:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
display = getenv("DISPLAY");
data/openssh-8.4p1/mux.c:1925:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((term = getenv("TERM")) == NULL)
data/openssh-8.4p1/openbsd-compat/bsd-misc.h:188:9: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
#define realpath(x, y) (sftp_realpath((x), (y)))
data/openssh-8.4p1/openbsd-compat/getopt.h:57:6: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt_long(int, char * const *, const char *,
data/openssh-8.4p1/openbsd-compat/getopt.h:63:6: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int, char * const *, const char *);
data/openssh-8.4p1/openbsd-compat/getopt_long.c:316:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
posixly_correct = (getenv("POSIXLY_CORRECT") != NULL);
data/openssh-8.4p1/openbsd-compat/getopt_long.c:490:1: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt(int nargc, char * const *nargv, const char *options)
data/openssh-8.4p1/openbsd-compat/getopt_long.c:510:1: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt_long(int nargc, char * const *nargv, const char *options,
data/openssh-8.4p1/openbsd-compat/glob.c:395:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (issetugid() != 0 || (h = getenv("HOME")) == NULL) {
data/openssh-8.4p1/openbsd-compat/glob.c:397:39: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((getuid() != geteuid()) || (h = getenv("HOME")) == NULL) {
data/openssh-8.4p1/readconf.c:533:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((shell = getenv("SHELL")) == NULL)
data/openssh-8.4p1/readpass.c:130:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv("DISPLAY")) != NULL)
data/openssh-8.4p1/readpass.c:132:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv(SSH_ASKPASS_REQUIRE_ENV)) != NULL) {
data/openssh-8.4p1/readpass.c:175:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv(SSH_ASKPASS_ENV))
data/openssh-8.4p1/readpass.c:176:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
askpass = getenv(SSH_ASKPASS_ENV);
data/openssh-8.4p1/readpass.c:253:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((askpass = getenv("SSH_ASKPASS")) == NULL)
data/openssh-8.4p1/readpass.c:259:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("DISPLAY") == NULL &&
data/openssh-8.4p1/readpass.c:260:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
((s = getenv(SSH_ASKPASS_REQUIRE_ENV)) == NULL ||
data/openssh-8.4p1/regress/check-perm.c:102:6: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(name, buf) == NULL) {
data/openssh-8.4p1/regress/check-perm.c:107:24: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (pw_dir != NULL && realpath(pw_dir, homedir) != NULL)
data/openssh-8.4p1/regress/check-perm.c:168:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "hm:")) != -1) {
data/openssh-8.4p1/regress/misc/kexfuzz/kexfuzz.c:352:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "hcdrvD:f:K:k:i:")) != -1) {
data/openssh-8.4p1/regress/mkdtemp.c:49:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((tmpdir = getenv("TMPDIR")) == NULL)
data/openssh-8.4p1/regress/modpipe.c:91:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "wm:")) != -1) {
data/openssh-8.4p1/regress/netcat.c:168:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv,
data/openssh-8.4p1/regress/unittests/test_helper/test_helper.c:149:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "Ffvqd:")) != -1) {
data/openssh-8.4p1/scp.c:442:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv,
data/openssh-8.4p1/session.c:1039:41: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
child_set_env(&env, &envsize, "PATH", getenv("PATH"));
data/openssh-8.4p1/session.c:1068:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("TZ"))
data/openssh-8.4p1/session.c:1069:39: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
child_set_env(&env, &envsize, "TZ", getenv("TZ"));
data/openssh-8.4p1/session.c:1083:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("KRB5CCNAME")) != NULL)
data/openssh-8.4p1/session.c:1091:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("AUTHSTATE")) != NULL)
data/openssh-8.4p1/session.c:1357:6: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (chroot(path) == -1)
data/openssh-8.4p1/sftp-server.c:1585:28: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (!skipargs && (ch = getopt(argc, argv,
data/openssh-8.4p1/sftp-server.c:1667:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("SSH_CONNECTION")) != NULL) {
data/openssh-8.4p1/sftp-server.c:1671:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("SSH_CONNECTION"));
data/openssh-8.4p1/sftp.c:325:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
data/openssh-8.4p1/sftp.c:413:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "afPpRr")) != -1) {
data/openssh-8.4p1/sftp.c:448:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "s")) != -1) {
data/openssh-8.4p1/sftp.c:472:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "l")) != -1) {
data/openssh-8.4p1/sftp.c:496:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "1Safhlnrt")) != -1) {
data/openssh-8.4p1/sftp.c:549:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "hi")) != -1) {
data/openssh-8.4p1/sftp.c:576:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "h")) != -1) {
data/openssh-8.4p1/sftp.c:599:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "")) != -1) {
data/openssh-8.4p1/sftp.c:2410:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv,
data/openssh-8.4p1/ssh-add.c:697:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
skprovider = getenv("SSH_SK_PROVIDER");
data/openssh-8.4p1/ssh-add.c:699:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "vkKlLcdDTxXE:e:M:m:qs:S:t:")) != -1) {
data/openssh-8.4p1/ssh-agent.c:606:8: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(sk_provider, canonical_provider) == NULL) {
data/openssh-8.4p1/ssh-agent.c:768:6: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(provider, canonical_provider) == NULL) {
data/openssh-8.4p1/ssh-agent.c:827:6: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(provider, canonical_provider) == NULL) {
data/openssh-8.4p1/ssh-agent.c:1309:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(ac, av, "cDdksE:a:O:P:t:")) != -1) {
data/openssh-8.4p1/ssh-agent.c:1373:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
shell = getenv("SHELL");
data/openssh-8.4p1/ssh-agent.c:1381:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pidstr = getenv(SSH_AGENTPID_ENV_NAME);
data/openssh-8.4p1/ssh-keygen.c:3191:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
sk_provider = getenv("SSH_SK_PROVIDER");
data/openssh-8.4p1/ssh-keygen.c:3194:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "ABHKLQUXceghiklopquvy"
data/openssh-8.4p1/ssh-keyscan.c:680:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "cDHv46p:T:t:f:")) != -1) {
data/openssh-8.4p1/ssh-pkcs11-client.c:300:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
helper = getenv("SSH_PKCS11_HELPER");
data/openssh-8.4p1/ssh-pkcs11-helper.c:341:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "v")) != -1) {
data/openssh-8.4p1/ssh-sk-client.c:58:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
helper = getenv("SSH_SK_HELPER");
data/openssh-8.4p1/ssh-sk-helper.c:282:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "v")) != -1) {
data/openssh-8.4p1/ssh.c:724:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
data/openssh-8.4p1/ssh.c:1508:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv(options.sk_provider + 1)) == NULL) {
data/openssh-8.4p1/ssh.c:1615:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv(cp + 1)) == NULL)
data/openssh-8.4p1/ssh.c:1632:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv(cp + 1)) != NULL)
data/openssh-8.4p1/ssh.c:1998:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
display = getenv("DISPLAY");
data/openssh-8.4p1/ssh.c:2026:59: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
client_session2_setup(ssh, id, tty_flag, subsystem_flag, getenv("TERM"),
data/openssh-8.4p1/sshconnect.c:139:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((shell = getenv("SHELL")) == NULL)
data/openssh-8.4p1/sshconnect.c:221:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
data/openssh-8.4p1/sshconnect.c:1394:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
data/openssh-8.4p1/sshd.c:476:7: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
data/openssh-8.4p1/sshd.c:1588:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(ac, av,
data/openssh-8.4p1/sshd.c:1723:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("KRB5CCNAME") != NULL)
data/openssh-8.4p1/utf8.c:337:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv(vars[i])) == NULL)
data/openssh-8.4p1/addrmatch.c:157:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, a, sizeof(*dst));
data/openssh-8.4p1/addrmatch.c:316:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[64], *mp, *cp;
data/openssh-8.4p1/addrmatch.c:341:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n, &tmp, sizeof(*n));
data/openssh-8.4p1/atomicio.c:120:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iov, _iov, (size_t)iovcnt * sizeof(*_iov));
data/openssh-8.4p1/atomicio.c:164:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
iov[0].iov_base = ((char *)iov[0].iov_base) + rem;
data/openssh-8.4p1/audit-bsm.c:152:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &in4->sin_addr, sizeof(struct in_addr));
data/openssh-8.4p1/audit-bsm.c:158:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &in6->sin6_addr, sizeof(struct in6_addr));
data/openssh-8.4p1/audit-bsm.c:238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char naflags[512];
data/openssh-8.4p1/audit-bsm.c:332:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textbuf[BSM_TEXTBUFSZ];
data/openssh-8.4p1/audit-bsm.c:353:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/openssh-8.4p1/audit-bsm.c:396:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textbuf[BSM_TEXTBUFSZ];
data/openssh-8.4p1/auth-krb5.c:244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ccname[40];
data/openssh-8.4p1/auth-krb5.c:253:10: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
tmpfd = mkstemp(ccname + strlen("FILE:"));
data/openssh-8.4p1/auth-pam.c:1114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[PAM_MAX_MSG_SIZE];
data/openssh-8.4p1/auth-rhosts.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[RBUFLN];/* Must not be larger than host, user, dummy below. */
data/openssh-8.4p1/auth-rhosts.c:66:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY|O_NONBLOCK)) == -1)
data/openssh-8.4p1/auth-rhosts.c:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostbuf[RBUFLN], userbuf[RBUFLN], dummy[RBUFLN];
data/openssh-8.4p1/auth-rhosts.c:192:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/openssh-8.4p1/auth.c:430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file, uidstr[32], ret[PATH_MAX];
data/openssh-8.4p1/auth.c:509:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/openssh-8.4p1/auth.c:514:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
data/openssh-8.4p1/auth.c:664:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/openssh-8.4p1/auth.c:765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, errmsg[512];
data/openssh-8.4p1/auth.c:834:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
data/openssh-8.4p1/auth.c:912:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024], buf[64];
data/openssh-8.4p1/auth.c:1013:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/openssh-8.4p1/auth2-pubkey.c:390:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc[256], *line = NULL, *cp, *ep;
data/openssh-8.4p1/auth2-pubkey.c:461:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_s[32], uidstr[32];
data/openssh-8.4p1/auth2-pubkey.c:900:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uidstr[32], *tmp, *command = NULL, **av = NULL;
data/openssh-8.4p1/auth2.c:116:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(options.banner, O_RDONLY)) == -1)
data/openssh-8.4p1/auth2.c:229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[512];
data/openssh-8.4p1/authfd.c:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/openssh-8.4p1/authfile.c:128:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY)) == -1)
data/openssh-8.4p1/authfile.c:183:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY)) == -1)
data/openssh-8.4p1/authfile.c:217:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(filename, "r")) == NULL)
data/openssh-8.4p1/authfile.c:388:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(filename, "r")) == NULL)
data/openssh-8.4p1/authfile.c:500:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
data/openssh-8.4p1/canohost.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NI_MAXHOST], ntop2[NI_MAXHOST];
data/openssh-8.4p1/canohost.c:152:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a4->sin_addr, &inaddr, sizeof(inaddr));
data/openssh-8.4p1/canohost.c:165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ntop[NI_MAXHOST];
data/openssh-8.4p1/canohost.c:229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *host, myname[NI_MAXHOST];
data/openssh-8.4p1/canohost.c:253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strport[NI_MAXSERV];
data/openssh-8.4p1/canohost.c:284:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(strport);
data/openssh-8.4p1/chacha.c:52:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char sigma[16] = "expand 32-byte k";
data/openssh-8.4p1/chacha.c:53:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char tau[16] = "expand 16-byte k";
data/openssh-8.4p1/channels.c:1195:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ucp + 12 + ((proto_len + 3) & ~3),
data/openssh-8.4p1/channels.c:1254:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[256];
data/openssh-8.4p1/channels.c:1385:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest_addr[255+1], ntop[INET6_ADDRSTRLEN];
data/openssh-8.4p1/channels.c:1664:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16384], *remote_ipaddr;
data/openssh-8.4p1/channels.c:1953:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CHAN_RBUF];
data/openssh-8.4p1/channels.c:2127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CHAN_RBUF];
data/openssh-8.4p1/channels.c:2219:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CHAN_RBUF];
data/openssh-8.4p1/channels.c:3394:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
data/openssh-8.4p1/channels.c:4196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ntop[NI_MAXHOST];
data/openssh-8.4p1/channels.c:4197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strport[MAXIMUM(NI_MAXSERV, sizeof(sunaddr->sun_path))];
data/openssh-8.4p1/channels.c:4274:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strport[NI_MAXSERV];
data/openssh-8.4p1/channels.c:4600:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strport[NI_MAXSERV];
data/openssh-8.4p1/channels.c:4716:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/openssh-8.4p1/channels.c:4753:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], *cp;
data/openssh-8.4p1/channels.c:4755:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strport[NI_MAXSERV];
data/openssh-8.4p1/channels.c:4772:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/openssh-8.4p1/cipher-aes.c:66:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE);
data/openssh-8.4p1/cipher-aes.c:98:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->r_iv, cprev, RIJNDAEL_BLOCKSIZE);
data/openssh-8.4p1/cipher-aes.c:103:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, cnow, RIJNDAEL_BLOCKSIZE);
data/openssh-8.4p1/cipher-aes.c:111:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->r_iv, buf, RIJNDAEL_BLOCKSIZE);
data/openssh-8.4p1/cipher-aes.c:137:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->r_iv, iv, len);
data/openssh-8.4p1/cipher-aes.c:139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, c->r_iv, len);
data/openssh-8.4p1/cipher-aesctr.c:65:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x->ctr, iv, AES_BLOCK_SIZE);
data/openssh-8.4p1/cipher-ctr.c:96:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
data/openssh-8.4p1/cipher-ctr.c:121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->aes_counter, iv, len);
data/openssh-8.4p1/cipher-ctr.c:123:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, c->aes_counter, len);
data/openssh-8.4p1/cipher.c:140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + rlen, c->name, nlen + 1);
data/openssh-8.4p1/cipher.c:357:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, aadlen + len);
data/openssh-8.4p1/cipher.c:363:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, aadlen);
data/openssh-8.4p1/cipher.c:389:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, aadlen);
data/openssh-8.4p1/cipher.c:478:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, cc->ac_ctx.ctr, len);
data/openssh-8.4p1/clientloop.c:279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cmd, line[512], xdisplay[512];
data/openssh-8.4p1/clientloop.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xauthfile[PATH_MAX], xauthdir[PATH_MAX];
data/openssh-8.4p1/clientloop.c:281:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char proto[512], data[512];
data/openssh-8.4p1/clientloop.c:617:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SSH_IOBUFSZ];
data/openssh-8.4p1/clientloop.c:670:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[256];
data/openssh-8.4p1/clientloop.c:1000:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[16];
data/openssh-8.4p1/debian/keygen-test/getpid.c:38:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(getenv("FORCE_PID"));
data/openssh-8.4p1/defines.h:390:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sun_path[108]; /* path name (gag) */
data/openssh-8.4p1/defines.h:659:29: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memmove(s1, s2, n) bcopy((s2), (s1), (n))
data/openssh-8.4p1/defines.h:716:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int mkstemp (char *);
data/openssh-8.4p1/dh.c:155:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) {
data/openssh-8.4p1/digest-libc.c:187:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to->mdctx, from->mdctx, digest->ctx_len);
data/openssh-8.4p1/dns.c:162:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*digest, rdata + 2, *digest_len);
data/openssh-8.4p1/ed25519.c:33:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char extsk[64];
data/openssh-8.4p1/ed25519.c:59:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r[32];
data/openssh-8.4p1/ed25519.c:60:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[32];
data/openssh-8.4p1/ed25519.c:61:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char extsk[64];
data/openssh-8.4p1/ed25519.c:63:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hmg[crypto_hash_sha512_BYTES];
data/openssh-8.4p1/ed25519.c:64:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hram[crypto_hash_sha512_BYTES];
data/openssh-8.4p1/ed25519.c:111:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t2[32];
data/openssh-8.4p1/ed25519.c:114:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hram[crypto_hash_sha512_BYTES];
data/openssh-8.4p1/entropy.c:221:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[RANDOM_SEED_SIZE];
data/openssh-8.4p1/entropy.c:259:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[RANDOM_SEED_SIZE];
data/openssh-8.4p1/fe25519.c:100:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void fe25519_unpack(fe25519 *r, const unsigned char x[32])
data/openssh-8.4p1/fe25519.c:108:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void fe25519_pack(unsigned char r[32], const fe25519 *x)
data/openssh-8.4p1/fe25519.h:40:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void fe25519_unpack(fe25519 *r, const unsigned char x[32]);
data/openssh-8.4p1/fe25519.h:42:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void fe25519_pack(unsigned char r[32], const fe25519 *x);
data/openssh-8.4p1/ge25519.c:196:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int ge25519_unpackneg_vartime(ge25519_p3 *r, const unsigned char p[32])
data/openssh-8.4p1/ge25519.c:243:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ge25519_pack(unsigned char r[32], const ge25519_p3 *p)
data/openssh-8.4p1/ge25519.c:266:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[127];
data/openssh-8.4p1/ge25519.c:308:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b[85];
data/openssh-8.4p1/ge25519.h:33:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]);
data/openssh-8.4p1/ge25519.h:35:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ge25519_pack(unsigned char r[32], const ge25519 *p);
data/openssh-8.4p1/gss-genr.c:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char deroid[2];
data/openssh-8.4p1/gss-genr.c:265:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->oid->elements, data, len);
data/openssh-8.4p1/gss-serv.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[NI_MAXHOST];
data/openssh-8.4p1/gss-serv.c:292:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name->value, tok+offset, name->length);
data/openssh-8.4p1/hmac.c:74:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buf, key, klen);
data/openssh-8.4p1/hostfile.c:101:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b64salt, s, b64len);
data/openssh-8.4p1/hostfile.c:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uu_salt[512], uu_result[512];
data/openssh-8.4p1/hostfile.c:125:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char encoded[1024];
data/openssh-8.4p1/hostfile.c:188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[32], *sp, *cp = *cpp;
data/openssh-8.4p1/hostfile.c:202:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(marker, cp, sp - cp);
data/openssh-8.4p1/hostfile.c:505:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "a");
data/openssh-8.4p1/hostfile.c:603:12: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(temp)) == -1) {
data/openssh-8.4p1/hostfile.c:728:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(path, "r")) == NULL)
data/openssh-8.4p1/hostfile.c:841:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ktype, lineinfo.rawkey, l);
data/openssh-8.4p1/kex.c:74:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *proposal_names[PROPOSAL_MAX] = {
