Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/openvpn-2.5.0/tests/unit_tests/openvpn/test_tls_crypt.c
Examining data/openvpn-2.5.0/tests/unit_tests/openvpn/test_ncp.c
Examining data/openvpn-2.5.0/tests/unit_tests/openvpn/test_packet_id.c
Examining data/openvpn-2.5.0/tests/unit_tests/openvpn/test_auth_token.c
Examining data/openvpn-2.5.0/tests/unit_tests/openvpn/test_networking.c
Examining data/openvpn-2.5.0/tests/unit_tests/openvpn/test_crypto.c
Examining data/openvpn-2.5.0/tests/unit_tests/openvpn/mock_msg.c
Examining data/openvpn-2.5.0/tests/unit_tests/openvpn/mock_get_random.c
Examining data/openvpn-2.5.0/tests/unit_tests/openvpn/test_argv.c
Examining data/openvpn-2.5.0/tests/unit_tests/openvpn/test_buffer.c
Examining data/openvpn-2.5.0/tests/unit_tests/openvpn/mock_msg.h
Examining data/openvpn-2.5.0/tests/unit_tests/engine-key/libtestengine.c
Examining data/openvpn-2.5.0/tests/unit_tests/example_test/test.c
Examining data/openvpn-2.5.0/tests/unit_tests/example_test/test2.c
Examining data/openvpn-2.5.0/tests/unit_tests/plugins/auth-pam/test_search_and_replace.c
Examining data/openvpn-2.5.0/config-msvc.h
Examining data/openvpn-2.5.0/include/openvpn-msg.h
Examining data/openvpn-2.5.0/include/openvpn-plugin.h
Examining data/openvpn-2.5.0/sample/sample-plugins/defer/simple.c
Examining data/openvpn-2.5.0/sample/sample-plugins/log/log.c
Examining data/openvpn-2.5.0/sample/sample-plugins/log/log_v3.c
Examining data/openvpn-2.5.0/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
Examining data/openvpn-2.5.0/sample/sample-plugins/client-connect/sample-client-connect.c
Examining data/openvpn-2.5.0/sample/sample-plugins/simple/base64.c
Examining data/openvpn-2.5.0/sample/sample-plugins/simple/simple.c
Examining data/openvpn-2.5.0/src/openvpnserv/service.h
Examining data/openvpn-2.5.0/src/openvpnserv/validate.h
Examining data/openvpn-2.5.0/src/openvpnserv/interactive.c
Examining data/openvpn-2.5.0/src/openvpnserv/automatic.c
Examining data/openvpn-2.5.0/src/openvpnserv/validate.c
Examining data/openvpn-2.5.0/src/openvpnserv/common.c
Examining data/openvpn-2.5.0/src/openvpnserv/service.c
Examining data/openvpn-2.5.0/src/openvpn/ssl_verify_openssl.h
Examining data/openvpn-2.5.0/src/openvpn/mstats.h
Examining data/openvpn-2.5.0/src/openvpn/socket.c
Examining data/openvpn-2.5.0/src/openvpn/crypto.c
Examining data/openvpn-2.5.0/src/openvpn/comp-lz4.c
Examining data/openvpn-2.5.0/src/openvpn/dhcp.h
Examining data/openvpn-2.5.0/src/openvpn/run_command.h
Examining data/openvpn-2.5.0/src/openvpn/sig.c
Examining data/openvpn-2.5.0/src/openvpn/mbuf.c
Examining data/openvpn-2.5.0/src/openvpn/mtcp.c
Examining data/openvpn-2.5.0/src/openvpn/pkcs11_openssl.c
Examining data/openvpn-2.5.0/src/openvpn/shaper.h
Examining data/openvpn-2.5.0/src/openvpn/error.h
Examining data/openvpn-2.5.0/src/openvpn/console_systemd.c
Examining data/openvpn-2.5.0/src/openvpn/memdbg.h
Examining data/openvpn-2.5.0/src/openvpn/socket.h
Examining data/openvpn-2.5.0/src/openvpn/mss.c
Examining data/openvpn-2.5.0/src/openvpn/mtu.c
Examining data/openvpn-2.5.0/src/openvpn/mudp.h
Examining data/openvpn-2.5.0/src/openvpn/sig.h
Examining data/openvpn-2.5.0/src/openvpn/options.h
Examining data/openvpn-2.5.0/src/openvpn/tls_crypt.c
Examining data/openvpn-2.5.0/src/openvpn/buffer.h
Examining data/openvpn-2.5.0/src/openvpn/ring_buffer.h
Examining data/openvpn-2.5.0/src/openvpn/otime.c
Examining data/openvpn-2.5.0/src/openvpn/event.h
Examining data/openvpn-2.5.0/src/openvpn/perf.c
Examining data/openvpn-2.5.0/src/openvpn/list.h
Examining data/openvpn-2.5.0/src/openvpn/ps.c
Examining data/openvpn-2.5.0/src/openvpn/basic.h
Examining data/openvpn-2.5.0/src/openvpn/lladdr.c
Examining data/openvpn-2.5.0/src/openvpn/vlan.c
Examining data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c
Examining data/openvpn-2.5.0/src/openvpn/ssl_common.h
Examining data/openvpn-2.5.0/src/openvpn/tun.h
Examining data/openvpn-2.5.0/src/openvpn/socks.c
Examining data/openvpn-2.5.0/src/openvpn/cryptoapi.h
Examining data/openvpn-2.5.0/src/openvpn/packet_id.h
Examining data/openvpn-2.5.0/src/openvpn/ssl_verify.h
Examining data/openvpn-2.5.0/src/openvpn/perf.h
Examining data/openvpn-2.5.0/src/openvpn/ssl_verify_mbedtls.c
Examining data/openvpn-2.5.0/src/openvpn/win32.c
Examining data/openvpn-2.5.0/src/openvpn/pkcs11_backend.h
Examining data/openvpn-2.5.0/src/openvpn/win32.h