data/openssh-8.4p1/kex.c:153:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + rlen, k->name, nlen + 1);
data/openssh-8.4p1/kex.c:377:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX])
data/openssh-8.4p1/kex.c:767:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
kex_ready(struct ssh *ssh, char *proposal[PROPOSAL_MAX])
data/openssh-8.4p1/kex.c:780:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
kex_setup(struct ssh *ssh, char *proposal[PROPOSAL_MAX])
data/openssh-8.4p1/kex.c:918:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
data/openssh-8.4p1/kex.c:918:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
data/openssh-8.4p1/kex.c:1134:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kex->session_id, hash, kex->session_id_len);
data/openssh-8.4p1/kex.h:200:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int kex_ready(struct ssh *, char *[PROPOSAL_MAX]);
data/openssh-8.4p1/kex.h:201:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int kex_setup(struct ssh *, char *[PROPOSAL_MAX]);
data/openssh-8.4p1/kex.h:206:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]);
data/openssh-8.4p1/kexgssc.c:580:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kex->session_id, hash, kex->session_id_len);
data/openssh-8.4p1/krl.c:264:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(irs, &rs, sizeof(*irs));
data/openssh-8.4p1/krl.c:429:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(blob, p, len);
data/openssh-8.4p1/krl.c:992:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp[64];
data/openssh-8.4p1/krl.c:1370:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fp, timestamp[64];
data/openssh-8.4p1/log.c:382:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(logfile, O_WRONLY|O_CREAT|O_APPEND, 0600)) == -1) {
data/openssh-8.4p1/log.c:415:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[MSGBUFSIZ];
data/openssh-8.4p1/log.c:416:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmtbuf[MSGBUFSIZ];
data/openssh-8.4p1/loginrec.c:430:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&li->hostaddr.sa, sa, bufsize);
data/openssh-8.4p1/loginrec.c:708:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ut->ut_addr_v6, sa6->sin6_addr.s6_addr, 16);
data/openssh-8.4p1/loginrec.c:793:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(utx->ut_addr_v6, sa6->sin6_addr.s6_addr, 16);
data/openssh-8.4p1/loginrec.c:872:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (tty > 0 && (fd = open(UTMP_FILE, O_RDWR|O_CREAT, 0644)) >= 0) {
data/openssh-8.4p1/loginrec.c:1097:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) {
data/openssh-8.4p1/loginrec.c:1191:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(WTMP_FILE, O_RDONLY)) < 0) {
data/openssh-8.4p1/loginrec.c:1269:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0)) < 0) {
data/openssh-8.4p1/loginrec.c:1356:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(WTMPX_FILE, O_RDONLY)) < 0) {
data/openssh-8.4p1/loginrec.c:1433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[UT_LINESIZE];
data/openssh-8.4p1/loginrec.c:1480:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastlog_file[1024];
data/openssh-8.4p1/loginrec.c:1499:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*fd = open(lastlog_file, filemode, 0600);
data/openssh-8.4p1/loginrec.c:1675:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(_PATH_BTMP, O_WRONLY | O_APPEND)) < 0) {
data/openssh-8.4p1/loginrec.c:1710:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ut.ut_addr, &(a4->sin_addr),
data/openssh-8.4p1/loginrec.c:1716:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ut.ut_addr_v6, &(a6->sin6_addr),
data/openssh-8.4p1/loginrec.h:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char progname[LINFO_PROGSIZE]; /* name of program (for PAM) */
data/openssh-8.4p1/loginrec.h:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[LINFO_LINESIZE]; /* tty/pty name */
data/openssh-8.4p1/loginrec.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[LINFO_NAMESIZE]; /* login username */
data/openssh-8.4p1/loginrec.h:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[LINFO_HOSTSIZE]; /* remote hostname */
data/openssh-8.4p1/logintest.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdstring[256], stripline[8];
data/openssh-8.4p1/logintest.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[32];
data/openssh-8.4p1/logintest.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_t0[64],s_t1[64],s_t2[64];
data/openssh-8.4p1/logintest.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_logintime[64], s_logouttime[64]; /* ctime() strings */
data/openssh-8.4p1/logintest.c:120:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&(sa_in4.sin_addr), (void *)&(he->h_addr_list[0][0]),
data/openssh-8.4p1/logintest.c:225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full[17], strip[9], abbrev[5];
data/openssh-8.4p1/mac.c:99:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + rlen, m->name, nlen + 1);
data/openssh-8.4p1/mac.c:204:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, u.m, dlen);
data/openssh-8.4p1/match.c:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub[1024];
data/openssh-8.4p1/match.c:273:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sproposals[MAX_PROP];
data/openssh-8.4p1/md5crypt.c:29:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5];
data/openssh-8.4p1/md5crypt.c:53:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char passwd[120], salt_copy[9];
data/openssh-8.4p1/md5crypt.c:55:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char final[16];
data/openssh-8.4p1/md5crypt.c:77:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(salt_copy, sp, sl);
data/openssh-8.4p1/misc.c:562:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tfbuf[TF_BUFS][TF_LEN]; /* ring buffer */
data/openssh-8.4p1/misc.c:830:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char result[2];
data/openssh-8.4p1/misc.c:1055:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[128], *ret;
data/openssh-8.4p1/misc.c:1068:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(user, filename, slash);
data/openssh-8.4p1/misc.c:1331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/openssh-8.4p1/misc.c:1344:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, O_RDWR);
data/openssh-8.4p1/misc.c:1349:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(name, O_RDWR)) >= 0)
data/openssh-8.4p1/misc.c:1407:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
data/openssh-8.4p1/misc.c:1429:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[3], *r;
data/openssh-8.4p1/misc.c:1790:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char iptos_str[sizeof "0xff"];
data/openssh-8.4p1/misc.c:1909:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(_PATH_TTY, O_RDONLY | O_NOCTTY)) >= 0) {
data/openssh-8.4p1/misc.c:2045:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, sshbuf_ptr(buf), sshbuf_len(buf));
data/openssh-8.4p1/misc.c:2092:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX], homedir[PATH_MAX];
data/openssh-8.4p1/misc.c:2234:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errbuf[256];
data/openssh-8.4p1/misc.c:2311:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32], *fmt;
data/openssh-8.4p1/moduli.c:454:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[PATH_MAX];
data/openssh-8.4p1/moduli.c:462:11: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((r = mkstemp(tmp)) == -1) {
data/openssh-8.4p1/moduli.c:487:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(cpfile, "r")) == NULL)
data/openssh-8.4p1/moduli.c:501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lp[QLINESIZE + 1];
data/openssh-8.4p1/moduli.c:518:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/openssh-8.4p1/monitor.c:696:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session_id2, p, session_id2_len);
data/openssh-8.4p1/monitor.c:1625:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) == -1)
data/openssh-8.4p1/monitor.c:2029:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session_id2, data.value, session_id2_len);
data/openssh-8.4p1/monitor_fdpass.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CMSG_SPACE(sizeof(int))];
data/openssh-8.4p1/monitor_fdpass.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CMSG_SPACE(sizeof(int))];
data/openssh-8.4p1/monitor_wrap.c:283:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pw, p, sizeof(*pw));
data/openssh-8.4p1/monitor_wrap.c:304:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newopts, p, sizeof(*newopts));
data/openssh-8.4p1/mux.c:248:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], *cp;
data/openssh-8.4p1/mux.c:1291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[16+1];
data/openssh-8.4p1/mux.c:1917:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
data/openssh-8.4p1/mux.c:2152:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
data/openssh-8.4p1/openbsd-compat/arc4random.c:100:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1)
data/openssh-8.4p1/openbsd-compat/arc4random.c:187:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, rs_buf + RSBUFSZ - rs_have, m);
data/openssh-8.4p1/openbsd-compat/arc4random.c:204:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val, rs_buf + RSBUFSZ - rs_have, sizeof(*val));
data/openssh-8.4p1/openbsd-compat/basename.c:29:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bname[MAXPATHLEN];
data/openssh-8.4p1/openbsd-compat/basename.c:62:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bname, startp, len);
data/openssh-8.4p1/openbsd-compat/bcrypt_pbkdf.c:136:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(countsalt, salt, saltlen);
data/openssh-8.4p1/openbsd-compat/bsd-closefrom.c:128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fdpath[PATH_MAX], *endp;
data/openssh-8.4p1/openbsd-compat/bsd-cygwin_util.c:55:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return (open(filename, flags | O_BINARY, mode));
data/openssh-8.4p1/openbsd-compat/bsd-cygwin_util.c:67:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cyg_privsep_user[DNLEN + UNLEN + 2];
data/openssh-8.4p1/openbsd-compat/bsd-cygwin_util.c:220:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub[1024];
data/openssh-8.4p1/openbsd-compat/bsd-cygwin_util.h:61:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open binary_open
data/openssh-8.4p1/openbsd-compat/bsd-misc.c:128:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
utimensat(int fd, const char *path, const struct timespec times[2],
data/openssh-8.4p1/openbsd-compat/bsd-misc.c:152:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, oflags)) == -1)
data/openssh-8.4p1/openbsd-compat/bsd-misc.c:183:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, oflags)) == -1)
data/openssh-8.4p1/openbsd-compat/bsd-misc.c:214:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, oflags)) == -1)
data/openssh-8.4p1/openbsd-compat/bsd-misc.c:228:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_WRONLY);
data/openssh-8.4p1/openbsd-compat/bsd-misc.c:328:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return(memcpy(cp, str, len));
data/openssh-8.4p1/openbsd-compat/bsd-misc.h:101:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int utimensat(int, const char *, const struct timespec[2], int);
data/openssh-8.4p1/openbsd-compat/bsd-openpty.c:89:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*aslave = open(slave, O_RDWR | O_NOCTTY)) == -1) {
data/openssh-8.4p1/openbsd-compat/bsd-openpty.c:104:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ptm = open("/dev/ptmx", O_RDWR | O_NOCTTY)) == -1)
data/openssh-8.4p1/openbsd-compat/bsd-openpty.c:121:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*aslave = open(pts, O_RDWR | O_NOCTTY)) == -1) {
data/openssh-8.4p1/openbsd-compat/bsd-openpty.c:151:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*amaster = open("/dev/ptc", O_RDWR | O_NOCTTY)) == -1)
data/openssh-8.4p1/openbsd-compat/bsd-openpty.c:155:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*aslave = open(ttname, O_RDWR | O_NOCTTY)) == -1) {
data/openssh-8.4p1/openbsd-compat/bsd-openpty.c:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptbuf[64], ttbuf[64];
data/openssh-8.4p1/openbsd-compat/bsd-openpty.c:178:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*amaster = open(ptbuf, O_RDWR | O_NOCTTY)) == -1) {
data/openssh-8.4p1/openbsd-compat/bsd-openpty.c:182:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*amaster = open(ptbuf, O_RDWR | O_NOCTTY)) == -1)
data/openssh-8.4p1/openbsd-compat/bsd-openpty.c:187:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*aslave = open(ttbuf, O_RDWR | O_NOCTTY)) == -1) {
data/openssh-8.4p1/openbsd-compat/bsd-signal.c:29:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/openssh-8.4p1/openbsd-compat/bsd-snprintf.c:548:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char convert[20];
data/openssh-8.4p1/openbsd-compat/bsd-snprintf.c:708:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconvert[311];
data/openssh-8.4p1/openbsd-compat/bsd-snprintf.c:709:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fconvert[311];
data/openssh-8.4p1/openbsd-compat/chacha_private.h:51:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char sigma[16] = "expand 32-byte k";
data/openssh-8.4p1/openbsd-compat/chacha_private.h:52:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char tau[16] = "expand 16-byte k";
data/openssh-8.4p1/openbsd-compat/daemon.c:71:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
data/openssh-8.4p1/openbsd-compat/dirname.c:31:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dname[MAXPATHLEN];
data/openssh-8.4p1/openbsd-compat/dirname.c:68:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dname, path, len);
data/openssh-8.4p1/openbsd-compat/fake-rfc2553.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpserv[16];
data/openssh-8.4p1/openbsd-compat/fake-rfc2553.h:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __ss_pad2[_SS_PADSIZE];
data/openssh-8.4p1/openbsd-compat/fnmatch.c:291:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char dummystring[2] = {' ', 0};
data/openssh-8.4p1/openbsd-compat/getcwd.c:173:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bup, dp->d_name, dp->d_namlen + 1);
data/openssh-8.4p1/openbsd-compat/getcwd.c:210:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bpt, dp->d_name, dp->d_namlen);
data/openssh-8.4p1/openbsd-compat/getopt_long.c:163:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char **) nargv)[pos] = nargv[cstart];
data/openssh-8.4p1/openbsd-compat/getopt_long.c:165:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char **)nargv)[cstart] = swap;
data/openssh-8.4p1/openbsd-compat/getrrsetbyname-ldns.c:140:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rrset->rri_name,
data/openssh-8.4p1/openbsd-compat/getrrsetbyname-ldns.c:230:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rdata->rdi_data + rdata_offset,
data/openssh-8.4p1/openbsd-compat/getrrsetbyname.c:332:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rdata->rdi_data, rr->rdata, rr->size);
data/openssh-8.4p1/openbsd-compat/getrrsetbyname.c:397:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&resp->header, cp, HFIXEDSZ);
data/openssh-8.4p1/openbsd-compat/getrrsetbyname.c:452:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXDNAME];
data/openssh-8.4p1/openbsd-compat/getrrsetbyname.c:499:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXDNAME];
data/openssh-8.4p1/openbsd-compat/getrrsetbyname.c:550:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curr->rdata, *cp, curr->size);
data/openssh-8.4p1/openbsd-compat/glob.c:389:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (((char *) patbuf)[0] == EOS) {
data/openssh-8.4p1/openbsd-compat/glob.c:707:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/openssh-8.4p1/openbsd-compat/glob.c:864:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(statv[pglob->gl_offs + pglob->gl_pathc], sb,
data/openssh-8.4p1/openbsd-compat/glob.c:999:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/openssh-8.4p1/openbsd-compat/glob.c:1017:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/openssh-8.4p1/openbsd-compat/glob.c:1029:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/openssh-8.4p1/openbsd-compat/inet_ntoa.c:49:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char b[18];
data/openssh-8.4p1/openbsd-compat/inet_ntop.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[sizeof "255.255.255.255"];
data/openssh-8.4p1/openbsd-compat/inet_ntop.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"];
data/openssh-8.4p1/openbsd-compat/libressl-api-compat.c:357:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, EVP_CIPHER_CTX_iv(ctx), len);
data/openssh-8.4p1/openbsd-compat/libressl-api-compat.c:359:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, ctx->iv, len);
data/openssh-8.4p1/openbsd-compat/libressl-api-compat.c:386:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, len);
data/openssh-8.4p1/openbsd-compat/libressl-api-compat.c:388:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->iv, iv, len);
data/openssh-8.4p1/openbsd-compat/libressl-api-compat.c:546:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, meth, sizeof(*copy));
data/openssh-8.4p1/openbsd-compat/md5.c:82:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer + have, input, need);
data/openssh-8.4p1/openbsd-compat/md5.c:99:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer + have, input, len);
data/openssh-8.4p1/openbsd-compat/md5.c:128:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MD5Final(unsigned char digest[MD5_DIGEST_LENGTH], MD5_CTX *ctx)
data/openssh-8.4p1/openbsd-compat/mktemp.c:82:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_CREAT|O_EXCL|O_RDWR, S_IRUSR|S_IWUSR);
data/openssh-8.4p1/openbsd-compat/mktemp.c:121:1: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
mkstemp(char *path)
data/openssh-8.4p1/openbsd-compat/openbsd-compat.h:127:5: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int mkstemp(char *path);
data/openssh-8.4p1/openbsd-compat/port-aix.c:65:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char old_registry[REGISTRY_SIZE] = "";
data/openssh-8.4p1/openbsd-compat/port-linux.c:218:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newctx, oldctx, len);
data/openssh-8.4p1/openbsd-compat/port-linux.c:280:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(oom_adj_path, "r+")) != NULL) {
data/openssh-8.4p1/openbsd-compat/port-linux.c:308:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fp = fopen(oom_adj_path, "w")) == NULL)
data/openssh-8.4p1/openbsd-compat/port-net.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[IFNAMSIZ + 1];
data/openssh-8.4p1/openbsd-compat/port-net.c:151:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(TUN_CTRL_DEV, O_RDWR)) == -1) {
data/openssh-8.4p1/openbsd-compat/port-net.c:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/openssh-8.4p1/openbsd-compat/port-net.c:233:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, O_RDWR);
data/openssh-8.4p1/openbsd-compat/port-net.c:238:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(name, O_RDWR)) >= 0)
data/openssh-8.4p1/openbsd-compat/port-net.c:314:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[CHAN_RBUF];
data/openssh-8.4p1/openbsd-compat/port-net.c:333:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf + 4, buf, len);
data/openssh-8.4p1/openbsd-compat/port-solaris.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctl_path[256];
data/openssh-8.4p1/openbsd-compat/port-solaris.c:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/openssh-8.4p1/openbsd-compat/port-uw.c:101:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen (password_file, "r")) == NULL) {
data/openssh-8.4p1/openbsd-compat/pwcache.c:55:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nbuf[15]; /* 32 bits == 10 digits */
data/openssh-8.4p1/openbsd-compat/pwcache.c:90:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nbuf[15]; /* 32 bits == 10 digits */
data/openssh-8.4p1/openbsd-compat/readpassphrase.c:80:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(input = output = open(_PATH_TTY, O_RDWR)) == -1) {
data/openssh-8.4p1/openbsd-compat/readpassphrase.c:200:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[_PASSWORD_LEN + 1];
data/openssh-8.4p1/openbsd-compat/recallocarray.c:78:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newptr, ptr, oldsize);
data/openssh-8.4p1/openbsd-compat/recallocarray.c:81:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newptr, ptr, newsize);
data/openssh-8.4p1/openbsd-compat/regress/closefromtest.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/openssh-8.4p1/openbsd-compat/regress/closefromtest.c:43:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fds[i] = open("/dev/null", O_RDONLY)) == -1)
data/openssh-8.4p1/openbsd-compat/regress/snprintftest.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[5];
data/openssh-8.4p1/openbsd-compat/regress/utimensattest.c:34:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int utimensat(int, const char *, const struct timespec[2], int);
data/openssh-8.4p1/openbsd-compat/regress/utimensattest.c:66:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(TMPFILE, O_CREAT, 0600)) == -1)
data/openssh-8.4p1/openbsd-compat/setenv.c:116:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(P, environ, cnt * sizeof(char *));
data/openssh-8.4p1/openbsd-compat/setenv.c:175:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(P, environ, cnt * sizeof(char *));
data/openssh-8.4p1/openbsd-compat/setproctitle.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], ptitle[1024];
data/openssh-8.4p1/openbsd-compat/sha1.c:63:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(block, buffer, SHA1_BLOCK_LENGTH);
data/openssh-8.4p1/openbsd-compat/sha1.c:136:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&context->buffer[j], data, (i = 64-j));
data/openssh-8.4p1/openbsd-compat/sha1.c:144:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&context->buffer[j], &data[i], len - i);
data/openssh-8.4p1/openbsd-compat/sha2.c:318:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->state.st32, sha224_initial_hash_value,
data/openssh-8.4p1/openbsd-compat/sha2.c:344:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, context->state.st32, SHA224_DIGEST_LENGTH);
data/openssh-8.4p1/openbsd-compat/sha2.c:356:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->state.st32, sha256_initial_hash_value,
data/openssh-8.4p1/openbsd-compat/sha2.c:538:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[usedspace], data, freespace);
data/openssh-8.4p1/openbsd-compat/sha2.c:545:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[usedspace], data, len);
data/openssh-8.4p1/openbsd-compat/sha2.c:561:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->buffer, data, len);
data/openssh-8.4p1/openbsd-compat/sha2.c:625:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH);
data/openssh-8.4p1/openbsd-compat/sha2.c:636:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->state.st64, sha512_initial_hash_value,
data/openssh-8.4p1/openbsd-compat/sha2.c:819:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[usedspace], data, freespace);
data/openssh-8.4p1/openbsd-compat/sha2.c:826:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[usedspace], data, len);
data/openssh-8.4p1/openbsd-compat/sha2.c:842:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->buffer, data, len);
data/openssh-8.4p1/openbsd-compat/sha2.c:906:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH);
data/openssh-8.4p1/openbsd-compat/sha2.c:918:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->state.st64, sha384_initial_hash_value,
data/openssh-8.4p1/openbsd-compat/sha2.c:963:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH);
data/openssh-8.4p1/openbsd-compat/sha2.c:975:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->state.st64, sha512_256_initial_hash_value,
data/openssh-8.4p1/openbsd-compat/sha2.c:1001:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, context->state.st64, SHA512_256_DIGEST_LENGTH);
data/openssh-8.4p1/openbsd-compat/strndup.c:36:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(copy, str, len);
data/openssh-8.4p1/openbsd-compat/vis.c:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[5];
data/openssh-8.4p1/openbsd-compat/vis.c:198:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tbuf, i);
data/openssh-8.4p1/openbsd-compat/xcrypt.c:78:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char salt[32];
data/openssh-8.4p1/packet.c:385:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/openssh-8.4p1/packet.c:1333:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/openssh-8.4p1/packet.c:1820:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/openssh-8.4p1/packet.c:1928:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], remote_id[512];
data/openssh-8.4p1/packet.c:2724:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/openssh-8.4p1/pkcs11.h:199:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char manufacturer_id[32];
data/openssh-8.4p1/pkcs11.h:201:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char library_description[32];
data/openssh-8.4p1/pkcs11.h:216:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char slot_description[64];
data/openssh-8.4p1/pkcs11.h:217:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char manufacturer_id[32];
data/openssh-8.4p1/pkcs11.h:232:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char label[32];
data/openssh-8.4p1/pkcs11.h:233:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char manufacturer_id[32];
data/openssh-8.4p1/pkcs11.h:234:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char model[16];
data/openssh-8.4p1/pkcs11.h:235:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char serial_number[16];
data/openssh-8.4p1/pkcs11.h:249:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char utc_time[16];
data/openssh-8.4p1/pkcs11.h:469:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char year[4];
data/openssh-8.4p1/pkcs11.h:470:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char month[2];
data/openssh-8.4p1/pkcs11.h:471:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char day[2];
data/openssh-8.4p1/poly1305.c:34:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, size_t inlen, const unsigned char key[POLY1305_KEYLEN]) {
data/openssh-8.4p1/poly1305.c:34:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, size_t inlen, const unsigned char key[POLY1305_KEYLEN]) {
data/openssh-8.4p1/poly1305.c:34:104: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, size_t inlen, const unsigned char key[POLY1305_KEYLEN]) {
data/openssh-8.4p1/poly1305.c:45:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mp[16];
data/openssh-8.4p1/progressmeter.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_WINSIZE + 1];
data/openssh-8.4p1/readconf.c:542:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1)
data/openssh-8.4p1/readconf.c:549:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4];
data/openssh-8.4p1/readconf.c:601:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
data/openssh-8.4p1/readconf.c:602:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uidstr[32];
data/openssh-8.4p1/readconf.c:934:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **cpptr, fwdarg[256];
data/openssh-8.4p1/readconf.c:1962:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(filename, "r")) == NULL)
data/openssh-8.4p1/readconf.c:2815:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8], *all_key;
data/openssh-8.4p1/readconf.h:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *system_hostfiles[SSH_MAX_HOSTS_FILES];
data/openssh-8.4p1/readconf.h:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *user_hostfiles[SSH_MAX_HOSTS_FILES];
data/openssh-8.4p1/readconf.h:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *identity_files[SSH_MAX_IDENTITY_FILES];
data/openssh-8.4p1/readconf.h:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *certificate_files[SSH_MAX_CERTIFICATE_FILES];
data/openssh-8.4p1/readconf.h:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *canonical_domains[MAX_CANON_DOMAINS];
data/openssh-8.4p1/readpass.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/openssh-8.4p1/readpass.c:154:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ttyfd = open(_PATH_TTY, O_RDWR);
data/openssh-8.4p1/readpass.c:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, prompt[1024];
data/openssh-8.4p1/readpass.c:273:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1)
data/openssh-8.4p1/regress/check-perm.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char component[PATH_MAX];
data/openssh-8.4p1/regress/check-perm.c:55:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(component, path, cp - path);
data/openssh-8.4p1/regress/check-perm.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX], homedir[PATH_MAX];
data/openssh-8.4p1/regress/check-perm.c:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[256];
data/openssh-8.4p1/regress/misc/fuzz-harness/authopt_fuzz.cc:18:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, data, size);
data/openssh-8.4p1/regress/misc/fuzz-harness/sshsigopt_fuzz.cc:18:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, data, size);
data/openssh-8.4p1/regress/misc/kexfuzz/kexfuzz.c:75:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dumpfile = fopen(ctx->dump_path, "w+")) == NULL)
data/openssh-8.4p1/regress/misc/kexfuzz/kexfuzz.c:205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
data/openssh-8.4p1/regress/misc/kexfuzz/kexfuzz.c:214:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kex_params.proposal, myproposal, sizeof(myproposal));
data/openssh-8.4p1/regress/misc/kexfuzz/kexfuzz.c:388:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
packet_index = atoi(optarg);
data/openssh-8.4p1/regress/misc/kexfuzz/kexfuzz.c:411:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(kpath, O_RDONLY)) == -1)
data/openssh-8.4p1/regress/misc/sk-dummy/sk-dummy.c:142:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->key_handle, privptr, response->key_handle_len);
data/openssh-8.4p1/regress/misc/sk-dummy/sk-dummy.c:189:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->public_key, pk, sizeof(pk));
data/openssh-8.4p1/regress/misc/sk-dummy/sk-dummy.c:196:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->key_handle, sk, sizeof(sk));
data/openssh-8.4p1/regress/misc/sk-dummy/sk-dummy.c:423:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(signbuf, apphash, sizeof(apphash));
data/openssh-8.4p1/regress/misc/sk-dummy/sk-dummy.c:430:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(signbuf + o, message, message_len);
data/openssh-8.4p1/regress/misc/sk-dummy/sk-dummy.c:455:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->sig_r, sig, response->sig_r_len);
data/openssh-8.4p1/regress/mkdtemp.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char template[PATH_MAX];
data/openssh-8.4p1/regress/modpipe.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char what[16+1];
data/openssh-8.4p1/regress/netcat.c:120:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *portlist[PORT_MAX+1];
data/openssh-8.4p1/regress/netcat.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
data/openssh-8.4p1/regress/netcat.c:403:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16384];
data/openssh-8.4p1/regress/netcat.c:495:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ntohs(atoi(portlist[i])),
data/openssh-8.4p1/regress/netcat.c:784:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char netinbuf[BUFSIZE];
data/openssh-8.4p1/regress/netcat.c:786:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stdinbuf[BUFSIZE];
data/openssh-8.4p1/regress/netcat.c:1009:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CMSG_SPACE(sizeof(int))];
data/openssh-8.4p1/regress/netcat.c:1066:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[4];
data/openssh-8.4p1/regress/netcat.c:1271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_host[NI_MAXHOST];
data/openssh-8.4p1/regress/netcat.c:1272:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_port[NI_MAXSERV];
data/openssh-8.4p1/regress/netcat.c:1427:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, res->ai_addr, res->ai_addrlen);
data/openssh-8.4p1/regress/netcat.c:1457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[512];
data/openssh-8.4p1/regress/netcat.c:1458:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pw[256];
data/openssh-8.4p1/regress/netcat.c:1475:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/openssh-8.4p1/regress/netcat.c:1534:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 5, host, hlen);
data/openssh-8.4p1/regress/netcat.c:1535:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 5 + hlen, &serverport, sizeof serverport);
data/openssh-8.4p1/regress/netcat.c:1544:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 4, &in4->sin_addr, sizeof in4->sin_addr);
data/openssh-8.4p1/regress/netcat.c:1545:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 8, &in4->sin_port, sizeof in4->sin_port);
data/openssh-8.4p1/regress/netcat.c:1554:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 4, &in6->sin6_addr, sizeof in6->sin6_addr);
data/openssh-8.4p1/regress/netcat.c:1555:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 20, &in6->sin6_port,
data/openssh-8.4p1/regress/netcat.c:1594:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 2, &in4->sin_port, sizeof in4->sin_port);
data/openssh-8.4p1/regress/netcat.c:1595:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 4, &in4->sin_addr, sizeof in4->sin_addr);
data/openssh-8.4p1/regress/netcat.c:1634:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resp[1024];
data/openssh-8.4p1/regress/unittests/conversion/tests.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/openssh-8.4p1/regress/unittests/kex/test_kex.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
data/openssh-8.4p1/regress/unittests/kex/test_kex.c:97:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kex_params.proposal, myproposal, sizeof(myproposal));
data/openssh-8.4p1/regress/unittests/sshbuf/test_sshbuf_misc.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[512], msg[] = "imploring ping silence ping over", *p;
data/openssh-8.4p1/regress/unittests/sshbuf/test_sshbuf_misc.c:35:8: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
out = tmpfile();
data/openssh-8.4p1/regress/unittests/sshkey/test_sshkey.c:143:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + o, "nanananana", l - o);
data/openssh-8.4p1/regress/unittests/sshkey/test_sshkey.c:146:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + o, banana, sizeof(the_banana));
data/openssh-8.4p1/regress/unittests/test_helper/fuzz.c:186:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/openssh-8.4p1/regress/unittests/test_helper/fuzz.c:204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/openssh-8.4p1/regress/unittests/test_helper/fuzz.c:223:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->seed, p, l);
data/openssh-8.4p1/regress/unittests/test_helper/fuzz.c:320:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen);
data/openssh-8.4p1/regress/unittests/test_helper/fuzz.c:327:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen);
data/openssh-8.4p1/regress/unittests/test_helper/fuzz.c:338:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen);
data/openssh-8.4p1/regress/unittests/test_helper/fuzz.c:345:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen);
data/openssh-8.4p1/regress/unittests/test_helper/fuzz.c:357:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen);
data/openssh-8.4p1/regress/unittests/test_helper/fuzz.c:363:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen);
data/openssh-8.4p1/regress/unittests/test_helper/test_helper.c:122:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char subtest_info[512];
data/openssh-8.4p1/regress/unittests/test_helper/test_helper.c:214:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ret[PATH_MAX];
data/openssh-8.4p1/regress/unittests/test_helper/test_helper.c:239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/openssh-8.4p1/regress/unittests/test_helper/test_helper.c:447:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64];
data/openssh-8.4p1/regress/unittests/test_helper/test_helper.c:527:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/openssh-8.4p1/regress/unittests/utf8/tests.c:23:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/openssh-8.4p1/regress/unittests/utf8/tests.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/openssh-8.4p1/sandbox-seccomp-filter.c:349:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/openssh-8.4p1/sandbox-systrace.c:150:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dev_systrace = open("/dev/systrace", O_RDONLY)) == -1)
data/openssh-8.4p1/sc25519.c:36:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t[32];
data/openssh-8.4p1/sc25519.c:102:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_from32bytes(sc25519 *r, const unsigned char x[32])
data/openssh-8.4p1/sc25519.c:111:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16])
data/openssh-8.4p1/sc25519.c:117:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_from64bytes(sc25519 *r, const unsigned char x[64])
data/openssh-8.4p1/sc25519.c:134:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_to32bytes(unsigned char r[32], const sc25519 *x)
data/openssh-8.4p1/sc25519.c:221:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_window3(signed char r[85], const sc25519 *s)
data/openssh-8.4p1/sc25519.c:258:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_window5(signed char r[51], const sc25519 *s)
data/openssh-8.4p1/sc25519.c:295:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2)
data/openssh-8.4p1/sc25519.h:44:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]);
data/openssh-8.4p1/sc25519.h:46:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]);
data/openssh-8.4p1/sc25519.h:48:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]);
data/openssh-8.4p1/sc25519.h:52:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_to32bytes(unsigned char r[32], const sc25519 *x);
data/openssh-8.4p1/sc25519.h:71:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_window3(signed char r[85], const sc25519 *s);
data/openssh-8.4p1/sc25519.h:76:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_window5(signed char r[51], const sc25519 *s);
data/openssh-8.4p1/sc25519.h:78:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2);
data/openssh-8.4p1/scp.c:397:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */
data/openssh-8.4p1/scp.c:625:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[(20 + 7 + 2) * 2 + 2];
data/openssh-8.4p1/scp.c:737:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, pattern, brace_start);
data/openssh-8.4p1/scp.c:742:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + o, pattern + sel_start,
data/openssh-8.4p1/scp.c:748:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + o, pattern + brace_end + 1, tail_len);
data/openssh-8.4p1/scp.c:1087:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *last, *name, buf[PATH_MAX + 128], encname[PATH_MAX];
data/openssh-8.4p1/scp.c:1096:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(name, O_RDONLY|O_NONBLOCK, 0)) == -1)
data/openssh-8.4p1/scp.c:1195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *last, *vect[1], path[PATH_MAX];
data/openssh-8.4p1/scp.c:1257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048];
data/openssh-8.4p1/scp.c:1453:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) == -1) {
data/openssh-8.4p1/scp.c:1568:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch, *cp, resp, rbuf[2048], visbuf[2048];
data/openssh-8.4p1/servconf.c:772:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *expanded, *ret, cwd[PATH_MAX];
data/openssh-8.4p1/servconf.c:807:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strport[NI_MAXSERV];
data/openssh-8.4p1/servconf.c:2459:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(filename, "r")) == NULL) {
data/openssh-8.4p1/servconf.c:2476:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, "\n", 2);
data/openssh-8.4p1/servconf.c:2782:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[NI_MAXHOST], port[NI_MAXSERV];
data/openssh-8.4p1/servconf.h:169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *subsystem_name[MAX_SUBSYSTEMS];
data/openssh-8.4p1/servconf.h:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *subsystem_command[MAX_SUBSYSTEMS];
data/openssh-8.4p1/servconf.h:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *subsystem_args[MAX_SUBSYSTEMS];
data/openssh-8.4p1/serverloop.c:183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_id[512];
data/openssh-8.4p1/serverloop.c:325:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16384];
data/openssh-8.4p1/session.c:271:12: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(auth_info_file)) == -1) {
data/openssh-8.4p1/session.c:667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char session_type[1024];
data/openssh-8.4p1/session.c:799:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/openssh-8.4p1/session.c:803:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
data/openssh-8.4p1/session.c:806:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("/etc/motd", "r");
data/openssh-8.4p1/session.c:823:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/openssh-8.4p1/session.c:858:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/openssh-8.4p1/session.c:990:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/openssh-8.4p1/session.c:1282:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], *nl, *def_nl = _PATH_NOLOGIN;
data/openssh-8.4p1/session.c:1302:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(nl, "r")) != NULL) {
data/openssh-8.4p1/session.c:1318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char component[PATH_MAX];
data/openssh-8.4p1/session.c:1335:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(component, path, cp - path);
data/openssh-8.4p1/session.c:1369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uidstr[32], *chroot_path, *tmp;
data/openssh-8.4p1/session.c:1526:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **env, *argv[ARGV_MAX], remote_id[512];
data/openssh-8.4p1/session.c:1617:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cell[64];
data/openssh-8.4p1/session.c:1693:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argv0[256];
data/openssh-8.4p1/session.c:2541:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/openssh-8.4p1/session.c:2579:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char display[512], auth_display[512];
data/openssh-8.4p1/session.c:2580:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[NI_MAXHOST];
data/openssh-8.4p1/session.c:2637:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
data/openssh-8.4p1/session.h:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tty[TTYSZ];
data/openssh-8.4p1/sftp-client.c:254:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[256];
data/openssh-8.4p1/sftp-client.c:653:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(*dir)[ents]->a, &a, sizeof(a));
data/openssh-8.4p1/sftp-client.c:1267:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
local_fd = open(local_path,
data/openssh-8.4p1/sftp-client.c:1635:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((local_fd = open(local_path, O_RDONLY, 0)) == -1) {
data/openssh-8.4p1/sftp-common.c:220:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], lc[8], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1];
data/openssh-8.4p1/sftp-common.c:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[FMT_SCALED_STRSIZE];
data/openssh-8.4p1/sftp-glob.c:68:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[sizeof(struct dirent) + MAXPATHLEN];
data/openssh-8.4p1/sftp-realpath.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX];
data/openssh-8.4p1/sftp-realpath.c:121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(next_token, left, s - left);
data/openssh-8.4p1/sftp-server.c:247:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ret[128];
data/openssh-8.4p1/sftp-server.c:705:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, flags, mode);
data/openssh-8.4p1/sftp-server.c:937:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/openssh-8.4p1/sftp-server.c:994:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/openssh-8.4p1/sftp-server.c:1072:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[PATH_MAX];