Examining data/openvpn-2.5.0/src/openvpn/ssl_verify_openssl.c
Examining data/openvpn-2.5.0/src/openvpn/pf.c
Examining data/openvpn-2.5.0/src/openvpn/proxy.h
Examining data/openvpn-2.5.0/src/openvpn/env_set.c
Examining data/openvpn-2.5.0/src/openvpn/ssl_ncp.h
Examining data/openvpn-2.5.0/src/openvpn/route.h
Examining data/openvpn-2.5.0/src/openvpn/multi.h
Examining data/openvpn-2.5.0/src/openvpn/networking_sitnl.c
Examining data/openvpn-2.5.0/src/openvpn/compstub.c
Examining data/openvpn-2.5.0/src/openvpn/proto.h
Examining data/openvpn-2.5.0/src/openvpn/buffer.c
Examining data/openvpn-2.5.0/src/openvpn/pool.h
Examining data/openvpn-2.5.0/src/openvpn/fdmisc.c
Examining data/openvpn-2.5.0/src/openvpn/ssl.h
Examining data/openvpn-2.5.0/src/openvpn/tls_crypt.h
Examining data/openvpn-2.5.0/src/openvpn/ping.c
Examining data/openvpn-2.5.0/src/openvpn/mudp.c
Examining data/openvpn-2.5.0/src/openvpn/lzo.h
Examining data/openvpn-2.5.0/src/openvpn/schedule.c
Examining data/openvpn-2.5.0/src/openvpn/ssl.c
Examining data/openvpn-2.5.0/src/openvpn/ssl_openssl.h
Examining data/openvpn-2.5.0/src/openvpn/status.c
Examining data/openvpn-2.5.0/src/openvpn/occ.h
Examining data/openvpn-2.5.0/src/openvpn/schedule.h
Examining data/openvpn-2.5.0/src/openvpn/proxy.c
Examining data/openvpn-2.5.0/src/openvpn/console.c
Examining data/openvpn-2.5.0/src/openvpn/pkcs11_mbedtls.c
Examining data/openvpn-2.5.0/src/openvpn/comp.c
Examining data/openvpn-2.5.0/src/openvpn/list.c
Examining data/openvpn-2.5.0/src/openvpn/base64.h
Examining data/openvpn-2.5.0/src/openvpn/fdmisc.h
Examining data/openvpn-2.5.0/src/openvpn/platform.h
Examining data/openvpn-2.5.0/src/openvpn/mtu.h
Examining data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.h
Examining data/openvpn-2.5.0/src/openvpn/manage.h
Examining data/openvpn-2.5.0/src/openvpn/gremlin.h
Examining data/openvpn-2.5.0/src/openvpn/push.c
Examining data/openvpn-2.5.0/src/openvpn/vlan.h
Examining data/openvpn-2.5.0/src/openvpn/block_dns.c
Examining data/openvpn-2.5.0/src/openvpn/session_id.c
Examining data/openvpn-2.5.0/src/openvpn/pkcs11.h
Examining data/openvpn-2.5.0/src/openvpn/openvpn.c
Examining data/openvpn-2.5.0/src/openvpn/auth_token.h
Examining data/openvpn-2.5.0/src/openvpn/auth_token.c
Examining data/openvpn-2.5.0/src/openvpn/ssl_ncp.c
Examining data/openvpn-2.5.0/src/openvpn/crypto.h
Examining data/openvpn-2.5.0/src/openvpn/base64.c
Examining data/openvpn-2.5.0/src/openvpn/route.c
Examining data/openvpn-2.5.0/src/openvpn/plugin.c
Examining data/openvpn-2.5.0/src/openvpn/multi.c
Examining data/openvpn-2.5.0/src/openvpn/socks.h
Examining data/openvpn-2.5.0/src/openvpn/crypto_backend.h
Examining data/openvpn-2.5.0/src/openvpn/console_builtin.c
Examining data/openvpn-2.5.0/src/openvpn/event.c
Examining data/openvpn-2.5.0/src/openvpn/gremlin.c
Examining data/openvpn-2.5.0/src/openvpn/misc.c
Examining data/openvpn-2.5.0/src/openvpn/openvpn.h
Examining data/openvpn-2.5.0/src/openvpn/clinat.c
Examining data/openvpn-2.5.0/src/openvpn/argv.c
Examining data/openvpn-2.5.0/src/openvpn/openssl_compat.h
Examining data/openvpn-2.5.0/src/openvpn/forward.h
Examining data/openvpn-2.5.0/src/openvpn/session_id.h
Examining data/openvpn-2.5.0/src/openvpn/pushlist.h
Examining data/openvpn-2.5.0/src/openvpn/reliable.h
Examining data/openvpn-2.5.0/src/openvpn/pool.c
Examining data/openvpn-2.5.0/src/openvpn/init.c
Examining data/openvpn-2.5.0/src/openvpn/reliable.c
Examining data/openvpn-2.5.0/src/openvpn/console.h
Examining data/openvpn-2.5.0/src/openvpn/circ_list.h
Examining data/openvpn-2.5.0/src/openvpn/misc.h
Examining data/openvpn-2.5.0/src/openvpn/syshead.h
Examining data/openvpn-2.5.0/src/openvpn/proto.c
Examining data/openvpn-2.5.0/src/openvpn/argv.h
Examining data/openvpn-2.5.0/src/openvpn/integer.h
Examining data/openvpn-2.5.0/src/openvpn/error.c
Examining data/openvpn-2.5.0/src/openvpn/mtcp.h
Examining data/openvpn-2.5.0/src/openvpn/interval.h
Examining data/openvpn-2.5.0/src/openvpn/ntlm.h
Examining data/openvpn-2.5.0/src/openvpn/crypto_mbedtls.c
Examining data/openvpn-2.5.0/src/openvpn/ping.h
Examining data/openvpn-2.5.0/src/openvpn/run_command.c
Examining data/openvpn-2.5.0/src/openvpn/push.h
Examining data/openvpn-2.5.0/src/openvpn/ssl_backend.h
Examining data/openvpn-2.5.0/src/openvpn/helper.h
Examining data/openvpn-2.5.0/src/openvpn/env_set.h
Examining data/openvpn-2.5.0/src/openvpn/crypto_openssl.c
Examining data/openvpn-2.5.0/src/openvpn/comp.h
Examining data/openvpn-2.5.0/src/openvpn/crypto_mbedtls.h
Examining data/openvpn-2.5.0/src/openvpn/ssl_openssl.c
Examining data/openvpn-2.5.0/src/openvpn/status.h
Examining data/openvpn-2.5.0/src/openvpn/httpdigest.c
Examining data/openvpn-2.5.0/src/openvpn/pf.h
Examining data/openvpn-2.5.0/src/openvpn/httpdigest.h
Examining data/openvpn-2.5.0/src/openvpn/dhcp.c
Examining data/openvpn-2.5.0/src/openvpn/tun.c
Examining data/openvpn-2.5.0/src/openvpn/ssl_verify.c
Examining data/openvpn-2.5.0/src/openvpn/ssl_verify_mbedtls.h
Examining data/openvpn-2.5.0/src/openvpn/mstats.c
Examining data/openvpn-2.5.0/src/openvpn/networking_iproute2.c
Examining data/openvpn-2.5.0/src/openvpn/pkcs11.c
Examining data/openvpn-2.5.0/src/openvpn/platform.c
Examining data/openvpn-2.5.0/src/openvpn/occ.c
Examining data/openvpn-2.5.0/src/openvpn/lladdr.h
Examining data/openvpn-2.5.0/src/openvpn/networking.h
Examining data/openvpn-2.5.0/src/openvpn/otime.h
Examining data/openvpn-2.5.0/src/openvpn/fragment.c
Examining data/openvpn-2.5.0/src/openvpn/mroute.c
Examining data/openvpn-2.5.0/src/openvpn/manage.c
Examining data/openvpn-2.5.0/src/openvpn/networking_iproute2.h
Examining data/openvpn-2.5.0/src/openvpn/shaper.c
Examining data/openvpn-2.5.0/src/openvpn/crypto_openssl.h
Examining data/openvpn-2.5.0/src/openvpn/interval.c
Examining data/openvpn-2.5.0/src/openvpn/common.h
Examining data/openvpn-2.5.0/src/openvpn/mroute.h
Examining data/openvpn-2.5.0/src/openvpn/packet_id.c
Examining data/openvpn-2.5.0/src/openvpn/block_dns.h
Examining data/openvpn-2.5.0/src/openvpn/fragment.h
Examining data/openvpn-2.5.0/src/openvpn/init.h
Examining data/openvpn-2.5.0/src/openvpn/plugin.h
Examining data/openvpn-2.5.0/src/openvpn/forward.c
Examining data/openvpn-2.5.0/src/openvpn/cryptoapi.c
Examining data/openvpn-2.5.0/src/openvpn/networking_sitnl.h
Examining data/openvpn-2.5.0/src/openvpn/errlevel.h
Examining data/openvpn-2.5.0/src/openvpn/helper.c
Examining data/openvpn-2.5.0/src/openvpn/mbuf.h
Examining data/openvpn-2.5.0/src/openvpn/comp-lz4.h
Examining data/openvpn-2.5.0/src/openvpn/mss.h
Examining data/openvpn-2.5.0/src/openvpn/lzo.c
Examining data/openvpn-2.5.0/src/openvpn/ssl_verify_backend.h
Examining data/openvpn-2.5.0/src/openvpn/ntlm.c
Examining data/openvpn-2.5.0/src/openvpn/ps.h
Examining data/openvpn-2.5.0/src/openvpn/clinat.h
Examining data/openvpn-2.5.0/src/openvpn/options.c
Examining data/openvpn-2.5.0/src/openvpnmsica/msica_arg.h
Examining data/openvpn-2.5.0/src/openvpnmsica/openvpnmsica.h
Examining data/openvpn-2.5.0/src/openvpnmsica/msiex.c
Examining data/openvpn-2.5.0/src/openvpnmsica/openvpnmsica.c
Examining data/openvpn-2.5.0/src/openvpnmsica/msica_arg.c
Examining data/openvpn-2.5.0/src/openvpnmsica/dllmain.c
Examining data/openvpn-2.5.0/src/openvpnmsica/msiex.h
Examining data/openvpn-2.5.0/src/compat/compat-inet_pton.c
Examining data/openvpn-2.5.0/src/compat/compat-versionhelpers.h
Examining data/openvpn-2.5.0/src/compat/compat-inet_ntop.c
Examining data/openvpn-2.5.0/src/compat/compat-dirname.c
Examining data/openvpn-2.5.0/src/compat/compat-basename.c
Examining data/openvpn-2.5.0/src/compat/compat-strsep.c
Examining data/openvpn-2.5.0/src/compat/compat-lz4.c
Examining data/openvpn-2.5.0/src/compat/compat.h
Examining data/openvpn-2.5.0/src/compat/compat-daemon.c
Examining data/openvpn-2.5.0/src/compat/compat-gettimeofday.c
Examining data/openvpn-2.5.0/src/compat/compat-lz4.h
Examining data/openvpn-2.5.0/src/tapctl/error.h
Examining data/openvpn-2.5.0/src/tapctl/basic.h
Examining data/openvpn-2.5.0/src/tapctl/tap.c
Examining data/openvpn-2.5.0/src/tapctl/tap.h
Examining data/openvpn-2.5.0/src/tapctl/main.c
Examining data/openvpn-2.5.0/src/tapctl/error.c
Examining data/openvpn-2.5.0/src/plugins/down-root/down-root.c
Examining data/openvpn-2.5.0/src/plugins/auth-pam/pamdl.h
Examining data/openvpn-2.5.0/src/plugins/auth-pam/utils.c
Examining data/openvpn-2.5.0/src/plugins/auth-pam/pamdl.c
Examining data/openvpn-2.5.0/src/plugins/auth-pam/utils.h
Examining data/openvpn-2.5.0/src/plugins/auth-pam/auth-pam.c

FINAL RESULTS:

data/openvpn-2.5.0/src/openvpn/win32.c:157:10:  [5] (misc) SetSecurityDescriptorDacl:
  Never create NULL ACLs; an attacker can set it to Everyone (Deny All
  Access), which would even forbid administrator access (CWE-732).