data/openssh-8.4p1/sftp-server.c:1167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolvedname[PATH_MAX];
data/openssh-8.4p1/sftp-server.c:1255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/openssh-8.4p1/sftp-server.c:1416:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/openssh-8.4p1/sftp.c:1065:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_used[FMT_SCALED_STRSIZE], s_avail[FMT_SCALED_STRSIZE];
data/openssh-8.4p1/sftp.c:1066:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_root[FMT_SCALED_STRSIZE], s_total[FMT_SCALED_STRSIZE];
data/openssh-8.4p1/sftp.c:1067:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_icapacity[16], s_dcapacity[16];
data/openssh-8.4p1/sftp.c:1183:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char argvs[MAXARGLEN];
data/openssh-8.4p1/sftp.c:1184:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *argv[MAXARGS + 1];
data/openssh-8.4p1/sftp.c:1540:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_buf[PATH_MAX];
data/openssh-8.4p1/sftp.c:1880:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tmp, **list, argterm[3];
data/openssh-8.4p1/sftp.c:1971:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tmp, *tmp2, ins[8];
data/openssh-8.4p1/sftp.c:2047:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ins + 1, tmp2 + i, clen);
data/openssh-8.4p1/sftp.c:2109:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line, lf->buffer, cursor);
data/openssh-8.4p1/sftp.c:2117:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line, lf->buffer, len);
data/openssh-8.4p1/sftp.c:2162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[2048];
data/openssh-8.4p1/sftp.c:2467:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(infile = fopen(optarg, "r")) == NULL)
data/openssh-8.4p1/sk-usbhid.c:590:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->public_key, ptr, len);
data/openssh-8.4p1/sk-usbhid.c:803:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->key_handle, ptr, len);
data/openssh-8.4p1/sk-usbhid.c:812:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->signature, ptr, len);
data/openssh-8.4p1/sk-usbhid.c:822:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->attestation_cert, ptr, len);
data/openssh-8.4p1/sk-usbhid.c:832:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->authdata, ptr, len);
data/openssh-8.4p1/sk-usbhid.c:910:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->sig_r, ptr, len);
data/openssh-8.4p1/sk-usbhid.c:1161:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(srk->key.key_handle, fido_cred_id_ptr(cred),
data/openssh-8.4p1/smult_curve25519_ref.c:124:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void mainloop(unsigned int work[64],const unsigned char e[32])
data/openssh-8.4p1/smult_curve25519_ref.c:252:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e[32];
data/openssh-8.4p1/sntrup4591761.c:307:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rstr[small_encode_len];
data/openssh-8.4p1/sntrup4591761.c:308:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[64];
data/openssh-8.4p1/sntrup4591761.c:368:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rstr[small_encode_len];
data/openssh-8.4p1/sntrup4591761.c:369:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[64];
data/openssh-8.4p1/sntrup4591761.c:391:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k,hash + 32,32);
data/openssh-8.4p1/sntrup4591761.c:392:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cstr,hash,32);
data/openssh-8.4p1/sntrup4591761.c:429:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sk + 2 * small_encode_len,pk,rq_encode_len);
data/openssh-8.4p1/ssh-add.c:239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024], *certpath = NULL;
data/openssh-8.4p1/ssh-add.c:249:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if ((fd = open(filename, O_RDONLY)) == -1) {
data/openssh-8.4p1/ssh-add.c:484:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1024];
data/openssh-8.4p1/ssh-add.c:557:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[100], *p1, *p2;
data/openssh-8.4p1/ssh-add.c:832:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/openssh-8.4p1/ssh-agent.c:150:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char socket_name[PATH_MAX];
data/openssh-8.4p1/ssh-agent.c:151:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char socket_dir[PATH_MAX];
data/openssh-8.4p1/ssh-agent.c:518:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonical_provider[PATH_MAX];
data/openssh-8.4p1/ssh-agent.c:1030:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[AGENT_RBUF_LEN];
data/openssh-8.4p1/ssh-agent.c:1284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidstrbuf[1 + 3 * sizeof pid];
data/openssh-8.4p1/ssh-agent.c:1496:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
data/openssh-8.4p1/ssh-dss.c:107:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*sigp, sshbuf_ptr(b), len);
data/openssh-8.4p1/ssh-ecdsa.c:99:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*sigp, sshbuf_ptr(b), len);
data/openssh-8.4p1/ssh-ed25519.c:78:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*sigp, sshbuf_ptr(b), len);
data/openssh-8.4p1/ssh-ed25519.c:139:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm, sigblob, len);
data/openssh-8.4p1/ssh-ed25519.c:140:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm+len, data, datalen);
data/openssh-8.4p1/ssh-keygen.c:100:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char identity_file[PATH_MAX];
data/openssh-8.4p1/ssh-keygen.c:171:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hostname[NI_MAXHOST];
data/openssh-8.4p1/ssh-keygen.c:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yesno[3];
data/openssh-8.4p1/ssh-keygen.c:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/openssh-8.4p1/ssh-keygen.c:346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[61], *b64;
data/openssh-8.4p1/ssh-keygen.c:634:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/openssh-8.4p1/ssh-keygen.c:636:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encoded[8096];
data/openssh-8.4p1/ssh-keygen.c:641:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(identity_file, "r")) == NULL)
data/openssh-8.4p1/ssh-keygen.c:687:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(identity_file, "r")) == NULL)
data/openssh-8.4p1/ssh-keygen.c:730:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(identity_file, "r")) == NULL)
data/openssh-8.4p1/ssh-keygen.c:958:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if ((f = fopen(path, "r")) == NULL)
data/openssh-8.4p1/ssh-keygen.c:1062:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[1024], *prv_tmp, *pub_tmp, *prv_file, *pub_file;
data/openssh-8.4p1/ssh-keygen.c:1100:13: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(prv_tmp)) == -1) {
data/openssh-8.4p1/ssh-keygen.c:1123:13: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(pub_tmp)) == -1) {
data/openssh-8.4p1/ssh-keygen.c:1295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, tmp[PATH_MAX], old[PATH_MAX];
data/openssh-8.4p1/ssh-keygen.c:1330:13: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(tmp)) == -1)
data/openssh-8.4p1/ssh-keygen.c:1509:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_comment[1024], *comment, *passphrase;
data/openssh-8.4p1/ssh-keygen.c:1751:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valid[64], *otmp, *tmp, *cp, *out, *comment;
data/openssh-8.4p1/ssh-keygen.c:2087:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valid[64], *key_fp, *ca_fp;
data/openssh-8.4p1/ssh-keygen.c:2153:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if ((f = fopen(identity_file, "r")) == NULL)
data/openssh-8.4p1/ssh-keygen.c:2234:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*blobp, sshbuf_ptr(b), *lenp);
data/openssh-8.4p1/ssh-keygen.c:2256:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if ((krl_spec = fopen(path, "r")) == NULL)
data/openssh-8.4p1/ssh-keygen.c:2588:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((wfd = open(wfile, O_WRONLY|O_CREAT|O_TRUNC,
data/openssh-8.4p1/ssh-keygen.c:2675:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open(argv[i], O_RDONLY)) == -1) {
data/openssh-8.4p1/ssh-keygen.c:2858:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((out = fopen(out_file, "w")) == NULL) {
data/openssh-8.4p1/ssh-keygen.c:2915:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = fopen(identity_file, "r")) == NULL) {
data/openssh-8.4p1/ssh-keygen.c:2922:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((out = fopen(out_file, "a")) == NULL) {
data/openssh-8.4p1/ssh-keygen.c:3147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[1024], *passphrase;
data/openssh-8.4p1/ssh-keyscan.c:230:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
data/openssh-8.4p1/ssh-keyscan.c:352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strport[NI_MAXSERV];
data/openssh-8.4p1/ssh-keyscan.c:469:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], *cp;
data/openssh-8.4p1/ssh-keyscan.c:470:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_version[sizeof buf];
data/openssh-8.4p1/ssh-keyscan.c:594:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, read_wait, read_wait_nfdset * sizeof(fd_mask));
data/openssh-8.4p1/ssh-keyscan.c:595:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e, read_wait, read_wait_nfdset * sizeof(fd_mask));
data/openssh-8.4p1/ssh-keyscan.c:788:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fp = fopen(argv[j], "r")) == NULL)
data/openssh-8.4p1/ssh-keysign.c:180:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
data/openssh-8.4p1/ssh-keysign.c:188:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
data/openssh-8.4p1/ssh-keysign.c:189:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
data/openssh-8.4p1/ssh-keysign.c:190:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
data/openssh-8.4p1/ssh-keysign.c:191:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY);
data/openssh-8.4p1/ssh-keysign.c:192:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
data/openssh-8.4p1/ssh-pkcs11-client.c:154:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, signature, slen);
data/openssh-8.4p1/ssh-pkcs11-helper.c:331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4*4096];
data/openssh-8.4p1/ssh-pkcs11.c:502:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
data/openssh-8.4p1/ssh-pkcs11.c:615:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
data/openssh-8.4p1/ssh-pkcs11.c:1370:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptr[3];
data/openssh-8.4p1/ssh-rsa.c:232:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*sigp, sshbuf_ptr(b), len);
data/openssh-8.4p1/ssh-sk.c:270:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key->ed25519_pk, resp->public_key, ED25519_PK_SZ);
data/openssh-8.4p1/ssh-sk.c:709:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*sigp, sshbuf_ptr(sig), sshbuf_len(sig));
data/openssh-8.4p1/ssh-xmss.c:86:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*sigp, sshbuf_ptr(b), len);
data/openssh-8.4p1/ssh-xmss.c:163:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm, sigblob, len);
data/openssh-8.4p1/ssh-xmss.c:164:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm+len, data, datalen);
data/openssh-8.4p1/ssh.c:177:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
data/openssh-8.4p1/ssh.c:178:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char uidstr[32], *host_arg, *conn_hash_hex;
data/openssh-8.4p1/ssh.c:298:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strport[NI_MAXSERV];
data/openssh-8.4p1/ssh.c:345:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strport[NI_MAXSERV];
data/openssh-8.4p1/ssh.c:376:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[NI_MAXHOST], strport[NI_MAXSERV];
data/openssh-8.4p1/ssh.c:469:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, *fullhost, newname[NI_MAXHOST];
data/openssh-8.4p1/ssh.c:596:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/openssh-8.4p1/ssh.c:651:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[NI_MAXHOST];
data/openssh-8.4p1/ssh.c:1268:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_s[8];
data/openssh-8.4p1/ssh.c:1730:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
data/openssh-8.4p1/ssh.c:1758:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1)
data/openssh-8.4p1/ssh.c:2038:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = open(_PATH_DEVNULL, O_RDONLY);
data/openssh-8.4p1/ssh.c:2168:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1) {
data/openssh-8.4p1/ssh.c:2204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *identity_files[SSH_MAX_IDENTITY_FILES];
data/openssh-8.4p1/ssh.c:2207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *certificate_files[SSH_MAX_CERTIFICATE_FILES];
data/openssh-8.4p1/ssh.c:2333:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(options.identity_files, identity_files, sizeof(identity_files));
data/openssh-8.4p1/ssh.c:2334:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(options.identity_keys, identity_keys, sizeof(identity_keys));
data/openssh-8.4p1/ssh.c:2335:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(options.identity_file_userprovided,
data/openssh-8.4p1/ssh.c:2339:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(options.certificate_files,
data/openssh-8.4p1/ssh.c:2341:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(options.certificates, certificates, sizeof(certificates));
data/openssh-8.4p1/ssh.c:2342:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(options.certificate_file_userprovided,
data/openssh-8.4p1/ssh_api.c:88:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
data/openssh-8.4p1/ssh_api.h:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *proposal[PROPOSAL_MAX];
data/openssh-8.4p1/sshbuf-getput-basic.c:43:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v, p, len);
data/openssh-8.4p1/sshbuf-getput-basic.c:205:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*valp, val, len);
data/openssh-8.4p1/sshbuf-getput-basic.c:297:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*valp, p, len);
data/openssh-8.4p1/sshbuf-getput-basic.c:334:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, v, len);
data/openssh-8.4p1/sshbuf-getput-basic.c:509:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, v, len);
data/openssh-8.4p1/sshbuf-getput-basic.c:527:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d + 4, v, len);
data/openssh-8.4p1/sshbuf-getput-basic.c:595:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d + 4 + prepend, s, len);
data/openssh-8.4p1/sshbuf-io.c:86:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_RDONLY)) == -1)
data/openssh-8.4p1/sshbuf-io.c:105:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, 0644)) == -1)
data/openssh-8.4p1/sshbuf-misc.c:231:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, s, l);
data/openssh-8.4p1/sshconnect.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tmp, *ret, strport[NI_MAXSERV];
data/openssh-8.4p1/sshconnect.c:113:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1) {
data/openssh-8.4p1/sshconnect.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[10];
data/openssh-8.4p1/sshconnect.c:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[10];
data/openssh-8.4p1/sshconnect.c:340:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resultp, sa, *rlenp);
data/openssh-8.4p1/sshconnect.c:355:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resultp, sa6, *rlenp);
data/openssh-8.4p1/sshconnect.c:377:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ntop[NI_MAXHOST];
data/openssh-8.4p1/sshconnect.c:406:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bindaddr, res->ai_addr, res->ai_addrlen);
data/openssh-8.4p1/sshconnect.c:468:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
data/openssh-8.4p1/sshconnect.c:514:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
data/openssh-8.4p1/sshconnect.c:657:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ntop[NI_MAXHOST];
data/openssh-8.4p1/sshconnect.c:724:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostline[1000], *hostp, *fp, *ra;
data/openssh-8.4p1/sshconnect.c:725:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/openssh-8.4p1/sshconnect.c:872:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg1[1024], msg2[1024];
data/openssh-8.4p1/sshconnect.c:1169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valid[64], *fp = NULL, *cafp = NULL;
data/openssh-8.4p1/sshconnect2.c:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
data/openssh-8.4p1/sshconnect2.c:1234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[256];
data/openssh-8.4p1/sshconnect2.c:1655:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[300], *passphrase, *comment;
data/openssh-8.4p1/sshd.c:1052:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
data/openssh-8.4p1/sshd.c:1071:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
data/openssh-8.4p1/sshd.c:1423:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[sizeof(opts) * 3 + 1];
data/openssh-8.4p1/sshd.c:2072:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(options.pid_file, "w");
data/openssh-8.4p1/sshd.c:2141:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
data/openssh-8.4p1/sshd.c:2406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
data/openssh-8.4p1/sshkey-xmss.c:400:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4], *data = NULL;
data/openssh-8.4p1/sshkey-xmss.c:403:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY)) >= 0) {
data/openssh-8.4p1/sshkey-xmss.c:476:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((lockfd = open(lockfile, O_CREAT|O_RDONLY, 0600)) == -1) {
data/openssh-8.4p1/sshkey-xmss.c:571:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/openssh-8.4p1/sshkey-xmss.c:616:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(nstatefile, O_CREAT|O_WRONLY|O_EXCL, 0600)) == -1) {
data/openssh-8.4p1/sshkey-xmss.c:927:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, key + keylen, ivlen);
data/openssh-8.4p1/sshkey-xmss.c:1045:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, key + keylen, ivlen);
data/openssh-8.4p1/sshkey.c:275:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + rlen, kt->name, nlen + 1);
data/openssh-8.4p1/sshkey.c:969:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*blobp, sshbuf_ptr(b), len);
data/openssh-8.4p1/sshkey.c:1055:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *retval, hex[5];
data/openssh-8.4p1/sshkey.c:1160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *retval, *p, title[FLDSIZE_X], hash[FLDSIZE_X];
data/openssh-8.4p1/sshkey.c:1219:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, title, tlen);
data/openssh-8.4p1/sshkey.c:1239:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, hash, hlen);
data/openssh-8.4p1/sshkey.c:1925:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
data/openssh-8.4p1/sshkey.c:1950:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n->xmss_pk, k->xmss_pk, pklen);
data/openssh-8.4p1/sshkey.c:3138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from[32], to[32], ret[64];
data/openssh-8.4p1/sshkey.c:4525:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p, len);
data/openssh-8.4p1/sshlogin.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[HOST_NAME_MAX+1] = "";
data/openssh-8.4p1/sshpty.c:105:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(_PATH_TTY, O_RDWR | O_NOCTTY);
data/openssh-8.4p1/sshpty.c:118:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(_PATH_TTY, O_RDWR | O_NOCTTY);
data/openssh-8.4p1/sshpty.c:133:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(tty, O_RDWR);
data/openssh-8.4p1/sshpty.c:140:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(_PATH_TTY, O_WRONLY);
data/openssh-8.4p1/sshpty.c:226:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(_PATH_TTY, O_RDWR | O_NOCTTY)) >= 0) {
data/openssh-8.4p1/sshsig.c:393:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hex, hash[SSH_DIGEST_MAX_LENGTH];
data/openssh-8.4p1/sshsig.c:494:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hex, rbuf[8192], hash[SSH_DIGEST_MAX_LENGTH];
data/openssh-8.4p1/sshsig.c:846:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(path, "r")) == NULL) {
data/openssh-8.4p1/sshsig.c:991:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(path, "r")) == NULL) {
data/openssh-8.4p1/umac.c:198:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_buf,out_buf,AES_BLOCK_LEN);
data/openssh-8.4p1/umac.c:205:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_buf,out_buf,nbytes);
data/openssh-8.4p1/umac.c:622:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hc->data+j, buf, i);
data/openssh-8.4p1/umac.c:637:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hc->data + j, buf, nbytes);
data/openssh-8.4p1/umac.c:976:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ahc->poly_key_8+i, buf+24*i, 8);
data/openssh-8.4p1/umac.c:986:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ahc->ip_keys+4*i, buf+(8*i+4)*sizeof(UINT64),
data/openssh-8.4p1/utf8.c:174:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dp, sp, len);
data/openssh-8.4p1/xmss_fast.c:36:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void get_seed(unsigned char *seed, const unsigned char *sk_seed, int n, uint32_t addr[8])
data/openssh-8.4p1/xmss_fast.c:36:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void get_seed(unsigned char *seed, const unsigned char *sk_seed, int n, uint32_t addr[8])
data/openssh-8.4p1/xmss_fast.c:38:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[32];
data/openssh-8.4p1/xmss_fast.c:111:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void l_tree(unsigned char *leaf, unsigned char *wots_pk, const xmss_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_fast.c:111:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void l_tree(unsigned char *leaf, unsigned char *wots_pk, const xmss_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_fast.c:111:107: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void l_tree(unsigned char *leaf, unsigned char *wots_pk, const xmss_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_fast.c:133:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wots_pk+(l>>1)*n, wots_pk+(l-1)*n, n);