    if (!SetSecurityDescriptorDacl(&obj->sd, TRUE, NULL, FALSE))
data/openvpn-2.5.0/src/openvpn/win32.c:157:10:  [5] (misc) SetSecurityDescriptorDacl:
  Never create NULL ACLs; an attacker can set it to Everyone (Deny All
  Access), which would even forbid administrator access (CWE-732).
    if (!SetSecurityDescriptorDacl(&obj->sd, TRUE, NULL, FALSE))
data/openvpn-2.5.0/src/openvpnserv/automatic.c:77:10:  [5] (misc) SetSecurityDescriptorDacl:
  Never create NULL ACLs; an attacker can set it to Everyone (Deny All
  Access), which would even forbid administrator access (CWE-732).
    if (!SetSecurityDescriptorDacl(&obj->sd, TRUE, NULL, FALSE))
data/openvpn-2.5.0/src/openvpnserv/automatic.c:77:10:  [5] (misc) SetSecurityDescriptorDacl:
  Never create NULL ACLs; an attacker can set it to Everyone (Deny All
  Access), which would even forbid administrator access (CWE-732).
    if (!SetSecurityDescriptorDacl(&obj->sd, TRUE, NULL, FALSE))
data/openvpn-2.5.0/config-msvc.h:134:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/openvpn-2.5.0/config-msvc.h:134:18:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/openvpn-2.5.0/sample/sample-plugins/defer/simple.c:205:13:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            system(buf);
data/openvpn-2.5.0/sample/sample-plugins/defer/simple.c:235:17:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
                system(buf);
data/openvpn-2.5.0/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c:157:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(sess->user, sizeof(sess->user) - 1, (char *)buf);
data/openvpn-2.5.0/src/compat/compat-lz4.c:241:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                    fprintf(stderr, __FILE__ ": ");           \
data/openvpn-2.5.0/src/compat/compat-lz4.c:242:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                    fprintf(stderr, __VA_ARGS__);             \
data/openvpn-2.5.0/src/openvpn/argv.c:380:15:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    int len = vsnprintf(NULL, 0, f, tmplist);
data/openvpn-2.5.0/src/openvpn/argv.c:393:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    len = vsnprintf(buf, size, f, arglist);
data/openvpn-2.5.0/src/openvpn/buffer.c:258:20:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            stat = vsnprintf((char *)ptr, cap, format, arglist);
data/openvpn-2.5.0/src/openvpn/buffer.c:306:15:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        len = vsnprintf(str, size, format, arglist);
data/openvpn-2.5.0/src/openvpn/buffer.c:328:15:  [4] (format) vswprintf:
  Potential format string problem (CWE-134). Make format string constant.
        len = vswprintf(str, size, format, arglist);
data/openvpn-2.5.0/src/openvpn/console_builtin.c:242:20:  [4] (misc) getpass:
  This function is obsolete and not portable. It was in SUSv2 but removed by
  POSIX.2. What it does exactly varies considerably between systems,
  particularly in where its prompt is displayed and where it gets its data
  (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
  overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
  exactly what you want. If you continue to use it, or write your own, be
  sure to zero the password as soon as possible to avoid leaving the
  cleartext password visible in the process' address space.