data/openssh-8.4p1/xmss_fast.c:146:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(leaf, wots_pk, n);
data/openssh-8.4p1/xmss_fast.c:152:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void gen_leaf_wots(unsigned char *leaf, const unsigned char *sk_seed, const xmss_params *params, const unsigned char *pub_seed, uint32_t ltree_addr[8], uint32_t ots_addr[8])
data/openssh-8.4p1/xmss_fast.c:152:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void gen_leaf_wots(unsigned char *leaf, const unsigned char *sk_seed, const xmss_params *params, const unsigned char *pub_seed, uint32_t ltree_addr[8], uint32_t ots_addr[8])
data/openssh-8.4p1/xmss_fast.c:152:120: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void gen_leaf_wots(unsigned char *leaf, const unsigned char *sk_seed, const xmss_params *params, const unsigned char *pub_seed, uint32_t ltree_addr[8], uint32_t ots_addr[8])
data/openssh-8.4p1/xmss_fast.c:154:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seed[params->n];
data/openssh-8.4p1/xmss_fast.c:155:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pk[params->wots_par.keysize];
data/openssh-8.4p1/xmss_fast.c:178:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void treehash_setup(unsigned char *node, int height, int index, bds_state *state, const unsigned char *sk_seed, const xmss_params *params, const unsigned char *pub_seed, const uint32_t addr[8])
data/openssh-8.4p1/xmss_fast.c:178:105: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void treehash_setup(unsigned char *node, int height, int index, bds_state *state, const unsigned char *sk_seed, const xmss_params *params, const unsigned char *pub_seed, const uint32_t addr[8])
data/openssh-8.4p1/xmss_fast.c:178:162: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void treehash_setup(unsigned char *node, int height, int index, bds_state *state, const unsigned char *sk_seed, const xmss_params *params, const unsigned char *pub_seed, const uint32_t addr[8])
data/openssh-8.4p1/xmss_fast.c:189:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ots_addr, addr, 12);
data/openssh-8.4p1/xmss_fast.c:192:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ltree_addr, addr, 12);
data/openssh-8.4p1/xmss_fast.c:194:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node_addr, addr, 12);
data/openssh-8.4p1/xmss_fast.c:198:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stack[(height+1)*n];
data/openssh-8.4p1/xmss_fast.c:219:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->treehash[0].node, stack+stackoffset*n, n);
data/openssh-8.4p1/xmss_fast.c:225:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->auth + nodeh*n, stack+(stackoffset-1)*n, n);
data/openssh-8.4p1/xmss_fast.c:229:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->treehash[nodeh].node, stack+(stackoffset-1)*n, n);
data/openssh-8.4p1/xmss_fast.c:232:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->retain + ((1 << (h - 1 - nodeh)) + nodeh - h + (((i >> nodeh) - 3) >> 1)) * n, stack+(stackoffset-1)*n, n);
data/openssh-8.4p1/xmss_fast.c:249:87: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void treehash_update(treehash_inst *treehash, bds_state *state, const unsigned char *sk_seed, const xmss_params *params, const unsigned char *pub_seed, const uint32_t addr[8]) {
data/openssh-8.4p1/xmss_fast.c:249:144: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void treehash_update(treehash_inst *treehash, bds_state *state, const unsigned char *sk_seed, const xmss_params *params, const unsigned char *pub_seed, const uint32_t addr[8]) {
data/openssh-8.4p1/xmss_fast.c:256:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ots_addr, addr, 12);
data/openssh-8.4p1/xmss_fast.c:259:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ltree_addr, addr, 12);
data/openssh-8.4p1/xmss_fast.c:261:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node_addr, addr, 12);
data/openssh-8.4p1/xmss_fast.c:267:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nodebuffer[2 * n];
data/openssh-8.4p1/xmss_fast.c:271:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nodebuffer + n, nodebuffer, n);
data/openssh-8.4p1/xmss_fast.c:272:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nodebuffer, state->stack + (state->stackoffset-1)*n, n);
data/openssh-8.4p1/xmss_fast.c:281:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(treehash->node, nodebuffer, n);
data/openssh-8.4p1/xmss_fast.c:285:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->stack + state->stackoffset*n, nodebuffer, n);
data/openssh-8.4p1/xmss_fast.c:296:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void validate_authpath(unsigned char *root, const unsigned char *leaf, unsigned long leafidx, const unsigned char *authpath, const xmss_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_fast.c:296:67: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void validate_authpath(unsigned char *root, const unsigned char *leaf, unsigned long leafidx, const unsigned char *authpath, const xmss_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_fast.c:296:117: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void validate_authpath(unsigned char *root, const unsigned char *leaf, unsigned long leafidx, const unsigned char *authpath, const xmss_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_fast.c:296:175: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void validate_authpath(unsigned char *root, const unsigned char *leaf, unsigned long leafidx, const unsigned char *authpath, const xmss_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_fast.c:301:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2*n];
data/openssh-8.4p1/xmss_fast.c:345:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bds_treehash_update(bds_state *state, unsigned int updates, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, const uint32_t addr[8]) {
data/openssh-8.4p1/xmss_fast.c:345:88: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bds_treehash_update(bds_state *state, unsigned int updates, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, const uint32_t addr[8]) {
data/openssh-8.4p1/xmss_fast.c:345:139: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bds_treehash_update(bds_state *state, unsigned int updates, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, const uint32_t addr[8]) {
data/openssh-8.4p1/xmss_fast.c:383:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bds_state_update(bds_state *state, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, const uint32_t addr[8]) {
data/openssh-8.4p1/xmss_fast.c:383:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bds_state_update(bds_state *state, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, const uint32_t addr[8]) {
data/openssh-8.4p1/xmss_fast.c:383:114: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bds_state_update(bds_state *state, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, const uint32_t addr[8]) {
data/openssh-8.4p1/xmss_fast.c:399:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ots_addr, addr, 12);
data/openssh-8.4p1/xmss_fast.c:402:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ltree_addr, addr, 12);
data/openssh-8.4p1/xmss_fast.c:404:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node_addr, addr, 12);
data/openssh-8.4p1/xmss_fast.c:415:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->treehash[0].node, state->stack+state->stackoffset*n, n);
data/openssh-8.4p1/xmss_fast.c:420:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->auth + nodeh*n, state->stack+(state->stackoffset-1)*n, n);
data/openssh-8.4p1/xmss_fast.c:424:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->treehash[nodeh].node, state->stack+(state->stackoffset-1)*n, n);
data/openssh-8.4p1/xmss_fast.c:427:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->retain + ((1 << (h - 1 - nodeh)) + nodeh - h + (((idx >> nodeh) - 3) >> 1)) * n, state->stack+(state->stackoffset-1)*n, n);
data/openssh-8.4p1/xmss_fast.c:446:86: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void bds_round(bds_state *state, const unsigned long leaf_idx, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_fast.c:446:137: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void bds_round(bds_state *state, const unsigned long leaf_idx, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_fast.c:456:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2 * n];
data/openssh-8.4p1/xmss_fast.c:462:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ots_addr, addr, 12);
data/openssh-8.4p1/xmss_fast.c:465:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ltree_addr, addr, 12);
data/openssh-8.4p1/xmss_fast.c:467:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node_addr, addr, 12);
data/openssh-8.4p1/xmss_fast.c:478:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, state->auth + (tau-1) * n, n);
data/openssh-8.4p1/xmss_fast.c:480:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + n, state->keep + ((tau-1) >> 1) * n, n);
data/openssh-8.4p1/xmss_fast.c:483:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->keep + (tau >> 1)*n, state->auth + tau*n, n);
data/openssh-8.4p1/xmss_fast.c:496:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->auth + i * n, state->treehash[i].node, n);
data/openssh-8.4p1/xmss_fast.c:501:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->auth + i * n, state->retain + (offset + rowidx) * n, n);
data/openssh-8.4p1/xmss_fast.c:533:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pk+n, sk+4+2*n, n);
data/openssh-8.4p1/xmss_fast.c:540:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sk+4+3*n, pk, n);
data/openssh-8.4p1/xmss_fast.c:560:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk_seed[n];
data/openssh-8.4p1/xmss_fast.c:561:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sk_seed, sk+4, n);
data/openssh-8.4p1/xmss_fast.c:562:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk_prf[n];
data/openssh-8.4p1/xmss_fast.c:563:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sk_prf, sk+4+n, n);
data/openssh-8.4p1/xmss_fast.c:564:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pub_seed[n];
data/openssh-8.4p1/xmss_fast.c:565:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pub_seed, sk+4+2*n, n);
data/openssh-8.4p1/xmss_fast.c:568:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char idx_bytes_32[32];
data/openssh-8.4p1/xmss_fast.c:571:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash_key[3*n];
data/openssh-8.4p1/xmss_fast.c:582:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char R[n];
data/openssh-8.4p1/xmss_fast.c:583:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg_h[n];
data/openssh-8.4p1/xmss_fast.c:584:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ots_seed[n];
data/openssh-8.4p1/xmss_fast.c:595:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash_key, R, n);
data/openssh-8.4p1/xmss_fast.c:596:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash_key+n, sk+4+3*n, n);
data/openssh-8.4p1/xmss_fast.c:638:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sig_msg, state->auth, h*n);
data/openssh-8.4p1/xmss_fast.c:654:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sig_msg, msg, msglen);
data/openssh-8.4p1/xmss_fast.c:669:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char wots_pk[params->wots_par.keysize];
data/openssh-8.4p1/xmss_fast.c:670:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pkhash[n];
data/openssh-8.4p1/xmss_fast.c:671:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char root[n];
data/openssh-8.4p1/xmss_fast.c:672:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg_h[n];
data/openssh-8.4p1/xmss_fast.c:673:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash_key[3*n];
data/openssh-8.4p1/xmss_fast.c:675:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pub_seed[n];
data/openssh-8.4p1/xmss_fast.c:676:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pub_seed, pk+n, n);
data/openssh-8.4p1/xmss_fast.c:692:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash_key, sig_msg+4,n);
data/openssh-8.4p1/xmss_fast.c:693:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash_key+n, pk, n);
data/openssh-8.4p1/xmss_fast.c:754:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ots_seed[params->n];
data/openssh-8.4p1/xmss_fast.c:762:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pk+n, sk+params->index_len+2*n, n);
data/openssh-8.4p1/xmss_fast.c:776:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sk+params->index_len+3*n, pk, n);
data/openssh-8.4p1/xmss_fast.c:801:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk_seed[n];
data/openssh-8.4p1/xmss_fast.c:802:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk_prf[n];
data/openssh-8.4p1/xmss_fast.c:803:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pub_seed[n];
data/openssh-8.4p1/xmss_fast.c:805:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char R[n];
data/openssh-8.4p1/xmss_fast.c:806:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg_h[n];
data/openssh-8.4p1/xmss_fast.c:807:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash_key[3*n];
data/openssh-8.4p1/xmss_fast.c:808:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ots_seed[n];
data/openssh-8.4p1/xmss_fast.c:811:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char idx_bytes_32[32];
data/openssh-8.4p1/xmss_fast.c:820:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sk_seed, sk+idx_len, n);
data/openssh-8.4p1/xmss_fast.c:821:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sk_prf, sk+idx_len+n, n);
data/openssh-8.4p1/xmss_fast.c:822:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pub_seed, sk+idx_len+2*n, n);
data/openssh-8.4p1/xmss_fast.c:841:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash_key, R, n);
data/openssh-8.4p1/xmss_fast.c:842:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash_key+n, sk+idx_len+3*n, n);
data/openssh-8.4p1/xmss_fast.c:889:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sig_msg, states[0].auth, tree_h*n);
data/openssh-8.4p1/xmss_fast.c:896:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sig_msg, wots_sigs + (i-1)*params->xmss_par.wots_par.keysize, params->xmss_par.wots_par.keysize);
data/openssh-8.4p1/xmss_fast.c:902:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sig_msg, states[i].auth, tree_h*n);
data/openssh-8.4p1/xmss_fast.c:936:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, states+params->d + i, sizeof(bds_state));
data/openssh-8.4p1/xmss_fast.c:937:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(states+params->d + i, states + i, sizeof(bds_state));
data/openssh-8.4p1/xmss_fast.c:938:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(states + i, &tmp, sizeof(bds_state));
data/openssh-8.4p1/xmss_fast.c:961:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sig_msg, msg, msglen);
data/openssh-8.4p1/xmss_fast.c:981:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char wots_pk[params->xmss_par.wots_par.keysize];
data/openssh-8.4p1/xmss_fast.c:982:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pkhash[n];
data/openssh-8.4p1/xmss_fast.c:983:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char root[n];
data/openssh-8.4p1/xmss_fast.c:984:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg_h[n];
data/openssh-8.4p1/xmss_fast.c:985:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash_key[3*n];
data/openssh-8.4p1/xmss_fast.c:987:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pub_seed[n];
data/openssh-8.4p1/xmss_fast.c:988:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pub_seed, pk+n, n);
data/openssh-8.4p1/xmss_fast.c:1004:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash_key, sig_msg,n);
data/openssh-8.4p1/xmss_fast.c:1005:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash_key+n, pk, n);
data/openssh-8.4p1/xmss_fast.c:1029:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ltree_addr, ots_addr, 12);
data/openssh-8.4p1/xmss_fast.c:1032:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node_addr, ltree_addr, 12);
data/openssh-8.4p1/xmss_fast.c:1062:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ltree_addr, ots_addr, 12);
data/openssh-8.4p1/xmss_fast.c:1065:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node_addr, ltree_addr, 12);
data/openssh-8.4p1/xmss_hash.c:29:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char* addr_to_byte(unsigned char *bytes, const uint32_t addr[8]){
data/openssh-8.4p1/xmss_hash.c:36:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes, addr, 32);
data/openssh-8.4p1/xmss_hash.c:43:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[inlen + n + keylen];
data/openssh-8.4p1/xmss_hash.c:94:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int hash_h(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n)
data/openssh-8.4p1/xmss_hash.c:94:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int hash_h(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n)
data/openssh-8.4p1/xmss_hash.c:94:72: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int hash_h(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n)
data/openssh-8.4p1/xmss_hash.c:97:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2*n];
data/openssh-8.4p1/xmss_hash.c:98:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[n];
data/openssh-8.4p1/xmss_hash.c:99:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bitmask[2*n];
data/openssh-8.4p1/xmss_hash.c:100:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char byte_addr[32];
data/openssh-8.4p1/xmss_hash.c:119:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int hash_f(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n)
data/openssh-8.4p1/xmss_hash.c:119:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int hash_f(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n)
data/openssh-8.4p1/xmss_hash.c:119:72: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int hash_f(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n)
data/openssh-8.4p1/xmss_hash.c:121:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[n];
data/openssh-8.4p1/xmss_hash.c:122:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[n];
data/openssh-8.4p1/xmss_hash.c:123:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bitmask[n];
data/openssh-8.4p1/xmss_hash.c:124:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char byte_addr[32];
data/openssh-8.4p1/xmss_hash.h:15:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char* addr_to_byte(unsigned char *bytes, const uint32_t addr[8]);
data/openssh-8.4p1/xmss_hash.h:18:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int hash_h(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n);
data/openssh-8.4p1/xmss_hash.h:18:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int hash_h(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n);
data/openssh-8.4p1/xmss_hash.h:18:72: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int hash_h(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n);
data/openssh-8.4p1/xmss_hash.h:19:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int hash_f(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n);
data/openssh-8.4p1/xmss_hash.h:19:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int hash_f(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n);
data/openssh-8.4p1/xmss_hash.h:19:72: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int hash_f(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n);
data/openssh-8.4p1/xmss_wots.c:57:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ctr[32];
data/openssh-8.4p1/xmss_wots.c:71:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void gen_chain(unsigned char *out, const unsigned char *in, unsigned int start, unsigned int steps, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_wots.c:71:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void gen_chain(unsigned char *out, const unsigned char *in, unsigned int start, unsigned int steps, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_wots.c:71:150: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void gen_chain(unsigned char *out, const unsigned char *in, unsigned int start, unsigned int steps, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_wots.c:108:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void wots_pkgen(unsigned char *pk, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_wots.c:108:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void wots_pkgen(unsigned char *pk, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_wots.c:108:103: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void wots_pkgen(unsigned char *pk, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_wots.c:119:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int wots_sign(unsigned char *sig, const unsigned char *msg, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_wots.c:119:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int wots_sign(unsigned char *sig, const unsigned char *msg, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_wots.c:119:76: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int wots_sign(unsigned char *sig, const unsigned char *msg, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_wots.c:119:128: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int wots_sign(unsigned char *sig, const unsigned char *msg, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_wots.c:138:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char csum_bytes[len_2_bytes];
data/openssh-8.4p1/xmss_wots.c:158:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int wots_pkFromSig(unsigned char *pk, const unsigned char *sig, const unsigned char *msg, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_wots.c:158:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int wots_pkFromSig(unsigned char *pk, const unsigned char *sig, const unsigned char *msg, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_wots.c:158:80: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int wots_pkFromSig(unsigned char *pk, const unsigned char *sig, const unsigned char *msg, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_wots.c:158:133: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int wots_pkFromSig(unsigned char *pk, const unsigned char *sig, const unsigned char *msg, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8])
data/openssh-8.4p1/xmss_wots.c:176:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char csum_bytes[len_2_bytes];
data/openssh-8.4p1/xmss_wots.h:49:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void wots_pkgen(unsigned char *pk, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]);
data/openssh-8.4p1/xmss_wots.h:49:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void wots_pkgen(unsigned char *pk, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]);
data/openssh-8.4p1/xmss_wots.h:49:103: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void wots_pkgen(unsigned char *pk, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]);
data/openssh-8.4p1/xmss_wots.h:55:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int wots_sign(unsigned char *sig, const unsigned char *msg, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]);
data/openssh-8.4p1/xmss_wots.h:55:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int wots_sign(unsigned char *sig, const unsigned char *msg, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]);
data/openssh-8.4p1/xmss_wots.h:55:76: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int wots_sign(unsigned char *sig, const unsigned char *msg, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]);
data/openssh-8.4p1/xmss_wots.h:55:128: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int wots_sign(unsigned char *sig, const unsigned char *msg, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]);
data/openssh-8.4p1/xmss_wots.h:61:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int wots_pkFromSig(unsigned char *pk, const unsigned char *sig, const unsigned char *msg, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]);
data/openssh-8.4p1/xmss_wots.h:61:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int wots_pkFromSig(unsigned char *pk, const unsigned char *sig, const unsigned char *msg, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]);
data/openssh-8.4p1/xmss_wots.h:61:80: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int wots_pkFromSig(unsigned char *pk, const unsigned char *sig, const unsigned char *msg, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]);
data/openssh-8.4p1/xmss_wots.h:61:133: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int wots_pkFromSig(unsigned char *pk, const unsigned char *sig, const unsigned char *msg, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]);
data/openssh-8.4p1/addrmatch.c:464:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) > INET6_ADDRSTRLEN + 3) {
data/openssh-8.4p1/addrmatch.c:471:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(cp, VALID_CIDR_CHARS) != strlen(cp)) {
data/openssh-8.4p1/atomicio.c:62:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pfd.events = f == read ? POLLIN : POLLOUT;
data/openssh-8.4p1/auth-krb5.c:183:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(authctxt->krb5_ticket_file) + 6;
data/openssh-8.4p1/auth-krb5.c:252:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
old_umask = umask(0177);
data/openssh-8.4p1/auth-krb5.c:253:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpfd = mkstemp(ccname + strlen("FILE:"));
data/openssh-8.4p1/auth-krb5.c:255:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(old_umask);
data/openssh-8.4p1/auth-options.c:287:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (host == NULL || strlen(host) >= NI_MAXHOST) {
data/openssh-8.4p1/auth-pam.c:882:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (**prompts != NULL && strlen(**prompts) != 0) {
data/openssh-8.4p1/auth-pam.c:898:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(**prompts))) != 0)
data/openssh-8.4p1/auth-pam.c:946:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i, l = wire_password != NULL ? strlen(wire_password) : 0;
data/openssh-8.4p1/auth-pam.c:1229:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name) + strlen(value) + 2;
data/openssh-8.4p1/auth-pam.c:1229:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name) + strlen(value) + 2;
data/openssh-8.4p1/auth-pam.c:1298:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(PAM_MSG_MEMBER(msg, i, msg));
data/openssh-8.4p1/auth-passwd.c:86:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(password) > MAX_PASSWORD_LEN)
data/openssh-8.4p1/auth-rhosts.c:105:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
switch (sscanf(buf, "%1023s %1023s %1023s", hostbuf, userbuf,
data/openssh-8.4p1/auth.c:145:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(LOCKED_PASSWD_PREFIX)) == 0)
data/openssh-8.4p1/auth2-chall.c:329:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(response[i], strlen(response[i]));
data/openssh-8.4p1/auth2-hostbased.c:189:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
data/openssh-8.4p1/auth2-pubkey.c:349:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ep = cp + strlen(cp) - 1;
data/openssh-8.4p1/auth2.c:129:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = atomicio(read, fd, banner, len);
data/openssh-8.4p1/auth2.c:236:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ssh_digest_memory(SSH_DIGEST_SHA512, b, strlen(b), hash, len) != 0)
data/openssh-8.4p1/auth2.c:624:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(method);
data/openssh-8.4p1/auth2.c:635:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(submethod);
data/openssh-8.4p1/auth2.c:656:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(method);
data/openssh-8.4p1/auth2.c:664:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += 1 + strlen(submethod); /* include colon */
data/openssh-8.4p1/authfd.c:157:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, sock, buf, 4) != 4)
data/openssh-8.4p1/authfd.c:171:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, sock, buf, l) != l)
data/openssh-8.4p1/authfile.c:61:10: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
omask = umask(077);
data/openssh-8.4p1/authfile.c:63:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(omask);
data/openssh-8.4p1/channels.c:1172:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (proto_len != strlen(sc->x11_saved_proto) ||
data/openssh-8.4p1/channels.c:1308:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/openssh-8.4p1/channels.c:1329:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/openssh-8.4p1/channels.c:1963:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(c->rfd, buf, sizeof(buf));
data/openssh-8.4p1/channels.c:2136:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(c->efd, buf, sizeof(buf));
data/openssh-8.4p1/channels.c:2226:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(c->rfd, buf, MINIMUM(rlen, CHAN_RBUF));
data/openssh-8.4p1/channels.c:3408:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(host) >= NI_MAXHOST) {
data/openssh-8.4p1/channels.c:3558:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fwd->connect_path) > sizeof(sunaddr.sun_path)) {
data/openssh-8.4p1/channels.c:3570:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fwd->connect_host) >= NI_MAXHOST) {
data/openssh-8.4p1/channels.c:3591:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fwd->listen_path) > sizeof(sunaddr.sun_path)) {
data/openssh-8.4p1/channels.c:3599:10: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
omask = umask(fwd_opts->streamlocal_bind_mask);
data/openssh-8.4p1/channels.c:3602:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(omask);
data/openssh-8.4p1/channels.c:4280:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > sizeof(sunaddr->sun_path)) {
data/openssh-8.4p1/channels.c:4876:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int data_len = (u_int) strlen(data) / 2;
data/openssh-8.4p1/cipher.c:134:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(c->name);
data/openssh-8.4p1/clientloop.c:261:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(display);
data/openssh-8.4p1/clientloop.c:394:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(line, "%*s %511s %511s", proto, data) == 2)
data/openssh-8.4p1/clientloop.c:627:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(connection_in, buf, sizeof(buf));
data/openssh-8.4p1/clientloop.c:707:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(errmsg))) != 0)
data/openssh-8.4p1/clientloop.c:1123:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((r = sshbuf_put(berr, s, strlen(s))) != 0)
data/openssh-8.4p1/contrib/gnome-ssh-askpass1.c:134:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(passphrase, '\0', strlen(passphrase));
data/openssh-8.4p1/contrib/gnome-ssh-askpass2.c:127:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(s);
data/openssh-8.4p1/contrib/gnome-ssh-askpass2.c:241:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(GRAB_WAIT * 1000);
data/openssh-8.4p1/contrib/gnome-ssh-askpass2.c:254:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(GRAB_WAIT * 1000);
data/openssh-8.4p1/contrib/gnome-ssh-askpass2.c:279:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(passphrase), NULL, NULL, NULL);
data/openssh-8.4p1/contrib/gnome-ssh-askpass2.c:282:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(local, '\0', strlen(local));
data/openssh-8.4p1/contrib/gnome-ssh-askpass2.c:289:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(passphrase, '\b', strlen(passphrase));
data/openssh-8.4p1/contrib/gnome-ssh-askpass2.c:291:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(passphrase, '\0', strlen(passphrase));
data/openssh-8.4p1/entropy.c:93:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(socket_path) >= sizeof(addr_un->sun_path))
data/openssh-8.4p1/entropy.c:110:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(socket_path) + 1;
data/openssh-8.4p1/entropy.c:150:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, fd, buf, len) != (size_t)len) {
data/openssh-8.4p1/fe25519.c:16:22: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static crypto_uint32 equal(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */
data/openssh-8.4p1/fe25519.c:87:21: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
crypto_uint32 m = equal(r->v[31],127);
data/openssh-8.4p1/fe25519.c:89:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
m &= equal(r->v[i],255);
data/openssh-8.4p1/fe25519.c:123:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
r = equal(t.v[0],0);
data/openssh-8.4p1/fe25519.c:125:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
r &= equal(t.v[i],0);
data/openssh-8.4p1/ge25519.c:152:22: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static unsigned char equal(signed char b,signed char c)
data/openssh-8.4p1/ge25519.c:175:55: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1));
data/openssh-8.4p1/ge25519.c:175:68: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1));
data/openssh-8.4p1/ge25519.c:176:55: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2));
data/openssh-8.4p1/ge25519.c:176:68: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2));
data/openssh-8.4p1/ge25519.c:177:55: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3));
data/openssh-8.4p1/ge25519.c:177:68: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3));
data/openssh-8.4p1/ge25519.c:178:55: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+4],equal(b,-4));
data/openssh-8.4p1/gss-genr.c:175:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
cp = strncpy(s, kex, strlen(kex));
data/openssh-8.4p1/gss-genr.c:175:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = strncpy(s, kex, strlen(kex));
data/openssh-8.4p1/gss-genr.c:182:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((r = sshbuf_put(buf, p, strlen(p))) != 0 ||
data/openssh-8.4p1/gss-genr.c:202:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mechs) == 0) {
data/openssh-8.4p1/gss-genr.c:216:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) < sizeof(type##_ID)) \
data/openssh-8.4p1/gss-genr.c:420:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gssbuf.length = strlen(gssbuf.value);
data/openssh-8.4p1/gss-genr.c:439:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gssbuf.length = strlen(gssbuf.value);
data/openssh-8.4p1/gss-genr.c:549:6: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int equal;
data/openssh-8.4p1/gss-genr.c:586:54: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
major = gss_compare_name(&minor, saved_name, name, &equal);
data/openssh-8.4p1/gss-genr.c:591:6: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal && (saved_lifetime < lifetime + now - 10))
data/openssh-8.4p1/gss-serv.c:326:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
new_name, &equal);
data/openssh-8.4p1/gss-serv.c:333:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal) {
data/openssh-8.4p1/hmac.c:191:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_test(key1, sizeof(key1), data1, strlen(data1), dig1, sizeof(dig1));
data/openssh-8.4p1/hmac.c:192:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_test(key2, strlen(key2), data2, strlen(data2), dig2, sizeof(dig2));
data/openssh-8.4p1/hmac.c:192:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_test(key2, strlen(key2), data2, strlen(data2), dig2, sizeof(dig2));
data/openssh-8.4p1/hostfile.c:142:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssh_hmac_update(ctx, host, strlen(host)) < 0 ||
data/openssh-8.4p1/hostfile.c:468:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dotsshdir) > len || strncmp(filename, dotsshdir, len) != 0)
data/openssh-8.4p1/hostfile.c:583:10: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
omask = umask(077);
data/openssh-8.4p1/hostfile.c:687:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(omask);
data/openssh-8.4p1/hostfile.c:698:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nlen = strlen(names);
data/openssh-8.4p1/hostfile.c:705:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return nlen == strlen(hashed_host) &&
data/openssh-8.4p1/kex.c:147:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(k->name);
data/openssh-8.4p1/kex.c:181:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(k->name, name, strlen(k->name)) == 0)
data/openssh-8.4p1/kex.c:224:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(b) > 1024*1024)
data/openssh-8.4p1/kex.c:226:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(a) + strlen(b) + 2;
data/openssh-8.4p1/kex.c:226:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(a) + strlen(b) + 2;
data/openssh-8.4p1/kex.c:1215:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg, strlen(msg)) != strlen(msg) ||
data/openssh-8.4p1/kex.c:1215:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg, strlen(msg)) != strlen(msg) ||
data/openssh-8.4p1/kex.c:1217:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crnl, strlen(crnl)) != strlen(crnl))
data/openssh-8.4p1/kex.c:1217:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crnl, strlen(crnl)) != strlen(crnl))
data/openssh-8.4p1/kex.c:1230:34: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int remote_major, remote_minor, mismatch, oerrno = 0;
data/openssh-8.4p1/kex.c:1308:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = atomicio(read, ssh_packet_get_connection_in(ssh),
data/openssh-8.4p1/kex.c:1403:6: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (mismatch) {
data/openssh-8.4p1/log.c:476:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)write(log_stderr_fd, msgbuf, strlen(msgbuf));
data/openssh-8.4p1/loginrec.c:322:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned long)strlen(pw->pw_name),
data/openssh-8.4p1/loginrec.c:569:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strncmp(src, "/dev/", 5) == 0) || (dstsize < (strlen(src) + 5)))
data/openssh-8.4p1/loginrec.c:614:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src);
data/openssh-8.4p1/loginrec.c:621:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dst, src, (size_t)dstsize);
data/openssh-8.4p1/loginrec.c:693:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ut->ut_name, li->username,
data/openssh-8.4p1/loginrec.c:696:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ut->ut_host, li->hostname,
data/openssh-8.4p1/loginrec.c:766:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(utx->ut_user, li->username,
data/openssh-8.4p1/loginrec.c:778:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(utx->ut_host, li->hostname,
data/openssh-8.4p1/loginrec.c:804:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utx->ut_syslen = MIN(strlen(li->hostname), sizeof(utx->ut_host));
data/openssh-8.4p1/loginrec.c:892:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, fd, &old_ut, sizeof(old_ut)) == sizeof(old_ut) &&
data/openssh-8.4p1/loginrec.c:1211:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, fd, &ut, sizeof(ut)) != sizeof(ut)) {
data/openssh-8.4p1/loginrec.c:1376:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, fd, &utx, sizeof(utx)) != sizeof(utx)) {
data/openssh-8.4p1/loginrec.c:1597:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = atomicio(read, fd, &last, sizeof(last));
data/openssh-8.4p1/loginrec.c:1693:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ut.ut_user, username, sizeof(ut.ut_user));
data/openssh-8.4p1/loginrec.c:1702:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ut.ut_host, hostname, sizeof(ut.ut_host));
data/openssh-8.4p1/mac.c:93:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(m->name);
data/openssh-8.4p1/match.c:127:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int i, subi, len = strlen(pattern);
data/openssh-8.4p1/match.c:296:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(c) : (u_int)(cp - c);
data/openssh-8.4p1/match.c:304:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*next = strlen(c);
data/openssh-8.4p1/match.c:320:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(proposal) + 1;
data/openssh-8.4p1/md5crypt.c:47:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strncmp(salt, magic, strlen(magic)) == 0);
data/openssh-8.4p1/md5crypt.c:64:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(sp, magic, strlen(magic)) == 0)
data/openssh-8.4p1/md5crypt.c:65:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp += strlen(magic);
data/openssh-8.4p1/md5crypt.c:83:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&ctx, pw, strlen(pw));
data/openssh-8.4p1/md5crypt.c:86:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&ctx, magic, strlen(magic));
data/openssh-8.4p1/md5crypt.c:93:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&ctx1, pw, strlen(pw));
data/openssh-8.4p1/md5crypt.c:95:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&ctx1, pw, strlen(pw));
data/openssh-8.4p1/md5crypt.c:98:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(pl = strlen(pw); pl > 0; pl -= 16)
data/openssh-8.4p1/md5crypt.c:105:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 0, i = strlen(pw); i != 0; i >>= 1)
data/openssh-8.4p1/md5crypt.c:124:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&ctx1, pw, strlen(pw));
data/openssh-8.4p1/md5crypt.c:132:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&ctx1, pw, strlen(pw));
data/openssh-8.4p1/md5crypt.c:137:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&ctx1, pw, strlen(pw));
data/openssh-8.4p1/misc.c:346:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(*s, *s + 1, strlen(*s)); /* move nul too */
data/openssh-8.4p1/misc.c:632:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = *cp + strlen(*cp); /* skip to end (see first case below) */
data/openssh-8.4p1/misc.c:663:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*host == '[' && host[strlen(host) - 1] == ']') {
data/openssh-8.4p1/misc.c:664:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
host[strlen(host) - 1] = '\0';
data/openssh-8.4p1/misc.c:856:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = xmalloc(strlen(src) + 1);
data/openssh-8.4p1/misc.c:903:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(scheme);
data/openssh-8.4p1/misc.c:1076:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pw->pw_dir);
data/openssh-8.4p1/misc.c:1162:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((r = sshbuf_put(buf, val, strlen(val))) !=0)
data/openssh-8.4p1/misc.c:1195:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(keys[i].repl))) != 0) {
data/openssh-8.4p1/misc.c:1951:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arg = argv[argc++] = xcalloc(1, strlen(s + i) + 1);
data/openssh-8.4p1/misc.c:2198:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(name);
data/openssh-8.4p1/misc.c:2221:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1);
data/openssh-8.4p1/misc.c:2221:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1);
data/openssh-8.4p1/misc.c:2222:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value);
data/openssh-8.4p1/misc.c:2222:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value);
data/openssh-8.4p1/misc.c:2232:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i, l = strlen(name);
data/openssh-8.4p1/misc.c:2320:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (strlen(s)) {
data/openssh-8.4p1/misc.c:2388:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t opt_len = strlen(opt);
data/openssh-8.4p1/misc.c:2416:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ret = malloc(strlen((s)) + 1)) == NULL) {
data/openssh-8.4p1/misc.c:2439:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp((*opts), term, strlen(term)) == 0 &&
data/openssh-8.4p1/misc.c:2440:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*opts)[strlen(term)] == '=') {
data/openssh-8.4p1/misc.c:2441:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*opts += strlen(term) + 1;
data/openssh-8.4p1/moduli.c:629:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lp) < 14 || *lp == '!' || *lp == '#') {
data/openssh-8.4p1/monitor.c:453:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, pmonitor->m_log_recvfd, p, 4) != 4) {
data/openssh-8.4p1/monitor.c:472:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, pmonitor->m_log_recvfd, p, len) != len)
data/openssh-8.4p1/monitor.c:865:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(authctxt->style) == 0) {
data/openssh-8.4p1/monitor.c:870:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(authctxt->role) == 0) {
data/openssh-8.4p1/monitor.c:890:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(authctxt->role) == 0) {
data/openssh-8.4p1/monitor.c:1410:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((len = strlen(cp)) > 0) && cp[len - 1] == '.')