        char *gp = getpass(prompt);
data/openvpn-2.5.0/src/openvpn/env_set.c:312:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tmpname, name);
data/openvpn-2.5.0/src/openvpn/error.c:265:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(m1, ERR_BUF_SIZE, format, arglist);
data/openvpn-2.5.0/src/openvpn/error.c:455:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(stderr, PACKAGE_NAME ": Out of Memory\n");
data/openvpn-2.5.0/src/openvpn/mstats.c:104:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(mmap_fn, fn);
data/openvpn-2.5.0/src/openvpn/networking_iproute2.c:363:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(best_iface, name);
data/openvpn-2.5.0/src/openvpn/ntlm.c:279:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(userdomain, username);
data/openvpn-2.5.0/src/openvpn/ntlm.c:283:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(userdomain, domain);
data/openvpn-2.5.0/src/openvpn/options.c:4323:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(fp, usage_message,
data/openvpn-2.5.0/src/openvpn/pkcs11.c:180:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(Buffer, sizeof(Buffer), szFormat, args);
data/openvpn-2.5.0/src/openvpn/platform.c:252:12:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    return access(path, mode);
data/openvpn-2.5.0/src/openvpn/proxy.c:774:26:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
                nparms = sscanf(buf, get, buf2);
data/openvpn-2.5.0/src/openvpn/push.c:677:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    len = vsnprintf(tmp, sizeof(tmp), format, arglist);
data/openvpn-2.5.0/src/openvpn/reliable.c:772:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(" next_try=%" PRIi64, (int64_t)e->next_try);
data/openvpn-2.5.0/src/openvpn/status.c:235:16:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        stat = vsnprintf(buf, STATUS_PRINTF_MAXLEN, format, arglist);
data/openvpn-2.5.0/src/openvpn/tun.c:3308:17:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
            if (access( tunname, F_OK ) < 0 && errno == ENOENT)
data/openvpn-2.5.0/src/openvpn/tun.c:3339:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access( tunname, F_OK ) < 0 && errno == ENOENT)
data/openvpn-2.5.0/src/openvpn/win32.c:1007:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(p, e->string);
data/openvpn-2.5.0/src/openvpn/win32.c:1020:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy( p, force_path );
data/openvpn-2.5.0/src/openvpn/win32.c:1065:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(work, arg);
data/openvpn-2.5.0/src/openvpnmsica/dllmain.c:126:26:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        int iResultLen = vsnprintf(szBufStack, _countof(szBufStack), format, arglist);
data/openvpn-2.5.0/src/openvpnmsica/dllmain.c:138:17:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                vsnprintf(szMessage, iResultLen, format, arglist);
data/openvpn-2.5.0/src/openvpnmsica/msica_arg.c:120:5:  [4] (buffer) _tcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
    _tcscpy(str, TEXT("x"));
data/openvpn-2.5.0/src/openvpnmsica/msica_arg.c:130:9:  [4] (buffer) _tcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
        _tcscpy(s, p->val);
data/openvpn-2.5.0/src/openvpnserv/automatic.c:140:9:  [4] (buffer) _tcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
        _tcscpy(dest, src);
data/openvpn-2.5.0/src/openvpnserv/automatic.c:157:13:  [4] (buffer) _tcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
            _tcscat(dest, TEXT("."));
data/openvpn-2.5.0/src/openvpnserv/automatic.c:158:13:  [4] (buffer) _tcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
            _tcscat(dest, newext);
data/openvpn-2.5.0/src/openvpnserv/common.c:40:15:  [4] (format) _vsntprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        len = _vsntprintf(str, size, format, arglist);
data/openvpn-2.5.0/src/openvpnserv/common.c:68:15:  [4] (format) vswprintf:
  Potential format string problem (CWE-134). Make format string constant.
        len = vswprintf(str, size, format, arglist);
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1049:5:  [4] (format) swprintf:
  Potential format string problem (CWE-134). Make format string constant.
    swprintf(argv0, _countof(argv0), L"%s\\%s", get_win_sys_path(), L"netsh.exe");
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1096:5:  [4] (format) swprintf:
  Potential format string problem (CWE-134). Make format string constant.
    swprintf(argv0, _countof(argv0), L"%s\\%s", get_win_sys_path(), L"wbem\\wmic.exe");
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1303:5:  [4] (format) swprintf:
  Potential format string problem (CWE-134). Make format string constant.
    swprintf(argv0, _countof(argv0), L"%s\\%s", get_win_sys_path(), L"netsh.exe");
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1689:10:  [4] (access) ImpersonateNamedPipeClient:
  If this call fails, the program could fail to drop heightened privileges
  (CWE-250). Make sure the return value is checked, and do not continue if a
  failure is reported.
    if (!ImpersonateNamedPipeClient(pipe))
data/openvpn-2.5.0/src/openvpnserv/service.c:71:5:  [4] (buffer) _tcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
    _tcscat(path, TEXT("\""));
data/openvpn-2.5.0/src/plugins/auth-pam/auth-pam.c:336:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(up->password, tmp); /* tmp is guaranteed to fit in up->password */
data/openvpn-2.5.0/src/plugins/auth-pam/utils.c:83:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(temp,replacewith);
data/openvpn-2.5.0/src/tapctl/main.c:129:5:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    _ftprintf(stderr,
data/openvpn-2.5.0/src/tapctl/main.c:161:13:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            _ftprintf(stderr, usage_message_create, title_string);
data/openvpn-2.5.0/src/tapctl/main.c:165:13:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            _ftprintf(stderr, usage_message_list, title_string);
data/openvpn-2.5.0/src/tapctl/main.c:169:13:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            _ftprintf(stderr, usage_message_delete, title_string);
data/openvpn-2.5.0/src/tapctl/main.c:173:13:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            _ftprintf(stderr, TEXT("Unknown command \"%s\". Please, use \"tapctl help\" to list supported commands.\n"), argv[2]);
data/openvpn-2.5.0/src/tapctl/main.c:197:17:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                _ftprintf(stderr, TEXT("Unknown option \"%s\". Please, use \"tapctl help create\" to list supported options. Ignored.\n"), argv[i]);
data/openvpn-2.5.0/src/tapctl/main.c:212:13:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            _ftprintf(stderr, TEXT("Creating TUN/TAP adapter failed (error 0x%x).\n"), dwResult);
data/openvpn-2.5.0/src/tapctl/main.c:223:17:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                _ftprintf(stderr, TEXT("Enumerating adapters failed (error 0x%x).\n"), dwResult);
data/openvpn-2.5.0/src/tapctl/main.c:233:21:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                    _ftprintf(stderr, TEXT("Adapter \"%s\" already exists (GUID %") TEXT(PRIsLPOLESTR) TEXT(").\n"), pAdapter->szName, szAdapterId);