data/openssh-8.4p1/monitor_wrap.c:148:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
data/openssh-8.4p1/monitor_wrap.c:159:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, sock, p, msg_len) != msg_len)
data/openssh-8.4p1/monitor_wrap.c:360:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(banner) == 0) {
data/openssh-8.4p1/monitor_wrap.c:623:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((r = sshbuf_put(loginmsg, msg, strlen(msg))) != 0)
data/openssh-8.4p1/msg.c:74:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, fd, buf, sizeof(buf)) != sizeof(buf)) {
data/openssh-8.4p1/msg.c:89:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, fd, p, msg_len) != msg_len) {
data/openssh-8.4p1/mux.c:396:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((r = sshbuf_put(cctx->cmd, cmd, strlen(cmd))) != 0)
data/openssh-8.4p1/mux.c:1318:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
old_umask = umask(0177);
data/openssh-8.4p1/mux.c:1321:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(old_umask);
data/openssh-8.4p1/mux.c:1494:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, p + have, need - have);
data/openssh-8.4p1/openbsd-compat/arc4random.c:103:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, s + o, len - o);
data/openssh-8.4p1/openbsd-compat/basename.c:41:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
endp = path + strlen(path) - 1;
data/openssh-8.4p1/openbsd-compat/blowfish.c:685:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blf_key(&c, (u_int8_t *) key2, strlen(key2));
data/openssh-8.4p1/openbsd-compat/bsd-closefrom.c:35:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define NAMLEN(dirent) strlen((dirent)->d_name)
data/openssh-8.4p1/openbsd-compat/bsd-cygwin_util.c:223:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int i, subi, len = strlen(pattern);
data/openssh-8.4p1/openbsd-compat/bsd-getline.c:62:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(fp);
data/openssh-8.4p1/openbsd-compat/bsd-misc.c:274:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
int usleep(unsigned int useconds)
data/openssh-8.4p1/openbsd-compat/bsd-misc.c:325:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/openssh-8.4p1/openbsd-compat/bsd-misc.h:105:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
int usleep(unsigned int useconds);
data/openssh-8.4p1/openbsd-compat/bsd-openpty.c:168:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int num_minors = strlen(ptyminors);
data/openssh-8.4p1/openbsd-compat/bsd-openpty.c:169:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int num_ptys = strlen(ptymajors) * num_minors;
data/openssh-8.4p1/openbsd-compat/bsd-snprintf.c:426:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max = strlen(strvalue);
data/openssh-8.4p1/openbsd-compat/dirname.c:43:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
endp = path + strlen(path) - 1;
data/openssh-8.4p1/openbsd-compat/fnmatch.c:113:9: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
*ep = mismatch;
data/openssh-8.4p1/openbsd-compat/fnmatch.c:119:9: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
*ep = mismatch;
data/openssh-8.4p1/openbsd-compat/fnmatch.c:136:9: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
*ep = mismatch;
data/openssh-8.4p1/openbsd-compat/fnmatch.c:256:14: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
*pattern = mismatch;
data/openssh-8.4p1/openbsd-compat/fnmatch.c:470:16: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
pattern = mismatch;
data/openssh-8.4p1/openbsd-compat/getopt_long.c:193:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_argv_len = strlen(current_argv);
data/openssh-8.4p1/openbsd-compat/getopt_long.c:201:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(long_options[i].name) == current_argv_len) {
data/openssh-8.4p1/openbsd-compat/inet_ntop.c:182:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp += strlen(tp);
data/openssh-8.4p1/openbsd-compat/mktemp.c:56:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/openssh-8.4p1/openbsd-compat/port-aix.c:82:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name));
data/openssh-8.4p1/openbsd-compat/port-aix.c:162:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) + 1;
data/openssh-8.4p1/openbsd-compat/port-aix.c:208:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg, strlen(msg))) != 0)
data/openssh-8.4p1/openbsd-compat/port-aix.c:268:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((r = sshbuf_put(loginmsg, msg, strlen(msg))) != 0)
data/openssh-8.4p1/openbsd-compat/port-linux.c:215:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlen = strlen(oldctx) + strlen(newname) + 1;
data/openssh-8.4p1/openbsd-compat/port-linux.c:215:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlen = strlen(oldctx) + strlen(newname) + 1;
data/openssh-8.4p1/openbsd-compat/port-net.c:68:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name, strlen(name)) == -1) {
data/openssh-8.4p1/openbsd-compat/port-net.c:89:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name, strlen(name)) == -1) {
data/openssh-8.4p1/openbsd-compat/readpassphrase.c:129:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)write(output, prompt, strlen(prompt));
data/openssh-8.4p1/openbsd-compat/readpassphrase.c:132:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
data/openssh-8.4p1/openbsd-compat/regress/closefromtest.c:54:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fds[i], buf, sizeof(buf)) == -1)
data/openssh-8.4p1/openbsd-compat/setenv.c:147:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l_value = strlen(value);
data/openssh-8.4p1/openbsd-compat/setenv.c:153:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(C) >= l_value) { /* old larger; copy over */
data/openssh-8.4p1/openbsd-compat/setproctitle.c:101:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastargv = argv[i] + strlen(argv[i]);
data/openssh-8.4p1/openbsd-compat/setproctitle.c:105:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastargv = envp[i] + strlen(envp[i]);
data/openssh-8.4p1/openbsd-compat/setproctitle.c:158:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pstat(PSTAT_SETCMD, pst, strlen(ptitle), 0, 0);
data/openssh-8.4p1/openbsd-compat/sha2.c:98:32: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
data/openssh-8.4p1/openbsd-compat/strcasestr.c:56:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(find);
data/openssh-8.4p1/openbsd-compat/strlcat.c:49:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return(dlen + strlen(s));
data/openssh-8.4p1/openbsd-compat/strptime.c:175:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(_ctloc(day[i]));
data/openssh-8.4p1/openbsd-compat/strptime.c:180:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(_ctloc(abday[i]));
data/openssh-8.4p1/openbsd-compat/strptime.c:199:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(_ctloc(mon[i]));
data/openssh-8.4p1/openbsd-compat/strptime.c:204:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(_ctloc(abmon[i]));
data/openssh-8.4p1/openbsd-compat/strptime.c:275:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(_ctloc(am_pm[0]));
data/openssh-8.4p1/openbsd-compat/strptime.c:286:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(_ctloc(am_pm[1]));
data/openssh-8.4p1/openbsd-compat/vis.c:222:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = reallocarray(NULL, 4, strlen(src) + 1);
data/openssh-8.4p1/openbsd-compat/xcrypt.c:90:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(passwd, strlen(passwd));
data/openssh-8.4p1/packet.c:1398:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(state->connection_in, buf, sizeof(buf));
data/openssh-8.4p1/progressmeter.c:181:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf + strlen(buf), win_size - strlen(buf),
data/openssh-8.4p1/progressmeter.c:181:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf + strlen(buf), win_size - strlen(buf),
data/openssh-8.4p1/progressmeter.c:185:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
format_size(buf + strlen(buf), win_size - strlen(buf),
data/openssh-8.4p1/progressmeter.c:185:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
format_size(buf + strlen(buf), win_size - strlen(buf),
data/openssh-8.4p1/progressmeter.c:190:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
format_rate(buf + strlen(buf), win_size - strlen(buf),
data/openssh-8.4p1/progressmeter.c:190:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
format_rate(buf + strlen(buf), win_size - strlen(buf),
data/openssh-8.4p1/progressmeter.c:216:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf + strlen(buf), win_size - strlen(buf),
data/openssh-8.4p1/progressmeter.c:216:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf + strlen(buf), win_size - strlen(buf),
data/openssh-8.4p1/progressmeter.c:219:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf + strlen(buf), win_size - strlen(buf),
data/openssh-8.4p1/progressmeter.c:219:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf + strlen(buf), win_size - strlen(buf),
data/openssh-8.4p1/readconf.c:354:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssh_digest_update(md, thishost, strlen(thishost)) < 0 ||
data/openssh-8.4p1/readconf.c:355:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssh_digest_update(md, host, strlen(host)) < 0 ||
data/openssh-8.4p1/readconf.c:356:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssh_digest_update(md, portstr, strlen(portstr)) < 0 ||
data/openssh-8.4p1/readconf.c:357:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssh_digest_update(md, user, strlen(user)) < 0 ||
data/openssh-8.4p1/readconf.c:954:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(line)) == 0)
data/openssh-8.4p1/readconf.c:2436:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(cp, cp + 1, strlen(cp + 1) + 1);
data/openssh-8.4p1/readconf.c:2576:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(fwd->connect_host) >= NI_MAXHOST)
data/openssh-8.4p1/readconf.c:2580:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(fwd->connect_path) >= PATH_MAX_SUN)
data/openssh-8.4p1/readconf.c:2583:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(fwd->listen_host) >= NI_MAXHOST)
data/openssh-8.4p1/readconf.c:2586:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(fwd->listen_path) >= PATH_MAX_SUN)
data/openssh-8.4p1/readconf.c:3007:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strspn(o->jump_host, "1234567890.") == strlen(o->jump_host);
data/openssh-8.4p1/readpass.c:87:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t r = read(p[0], buf + len, sizeof(buf) - 1 - len);
data/openssh-8.4p1/readpass.c:249:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)write(STDERR_FILENO, prompt, strlen(prompt));
data/openssh-8.4p1/regress/check-perm.c:43:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) >= sizeof(component))
data/openssh-8.4p1/regress/misc/fuzz-harness/sig_fuzz.cc:38:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
static const size_t dlen = strlen(data);
data/openssh-8.4p1/regress/misc/fuzz-harness/sshsig_fuzz.cc:23:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct sshbuf *message = sshbuf_from(data, strlen(data));
data/openssh-8.4p1/regress/misc/sk-dummy/sk-dummy.c:340:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA256_Update(&ctx, application, strlen(application));
data/openssh-8.4p1/regress/misc/sk-dummy/sk-dummy.c:419:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA256_Update(&ctx, application, strlen(application));
data/openssh-8.4p1/regress/modpipe.c:107:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = s = read(STDIN_FILENO, buf, sizeof(buf));
data/openssh-8.4p1/regress/netcat.c:81:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))
data/openssh-8.4p1/regress/netcat.c:282:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(optarg) > 1 && optarg[0] == '0' &&
data/openssh-8.4p1/regress/netcat.c:987:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, buf + *bufpos, num);
data/openssh-8.4p1/regress/netcat.c:1440:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, fd, buf + off, 1) != 1)
data/openssh-8.4p1/regress/netcat.c:1514:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cnt = atomicio(read, proxyfd, buf, 2);
data/openssh-8.4p1/regress/netcat.c:1526:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hlen = strlen(host);
data/openssh-8.4p1/regress/netcat.c:1567:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cnt = atomicio(read, proxyfd, buf, 4);
data/openssh-8.4p1/regress/netcat.c:1574:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cnt = atomicio(read, proxyfd, buf + 4, 6);
data/openssh-8.4p1/regress/netcat.c:1579:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cnt = atomicio(read, proxyfd, buf + 4, 18);
data/openssh-8.4p1/regress/netcat.c:1603:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cnt = atomicio(read, proxyfd, buf, 8);
data/openssh-8.4p1/regress/netcat.c:1612:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcspn(host, "\r\n\t []:") != strlen(host))
data/openssh-8.4p1/regress/netcat.c:1627:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = strlen(buf);
data/openssh-8.4p1/regress/netcat.c:1640:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b64_ntop(buf, strlen(buf), resp,
data/openssh-8.4p1/regress/netcat.c:1647:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = strlen(buf);
data/openssh-8.4p1/regress/unittests/sshbuf/test_sshbuf_misc.c:107:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_SIZE_T_EQ(strlen(p), ((8191 + 2) / 3) * 4);
data/openssh-8.4p1/regress/unittests/sshbuf/test_sshbuf_misc.c:145:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_SIZE_T_EQ(strlen(p), 0);
data/openssh-8.4p1/regress/unittests/sshbuf/test_sshbuf_misc.c:148:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_INT_EQ(sshbuf_put(p1, "quad1", strlen("quad1")), 0);
data/openssh-8.4p1/regress/unittests/sshbuf/test_sshbuf_misc.c:151:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_SIZE_T_EQ(strlen(p), strlen("quad1"));
data/openssh-8.4p1/regress/unittests/sshbuf/test_sshbuf_misc.c:151:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_SIZE_T_EQ(strlen(p), strlen("quad1"));
data/openssh-8.4p1/regress/unittests/sshbuf/test_sshbuf_misc.c:158:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_SIZE_T_EQ(strlen(p), strlen("quad1"));
data/openssh-8.4p1/regress/unittests/sshbuf/test_sshbuf_misc.c:158:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_SIZE_T_EQ(strlen(p), strlen("quad1"));
data/openssh-8.4p1/regress/unittests/sshbuf/test_sshbuf_misc.c:162:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_INT_EQ(sshbuf_put(p1, "quad2", strlen("quad2")), 0);
data/openssh-8.4p1/regress/unittests/test_helper/fuzz.c:207:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atomicio(vwrite, STDERR_FILENO, buf, strlen(buf));
data/openssh-8.4p1/regress/unittests/test_helper/fuzz.c:210:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atomicio(vwrite, STDERR_FILENO, buf, strlen(buf));
data/openssh-8.4p1/regress/unittests/test_helper/test_helper.c:242:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atomicio(vwrite, STDERR_FILENO, buf, strlen(buf));
data/openssh-8.4p1/regress/unittests/test_helper/test_helper.c:379:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr, "%12s = %s (len %zu)\n", a1, aa1, strlen(aa1));
data/openssh-8.4p1/regress/unittests/test_helper/test_helper.c:380:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr, "%12s = %s (len %zu)\n", a2, aa2, strlen(aa2));
data/openssh-8.4p1/regress/unittests/utf8/tests.c:44:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wantlen = strlen(wants);
data/openssh-8.4p1/scp.c:635:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) atomicio(vwrite, fd, buf, strlen(buf));
data/openssh-8.4p1/scp.c:729:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int o = 0, tail_len = strlen(pattern + brace_end + 1);
data/openssh-8.4p1/scp.c:1093:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/openssh-8.4p1/scp.c:1139:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) atomicio(vwrite, remout, buf, strlen(buf));
data/openssh-8.4p1/scp.c:1157:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((nr = atomicio(read, fd,
data/openssh-8.4p1/scp.c:1216:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) atomicio(vwrite, remout, path, strlen(path));
data/openssh-8.4p1/scp.c:1226:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) {
data/openssh-8.4p1/scp.c:1226:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) {
data/openssh-8.4p1/scp.c:1270:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mask = umask(0);
data/openssh-8.4p1/scp.c:1272:10: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void) umask(mask);
data/openssh-8.4p1/scp.c:1294:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, remin, cp, 1) != 1)
data/openssh-8.4p1/scp.c:1299:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, remin, &ch, sizeof(ch)) != sizeof(ch))
data/openssh-8.4p1/scp.c:1312:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
visbuf, strlen(visbuf));
data/openssh-8.4p1/scp.c:1409:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
need = strlen(targ) + strlen(cp) + 250;
data/openssh-8.4p1/scp.c:1409:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
need = strlen(targ) + strlen(cp) + 250;
data/openssh-8.4p1/scp.c:1480:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
j = atomicio6(read, remin, cp, amt,
data/openssh-8.4p1/scp.c:1570:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, remin, &resp, sizeof(resp)) != sizeof(resp))
data/openssh-8.4p1/scp.c:1583:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, remin, &ch, sizeof(ch)) != sizeof(ch))
data/openssh-8.4p1/scp.c:1593:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
visbuf, strlen(visbuf));
data/openssh-8.4p1/servconf.c:1308:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(line)) == 0)
data/openssh-8.4p1/servconf.c:1897:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p) + 1;
data/openssh-8.4p1/servconf.c:1899:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += 1 + strlen(arg);
data/openssh-8.4p1/servconf.c:2478:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0)
data/openssh-8.4p1/serverloop.c:159:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(notify_pipe[0], &c, 1) != -1)
data/openssh-8.4p1/serverloop.c:329:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(connection_in, buf, sizeof(buf));
data/openssh-8.4p1/session.c:903:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/openssh-8.4p1/session.c:941:4: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask((mode_t)mask);
data/openssh-8.4p1/session.c:1323:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) >= sizeof(component))
data/openssh-8.4p1/session.c:2732:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (utmp_size == 0 || strlen(remote) > utmp_size)
data/openssh-8.4p1/sftp-client.c:144:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio6(read, conn->fd_in, p, 4, sftpio,
data/openssh-8.4p1/sftp-client.c:163:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio6(read, conn->fd_in, p, msg_len, sftpio,
data/openssh-8.4p1/sftp-client.c:709:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send_string_request(conn, id, SSH2_FXP_REMOVE, path, strlen(path));
data/openssh-8.4p1/sftp-client.c:723:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(path), a);
data/openssh-8.4p1/sftp-client.c:739:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(path));
data/openssh-8.4p1/sftp-client.c:757:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path, strlen(path));
data/openssh-8.4p1/sftp-client.c:777:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(path));
data/openssh-8.4p1/sftp-client.c:804:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(path), a);
data/openssh-8.4p1/sftp-client.c:843:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(path));
data/openssh-8.4p1/sftp-client.c:1043:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send_string_request(conn, id, SSH2_FXP_READLINK, path, strlen(path));
data/openssh-8.4p1/sftp-client.c:1725:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(local_fd, data, conn->transfer_buflen);
data/openssh-8.4p1/sftp-client.c:1948:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(p1) + strlen(p2) + 2;