data/openvpn-2.5.0/src/tapctl/main.c:244:17:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                _ftprintf(stderr, TEXT("Renaming TUN/TAP adapter %") TEXT(PRIsLPOLESTR) TEXT(" to \"%s\" failed (error 0x%x).\n"), szAdapterId, szName, dwResult);
data/openvpn-2.5.0/src/tapctl/main.c:261:9:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        _ftprintf(stdout, TEXT("%") TEXT(PRIsLPOLESTR) TEXT("\n"), szAdapterId);
data/openvpn-2.5.0/src/tapctl/main.c:291:17:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                _ftprintf(stderr, TEXT("Unknown option \"%s\". Please, use \"tapctl help list\" to list supported options. Ignored.\n"), argv[i]);
data/openvpn-2.5.0/src/tapctl/main.c:300:13:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            _ftprintf(stderr, TEXT("Enumerating TUN/TAP adapters failed (error 0x%x).\n"), dwResult);
data/openvpn-2.5.0/src/tapctl/main.c:308:13:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            _ftprintf(stdout, TEXT("%") TEXT(PRIsLPOLESTR) TEXT("\t%") TEXT(PRIsLPTSTR) TEXT("\n"), szAdapterId, pAdapter->szName);
data/openvpn-2.5.0/src/tapctl/main.c:319:13:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            _ftprintf(stderr, TEXT("Missing adapter GUID or name. Please, use \"tapctl help delete\" for usage info.\n"));
data/openvpn-2.5.0/src/tapctl/main.c:331:17:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                _ftprintf(stderr, TEXT("Enumerating TUN/TAP adapters failed (error 0x%x).\n"), dwResult);
data/openvpn-2.5.0/src/tapctl/main.c:339:21:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                    _ftprintf(stderr, TEXT("\"%s\" adapter not found.\n"), argv[2]);
data/openvpn-2.5.0/src/tapctl/main.c:366:13:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            _ftprintf(stderr, TEXT("Deleting adapter \"%s\" failed (error 0x%x).\n"), argv[2], dwResult);
data/openvpn-2.5.0/src/tapctl/main.c:374:9:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        _ftprintf(stderr, TEXT("Unknown command \"%s\". Please, use \"tapctl help\" to list supported commands.\n"), argv[1]);
data/openvpn-2.5.0/src/tapctl/main.c:381:9:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        _ftprintf(stderr, TEXT("A system reboot is required.\n"));
data/openvpn-2.5.0/src/tapctl/main.c:401:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, format, arglist);
data/openvpn-2.5.0/src/tapctl/main.c:402:5:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    _ftprintf(stderr, TEXT("\n"));
data/openvpn-2.5.0/src/tapctl/main.c:436:13:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            _ftprintf(stderr, TEXT("Error 0x%x: %s\n"), dwResult, szErrMessage);
data/openvpn-2.5.0/src/tapctl/main.c:442:13:  [4] (format) _ftprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            _ftprintf(stderr, TEXT("Error 0x%x\n"), dwResult);
data/openvpn-2.5.0/tests/unit_tests/openvpn/mock_msg.c:59:5:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vprintf(format, arglist);
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_auth_token.c:137:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ctx->up.password, ctx->multi.auth_token);
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_auth_token.c:148:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ctx->up.password, ctx->multi.auth_token);
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_auth_token.c:176:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ctx->up.password, ctx->multi.auth_token);
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_auth_token.c:217:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(ctx->up.password, ctx->multi.auth_token);
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_auth_token.c:255:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ctx->up.password, ctx->multi.auth_token);
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_auth_token.c:279:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ctx->up.password, ctx->multi.auth_token);
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_auth_token.c:313:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ctx->up.password, now0key0);
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_auth_token.c:353:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ctx->up.password, ctx->multi.auth_token);
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_auth_token.c:365:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ctx->up.password, now0key0);
data/openvpn-2.5.0/src/openvpn/init.c:800:9:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        srandom(seed);
data/openvpn-2.5.0/src/openvpn/list.c:444:72:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
                            ASSERT(hash_add(nhash, w->word, (void *) ((random() & 0x0F) + 1), false));
data/openvpn-2.5.0/src/openvpn/options.c:894:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    o->tmp_dir = getenv("TMPDIR");
data/openvpn-2.5.0/src/openvpn/options.c:3318:38:  [3] (misc) chroot:
  chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
  Make sure the program immediately chdir("/"), closes file descriptors, and
  drops root privileges, and that all necessary files (and no more!) are in
  the new root.
check_file_access_chroot(const char *chroot, const int type, const char *file, const int mode, const char *opt)
data/openvpn-2.5.0/src/openvpn/options.c:3329:9:  [3] (misc) chroot:
  chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
  Make sure the program immediately chdir("/"), closes file descriptors, and
  drops root privileges, and that all necessary files (and no more!) are in
  the new root.
    if (chroot)
data/openvpn-2.5.0/src/openvpn/options.c:3336:22:  [3] (misc) chroot:
  chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
  Make sure the program immediately chdir("/"), closes file descriptors, and
  drops root privileges, and that all necessary files (and no more!) are in
  the new root.
        len = strlen(chroot) + strlen(PATH_SEPARATOR_STR) + strlen(file) + 1;
data/openvpn-2.5.0/src/openvpn/options.c:3338:44:  [3] (misc) chroot:
  chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
  Make sure the program immediately chdir("/"), closes file descriptors, and
  drops root privileges, and that all necessary files (and no more!) are in
  the new root.
        buf_printf(&chroot_file, "%s%s%s", chroot, PATH_SEPARATOR_STR, file);
data/openvpn-2.5.0/src/openvpn/options.c:3357:61:  [3] (misc) chroot:
  chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
  Make sure the program immediately chdir("/"), closes file descriptors, and
  drops root privileges, and that all necessary files (and no more!) are in
  the new root.
check_file_access_chroot_inline(bool is_inline, const char *chroot,
data/openvpn-2.5.0/src/openvpn/options.c:3366:37:  [3] (misc) chroot:
  chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
  Make sure the program immediately chdir("/"), closes file descriptors, and
  drops root privileges, and that all necessary files (and no more!) are in
  the new root.
    return check_file_access_chroot(chroot, type, file, mode, opt);
data/openvpn-2.5.0/src/openvpn/options.c:3402:68:  [3] (misc) chroot:
  chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
  Make sure the program immediately chdir("/"), closes file descriptors, and
  drops root privileges, and that all necessary files (and no more!) are in
  the new root.
check_cmd_access(const char *command, const char *opt, const char *chroot)
data/openvpn-2.5.0/src/openvpn/options.c:3424:48:  [3] (misc) chroot:
  chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
  Make sure the program immediately chdir("/"), closes file descriptors, and
  drops root privileges, and that all necessary files (and no more!) are in
  the new root.
        return_code = check_file_access_chroot(chroot, CHKACC_FILE, argv.argv[0], X_OK, opt);
data/openvpn-2.5.0/src/openvpn/platform.c:51:13:  [3] (misc) chroot:
  chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
  Make sure the program immediately chdir("/"), closes file descriptors, and
  drops root privileges, and that all necessary files (and no more!) are in
  the new root.
        if (chroot(path))
data/openvpn-2.5.0/src/openvpn/schedule.c:77:14:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    e->pri = random();
data/openvpn-2.5.0/src/openvpn/schedule.c:538:19:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    tv->tv_sec += random() % 100;
data/openvpn-2.5.0/src/openvpn/schedule.c:539:19:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    tv->tv_usec = random() % 100;
data/openvpn-2.5.0/src/openvpn/syshead.h:44:9:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define random rand
data/openvpn-2.5.0/src/openvpn/syshead.h:45:9:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define srandom srand
data/openvpn-2.5.0/src/openvpn/syshead.h:45:17:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define srandom srand
data/openvpn-2.5.0/include/openvpn-msg.h:59:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[256];
data/openvpn-2.5.0/include/openvpn-msg.h:83:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char domains[512];
data/openvpn-2.5.0/include/openvpn-msg.h:94:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char scope_id[256];
data/openvpn-2.5.0/sample/sample-plugins/client-connect/sample-client-connect.c:112:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(str);
data/openvpn-2.5.0/sample/sample-plugins/client-connect/sample-client-connect.c:216:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fp = fopen(name,"w");
data/openvpn-2.5.0/sample/sample-plugins/client-connect/sample-client-connect.c:262:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(ccd_file, O_WRONLY);
data/openvpn-2.5.0/sample/sample-plugins/client-connect/sample-client-connect.c:329:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(ccd_file, O_WRONLY);
data/openvpn-2.5.0/sample/sample-plugins/client-connect/sample-client-connect.c:376:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return cc_handle_deferred_v1(atoi(p), argv[1], envp);
data/openvpn-2.5.0/sample/sample-plugins/client-connect/sample-client-connect.c:424:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        pcc->sleep_until = time(NULL) + atoi(want_async);
data/openvpn-2.5.0/sample/sample-plugins/defer/simple.c:125:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(str);
data/openvpn-2.5.0/sample/sample-plugins/defer/simple.c:195:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[256];
data/openvpn-2.5.0/sample/sample-plugins/defer/simple.c:231:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buf[256];
data/openvpn-2.5.0/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c:56:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char user[48];
data/openvpn-2.5.0/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c:57:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key [48];
data/openvpn-2.5.0/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c:191:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!(f = fopen(file, "w+")))
data/openvpn-2.5.0/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c:206:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char file[MAXPATH];
data/openvpn-2.5.0/sample/sample-plugins/simple/base64.c:178:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf2[256] = {0};
data/openvpn-2.5.0/src/compat/compat-daemon.c:86:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((fd = open("/dev/null", O_RDWR, 0)) != -1)
data/openvpn-2.5.0/src/compat/compat-inet_pton.c:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char src_copy[INET6_ADDRSTRLEN+1];
data/openvpn-2.5.0/src/compat/compat-lz4.c:335:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/openvpn-2.5.0/src/compat/compat-lz4.c:340:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/openvpn-2.5.0/src/compat/compat-lz4.c:375:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    do { memcpy(d,s,8); d+=8; s+=8; } while (d<e);
data/openvpn-2.5.0/src/compat/compat-lz4.c:406:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dstPtr+4, srcPtr, 4);
data/openvpn-2.5.0/src/compat/compat-lz4.c:410:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dstPtr, srcPtr, 8);
data/openvpn-2.5.0/src/compat/compat-lz4.c:428:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    do { memcpy(d,s,16); memcpy(d+16,s+16,16); d+=32; s+=32; } while (d<e);
data/openvpn-2.5.0/src/compat/compat-lz4.c:428:26:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    do { memcpy(d,s,16); memcpy(d+16,s+16,16); d+=32; s+=32; } while (d<e);
data/openvpn-2.5.0/src/compat/compat-lz4.c:447:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(v, srcPtr, 2);
data/openvpn-2.5.0/src/compat/compat-lz4.c:448:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&v[2], srcPtr, 2);
data/openvpn-2.5.0/src/compat/compat-lz4.c:449:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&v[4], &v[0], 4);
data/openvpn-2.5.0/src/compat/compat-lz4.c:452:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(v, srcPtr, 4);
data/openvpn-2.5.0/src/compat/compat-lz4.c:453:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&v[4], srcPtr, 4);
data/openvpn-2.5.0/src/compat/compat-lz4.c:460:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dstPtr, v, 8);
data/openvpn-2.5.0/src/compat/compat-lz4.c:463:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dstPtr, v, 8);
data/openvpn-2.5.0/src/compat/compat-lz4.c:1175:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(op, anchor, lastRun);