data/openssh-8.4p1/sftp-client.c:1948:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(p1) + strlen(p2) + 2;
data/openssh-8.4p1/sftp-client.c:1952:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p1[0] != '\0' && p1[strlen(p1) - 1] != '/')
data/openssh-8.4p1/sftp-common.c:246:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ulen = MAXIMUM(strlen(user), 8);
data/openssh-8.4p1/sftp-common.c:247:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
glen = MAXIMUM(strlen(group), 8);
data/openssh-8.4p1/sftp-realpath.c:99:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resolved_len = strlen(resolved);
data/openssh-8.4p1/sftp-server.c:763:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, buf, len);
data/openssh-8.4p1/sftp-server.c:1646:10: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void)umask((mode_t)mask);
data/openssh-8.4p1/sftp-server.c:1741:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(in, buf, sizeof buf);
data/openssh-8.4p1/sftp.c:359:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(_PATH_LS " ") + strlen(args) + 1;
data/openssh-8.4p1/sftp.c:359:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(_PATH_LS " ") + strlen(args) + 1;
data/openssh-8.4p1/sftp.c:378:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(strip);
data/openssh-8.4p1/sftp.c:639:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(pathname);
data/openssh-8.4p1/sftp.c:860:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = MAXIMUM(m, strlen(d[n]->filename));
data/openssh-8.4p1/sftp.c:865:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m += strlen(tmp);
data/openssh-8.4p1/sftp.c:1002:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = MAXIMUM(m, strlen(g.gl_pathv[i]));
data/openssh-8.4p1/sftp.c:1188:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg) > sizeof(argvs) - 1) {
data/openssh-8.4p1/sftp.c:1475:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = cp + strlen(cmd) + strspn(cp, WHITESPACE);
data/openssh-8.4p1/sftp.c:1691:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(n_arg);
data/openssh-8.4p1/sftp.c:1812:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = MAXIMUM(m, strlen(list[y]));
data/openssh-8.4p1/sftp.c:1826:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
llen = strlen(list[y]);
data/openssh-8.4p1/sftp.c:1850:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int y, matchlen = strlen(list[0]);
data/openssh-8.4p1/sftp.c:1863:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (matchlen > strlen(word)) {
data/openssh-8.4p1/sftp.c:1900:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmdlen = strlen(cmd);
data/openssh-8.4p1/sftp.c:1922:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(tmp);
data/openssh-8.4p1/sftp.c:1923:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmdlen = strlen(cmd);
data/openssh-8.4p1/sftp.c:1958:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncasecmp(cmd, cmds[i].c, strlen(cmds[i].c)))
data/openssh-8.4p1/sftp.c:2025:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(tmp);
data/openssh-8.4p1/sftp.c:2026:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filelen = strlen(file);
data/openssh-8.4p1/sftp.c:2040:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tmp2);
data/openssh-8.4p1/sk-usbhid.c:333:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sha256_mem(data, strlen(data), message, sizeof(message)) != 0) {
data/openssh-8.4p1/ssh-add.c:109:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(pass, strlen(pass));
data/openssh-8.4p1/ssh-add.c:569:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(p2, strlen(p2));
data/openssh-8.4p1/ssh-add.c:580:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(p1, strlen(p1));
data/openssh-8.4p1/ssh-agent.c:696:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(delay);
data/openssh-8.4p1/ssh-agent.c:1034:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((len = read(sockets[socknum].fd, buf, sizeof(buf))) <= 0) {
data/openssh-8.4p1/ssh-agent.c:1374:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (shell != NULL && (len = strlen(shell)) > 2 &&
data/openssh-8.4p1/ssh-agent.c:1437:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
prev_mask = umask(0177);
data/openssh-8.4p1/ssh-agent.c:1444:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(prev_mask);
data/openssh-8.4p1/ssh-ecdsa-sk.c:113:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(r = sshbuf_put(m, origin, strlen(origin))) != 0 ||
data/openssh-8.4p1/ssh-ecdsa-sk.c:259:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(key->sk_application), apphash, sizeof(apphash))) != 0)
data/openssh-8.4p1/ssh-ed25519-sk.c:99:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(key->sk_application), apphash, sizeof(apphash)) != 0 ||
data/openssh-8.4p1/ssh-keygen.c:330:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(pass, strlen(pass));
data/openssh-8.4p1/ssh-keygen.c:610:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fp)) != EOF) {
data/openssh-8.4p1/ssh-keygen.c:615:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/openssh-8.4p1/ssh-keygen.c:664:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(encoded);
data/openssh-8.4p1/ssh-keygen.c:1177:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
data/openssh-8.4p1/ssh-keygen.c:1329:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(077);
data/openssh-8.4p1/ssh-keygen.c:1422:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(old_passphrase, strlen(old_passphrase));
data/openssh-8.4p1/ssh-keygen.c:1445:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(passphrase1, strlen(passphrase1));
data/openssh-8.4p1/ssh-keygen.c:1446:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(passphrase2, strlen(passphrase2));
data/openssh-8.4p1/ssh-keygen.c:1453:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(passphrase2, strlen(passphrase2));
data/openssh-8.4p1/ssh-keygen.c:1461:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(passphrase1, strlen(passphrase1));
data/openssh-8.4p1/ssh-keygen.c:1467:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(passphrase1, strlen(passphrase1));
data/openssh-8.4p1/ssh-keygen.c:1536:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(passphrase, strlen(passphrase));
data/openssh-8.4p1/ssh-keygen.c:1546:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(passphrase, strlen(passphrase));
data/openssh-8.4p1/ssh-keygen.c:1561:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(passphrase, strlen(passphrase));
data/openssh-8.4p1/ssh-keygen.c:1581:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(passphrase, strlen(passphrase));
data/openssh-8.4p1/ssh-keygen.c:1586:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(passphrase, strlen(passphrase));
data/openssh-8.4p1/ssh-keygen.c:1599:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(new_comment) > 0)
data/openssh-8.4p1/ssh-keygen.c:1905:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(pin, strlen(pin));
data/openssh-8.4p1/ssh-keygen.c:2220:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen(cp);
data/openssh-8.4p1/ssh-keygen.c:2482:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i, slen, plen = strlen(keypath);
data/openssh-8.4p1/ssh-keygen.c:2494:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(suffixes[i]);
data/openssh-8.4p1/ssh-keygen.c:2598:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(asig)) != strlen(asig)) {
data/openssh-8.4p1/ssh-keygen.c:2598:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(asig)) != strlen(asig)) {
data/openssh-8.4p1/ssh-keygen.c:2619:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(pin, strlen(pin));
data/openssh-8.4p1/ssh-keygen.c:2958:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(passphrase1, strlen(passphrase1));
data/openssh-8.4p1/ssh-keygen.c:2959:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(passphrase2, strlen(passphrase2));
data/openssh-8.4p1/ssh-keygen.c:2964:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(passphrase2, strlen(passphrase2));
data/openssh-8.4p1/ssh-keygen.c:2999:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(pin, strlen(pin));
data/openssh-8.4p1/ssh-keygen.c:3006:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(pin, strlen(pin));
data/openssh-8.4p1/ssh-keygen.c:3067:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(pass, strlen(pass));
data/openssh-8.4p1/ssh-keygen.c:3084:10: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
omask = umask(077);
data/openssh-8.4p1/ssh-keygen.c:3086:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(omask);
data/openssh-8.4p1/ssh-keygen.c:3655:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(passphrase, strlen(passphrase));
data/openssh-8.4p1/ssh-keygen.c:3669:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(passphrase, strlen(passphrase));
data/openssh-8.4p1/ssh-keygen.c:3705:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(passphrase, strlen(passphrase));
data/openssh-8.4p1/ssh-keygen.c:3708:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(passphrase, strlen(passphrase));
data/openssh-8.4p1/ssh-keyscan.c:493:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(n = atomicio(read, s, cp, 1)) == 1 && *cp != '\n') {
data/openssh-8.4p1/ssh-keyscan.c:551:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = atomicio(read, s, c->c_data + c->c_off, c->c_len - c->c_off);
data/openssh-8.4p1/ssh-keyscan.c:795:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = line + strlen(line) - 1;
data/openssh-8.4p1/ssh-keysign.c:132:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(host) != len - 1)
data/openssh-8.4p1/ssh-pkcs11-client.c:78:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((len = atomicio(read, fd, buf, 4)) != 4) {
data/openssh-8.4p1/ssh-pkcs11-client.c:91:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, fd, buf, l) != l) {
data/openssh-8.4p1/ssh-pkcs11-client.c:301:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (helper == NULL || strlen(helper) == 0)
data/openssh-8.4p1/ssh-pkcs11-helper.c:395:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(in, buf, sizeof buf);
data/openssh-8.4p1/ssh-pkcs11.c:271:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(pin != NULL) ? strlen(pin) : 0);
data/openssh-8.4p1/ssh-pkcs11.c:273:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(pin, strlen(pin));
data/openssh-8.4p1/ssh-pkcs11.c:660:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(pin == NULL || strlen(pin) == 0)) {
data/openssh-8.4p1/ssh-pkcs11.c:669:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (login_required && pin != NULL && strlen(pin) != 0) {
data/openssh-8.4p1/ssh-pkcs11.c:670:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rv = f->C_Login(session, user, (u_char *)pin, strlen(pin));
data/openssh-8.4p1/ssh-pkcs11.c:1328:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FILL_ATTR(tpub, npub, CKA_LABEL, plabel, strlen(plabel));
data/openssh-8.4p1/ssh-pkcs11.c:1341:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FILL_ATTR(tpriv, npriv, CKA_LABEL, plabel, strlen(plabel));
data/openssh-8.4p1/ssh-pkcs11.c:1377:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(hex)) % 2)
data/openssh-8.4p1/ssh-pkcs11.c:1447:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FILL_ATTR(tpub, npub, CKA_LABEL, plabel, strlen(plabel));
data/openssh-8.4p1/ssh-pkcs11.c:1458:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FILL_ATTR(tpriv, npriv, CKA_LABEL, plabel, strlen(plabel));
data/openssh-8.4p1/ssh-pkcs11.c:1706:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((rv = f->C_SetOperationState(session , pin, strlen(pin),
data/openssh-8.4p1/ssh-pkcs11.c:1778:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((rv = f->C_SetOperationState(session , pin, strlen(pin),
data/openssh-8.4p1/ssh-rsa.c:179:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (alg_ident == NULL || strlen(alg_ident) == 0)
data/openssh-8.4p1/ssh-sk-client.c:59:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (helper == NULL || strlen(helper) == 0)
data/openssh-8.4p1/ssh-sk-helper.c:143:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(pin, strlen(pin));
data/openssh-8.4p1/ssh-sk-helper.c:206:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(pin, strlen(pin));
data/openssh-8.4p1/ssh-sk-helper.c:265:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(pin, strlen(pin));
data/openssh-8.4p1/ssh.c:338:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strspn(name, "0123456789.") == strlen(name));
data/openssh-8.4p1/ssh.c:513:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*hostp)[strlen(*hostp) - 1] == '.') {
data/openssh-8.4p1/ssh.c:547:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullhost[strlen(fullhost) - 1] = '\0';
data/openssh-8.4p1/ssh.c:700:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(022);
data/openssh-8.4p1/ssh.c:824:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cp);
data/openssh-8.4p1/ssh.c:948:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(optarg) == 1)
data/openssh-8.4p1/ssh.c:1408:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(options.remote_command))) != 0)
data/openssh-8.4p1/ssh.c:1507:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(options.sk_provider) > 1) {
data/openssh-8.4p1/ssh_api.c:365:7: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mismatch, strlen(mismatch))) != 0)
data/openssh-8.4p1/ssh_api.c:365:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mismatch, strlen(mismatch))) != 0)
data/openssh-8.4p1/ssh_api.c:365:24: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mismatch, strlen(mismatch))) != 0)
data/openssh-8.4p1/ssh_api.c:529:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = strlen(avail) + 1;
data/openssh-8.4p1/sshbuf-getput-basic.c:534:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sshbuf_put_string(buf, v, v == NULL ? 0 : strlen(v));
data/openssh-8.4p1/sshbuf-io.c:52:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
data/openssh-8.4p1/sshbuf-misc.c:120:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((r = sshbuf_put(b64, s, strlen(s))) != 0)
data/openssh-8.4p1/sshbuf-misc.c:150:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t plen = strlen(b64);
data/openssh-8.4p1/sshconnect.c:1103:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msg);
data/openssh-8.4p1/sshconnect2.c:154:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = strlen(avail) + 1;
data/openssh-8.4p1/sshconnect2.c:1217:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(password, strlen(password));
data/openssh-8.4p1/sshconnect2.c:1248:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(info) > 0)
data/openssh-8.4p1/sshconnect2.c:1264:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(password, strlen(password));
data/openssh-8.4p1/sshconnect2.c:1281:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(password, strlen(password));
data/openssh-8.4p1/sshconnect2.c:1285:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(retype, strlen(retype));
data/openssh-8.4p1/sshconnect2.c:1297:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(password, strlen(password));
data/openssh-8.4p1/sshconnect2.c:1424:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(pin, strlen(pin));
data/openssh-8.4p1/sshconnect2.c:1434:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(id->filename), plen = strlen(private_id->filename);
data/openssh-8.4p1/sshconnect2.c:1434:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(id->filename), plen = strlen(private_id->filename);
data/openssh-8.4p1/sshconnect2.c:1440:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(suffixes[i]);
data/openssh-8.4p1/sshconnect2.c:1715:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(passphrase, strlen(passphrase));
data/openssh-8.4p1/sshconnect2.c:2057:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > 0)
data/openssh-8.4p1/sshconnect2.c:2059:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(inst) > 0)
data/openssh-8.4p1/sshconnect2.c:2082:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(response, strlen(response));
data/openssh-8.4p1/sshconnect2.c:2093:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(response, strlen(response));
data/openssh-8.4p1/sshconnect2.c:2403:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (authlist == NULL || strlen(authlist) == 0)
data/openssh-8.4p1/sshd.c:1236:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (read(startup_pipes[i], &c, sizeof(c))) {
data/openssh-8.4p1/sshd.c:1275:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100 * 1000);
data/openssh-8.4p1/sshd.c:1815:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(privsep_pw->pw_passwd, strlen(privsep_pw->pw_passwd));
data/openssh-8.4p1/sshd.c:2023:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
new_umask = umask(0077) | 0022;
data/openssh-8.4p1/sshd.c:2024:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void) umask(new_umask);
data/openssh-8.4p1/sshd.c:2443:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
data/openssh-8.4p1/sshd.c:2463:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
data/openssh-8.4p1/sshkey-xmss.c:405:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, fd, buf, sizeof(buf)) != sizeof(buf)) {
data/openssh-8.4p1/sshkey-xmss.c:414:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (atomicio(read, fd, data, len) != len) {
data/openssh-8.4p1/sshkey-xmss.c:492:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000*100*tries);
data/openssh-8.4p1/sshkey.c:269:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(kt->name);
data/openssh-8.4p1/sshkey.c:1034:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t plen = strlen(alg) + 1;
data/openssh-8.4p1/sshkey.c:1056:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i, rlen = dgst_raw_len * 3 + strlen(alg) + 2;
data/openssh-8.4p1/sshkey.c:1165:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(augmentation_string) - 1;
data/openssh-8.4p1/sshkey.c:1208:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = (r <= 0) ? 0 : strlen(title);
data/openssh-8.4p1/sshkey.c:1212:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hlen = (r <= 0) ? 0 : strlen(hash);
data/openssh-8.4p1/sshkey.c:1297:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (kt->name == NULL || strlen(kt->name) != l)
data/openssh-8.4p1/sshkey.c:1348:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (space == strlen(cp))
data/openssh-8.4p1/sshkey.c:3851:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (passphrase == NULL || !strlen(passphrase)) {
data/openssh-8.4p1/sshkey.c:3877:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bcrypt_pbkdf(passphrase, strlen(passphrase),
data/openssh-8.4p1/sshkey.c:3958:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(b64, strlen(b64));
data/openssh-8.4p1/sshkey.c:4092:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((passphrase == NULL || strlen(passphrase) == 0) &&
data/openssh-8.4p1/sshkey.c:4118:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bcrypt_pbkdf(passphrase, strlen(passphrase), salt, slen,
data/openssh-8.4p1/sshkey.c:4327:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int blen, len = strlen(_passphrase);
data/openssh-8.4p1/sshkey.c:4521:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p == NULL || (len = strlen(p)) == 0)
data/openssh-8.4p1/sshlogin.c:107:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
time_string, strlen(time_string))) != 0)
data/openssh-8.4p1/sshsig.c:413:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(hex, strlen(hex));
data/openssh-8.4p1/sshsig.c:515:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((n = read(fd, rbuf, sizeof(rbuf))) == -1) {
data/openssh-8.4p1/sshsig.c:541:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freezero(hex, strlen(hex));
data/openssh-8.4p1/sshsig.c:893:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcspn(cp, "!?*") != strlen(cp)) {
data/openssh-8.4p1/utf8.c:122:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(src) + 1;
data/openssh-8.4p1/xmalloc.c:92:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
ANALYSIS SUMMARY:
Hits = 1595
Lines analyzed = 150121 in approximately 3.94 seconds (38112 lines/second)
Physical Source Lines of Code (SLOC) = 113440
Hits@level = [0] 802 [1] 496 [2] 870 [3] 91 [4] 121 [5] 17
Hits@level+ = [0+] 2397 [1+] 1595 [2+] 1099 [3+] 229 [4+] 138 [5+] 17
Hits/KSLOC@level+ = [0+] 21.1301 [1+] 14.0603 [2+] 9.68794 [3+] 2.01869 [4+] 1.2165 [5+] 0.149859
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.