data/openvpn-2.5.0/src/compat/compat-lz4.c:1551:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(streamPtr, streamPtr->dictCtx, sizeof(LZ4_stream_t));
data/openvpn-2.5.0/src/compat/compat-lz4.c:1759:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(op, ip, 16);
data/openvpn-2.5.0/src/compat/compat-lz4.c:1763:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(op, ip, 8);
data/openvpn-2.5.0/src/compat/compat-lz4.c:1764:39:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    if (length > 8) { memcpy(op+8, ip+8, 8); }
data/openvpn-2.5.0/src/compat/compat-lz4.c:1800:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(op, match, 8);
data/openvpn-2.5.0/src/compat/compat-lz4.c:1801:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(op+8, match+8, 8);
data/openvpn-2.5.0/src/compat/compat-lz4.c:1802:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(op+16, match+16, 2);
data/openvpn-2.5.0/src/compat/compat-lz4.c:1825:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(op, dictEnd - copySize, copySize);
data/openvpn-2.5.0/src/compat/compat-lz4.c:1832:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(op, lowPrefix, restSize);
data/openvpn-2.5.0/src/compat/compat-lz4.c:1873:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(op, ip, endOnInput ? 16 : 8);
data/openvpn-2.5.0/src/compat/compat-lz4.c:1888:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(op + 0, match + 0, 8);
data/openvpn-2.5.0/src/compat/compat-lz4.c:1889:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(op + 8, match + 8, 8);
data/openvpn-2.5.0/src/compat/compat-lz4.c:1890:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(op +16, match +16, 2);
data/openvpn-2.5.0/src/compat/compat-lz4.c:2003:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(op, dictEnd - copySize, copySize);
data/openvpn-2.5.0/src/compat/compat-lz4.c:2010:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(op, lowPrefix, restSize);
data/openvpn-2.5.0/src/compat/compat-lz4.c:2029:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(op, match, mlen);
data/openvpn-2.5.0/src/compat/compat-lz4.c:2043:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(op+4, match, 4);
data/openvpn-2.5.0/src/compat/compat-lz4.c:2046:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(op, match, 8);
data/openvpn-2.5.0/src/compat/compat-lz4.c:2061:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(op, match, 8);
data/openvpn-2.5.0/src/openvpn/argv.c:489:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *parms[MAX_PARMS + 1] = { 0 };
data/openvpn-2.5.0/src/openvpn/auth_token.c:123:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char session_id[AUTH_TOKEN_SESSION_ID_LEN*2] = {0};
data/openvpn-2.5.0/src/openvpn/auth_token.c:124:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(session_id, session_id_source + strlen(SESSION_ID_PREFIX),
data/openvpn-2.5.0/src/openvpn/auth_token.c:192:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char old_tstamp_decode[9];
data/openvpn-2.5.0/src/openvpn/buffer.c:130:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(BPTR(&ret), BPTR(buf), BLEN(buf));
data/openvpn-2.5.0/src/openvpn/buffer.c:718:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ret, str, n);
data/openvpn-2.5.0/src/openvpn/buffer.c:1158:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/openvpn-2.5.0/src/openvpn/buffer.c:1275:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(e->buf.data, data, size);
data/openvpn-2.5.0/src/openvpn/buffer.h:696:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cp, src, size);
data/openvpn-2.5.0/src/openvpn/buffer.h:708:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cp, src, size);
data/openvpn-2.5.0/src/openvpn/buffer.h:765:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest->data + dest->offset + dest_index, src->data + src->offset + src_index, src_len);
data/openvpn-2.5.0/src/openvpn/buffer.h:807:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest, cp, size);
data/openvpn-2.5.0/src/openvpn/console_builtin.c:157:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ret = fopen("/dev/tty", write ? "w" : "r");
data/openvpn-2.5.0/src/openvpn/console_builtin.c:212:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        int fd = open( "/dev/tty", O_RDWR );
data/openvpn-2.5.0/src/openvpn/crypto.c:399:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(iv, BPTR(buf), packet_iv_len);
data/openvpn-2.5.0/src/openvpn/crypto.c:400:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(iv + packet_iv_len, ctx->implicit_iv, ctx->implicit_iv_len);
data/openvpn-2.5.0/src/openvpn/crypto.c:553:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(iv_buf, BPTR(buf), iv_size);
data/openvpn-2.5.0/src/openvpn/crypto.c:874:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char log_prefix[128] = { 0 };
data/openvpn-2.5.0/src/openvpn/crypto.c:1116:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(co->key_ctx_bi.decrypt.implicit_iv,
data/openvpn-2.5.0/src/openvpn/crypto.c:1141:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf_p, BPTR(&src), BLEN(&src));
data/openvpn-2.5.0/src/openvpn/crypto.c:1758:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(output, nonce_data, blen);
data/openvpn-2.5.0/src/openvpn/crypto_backend.h:201:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH],
data/openvpn-2.5.0/src/openvpn/crypto_backend.h:202:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            unsigned char src[DES_KEY_LENGTH],
data/openvpn-2.5.0/src/openvpn/crypto_backend.h:203:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            unsigned char dst[DES_KEY_LENGTH]);
data/openvpn-2.5.0/src/openvpn/crypto_mbedtls.c:98:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char errstr[256];
data/openvpn-2.5.0/src/openvpn/crypto_mbedtls.c:115:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prefix[256];
data/openvpn-2.5.0/src/openvpn/crypto_mbedtls.c:223:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char header[1000+1] = { 0 };
data/openvpn-2.5.0/src/openvpn/crypto_mbedtls.c:224:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char footer[1000+1] = { 0 };
data/openvpn-2.5.0/src/openvpn/crypto_mbedtls.c:262:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char header[1000+1] = { 0 };
data/openvpn-2.5.0/src/openvpn/crypto_mbedtls.c:263:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char footer[1000+1] = { 0 };
data/openvpn-2.5.0/src/openvpn/crypto_mbedtls.c:769:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH],
data/openvpn-2.5.0/src/openvpn/crypto_openssl.c:173:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fp = fopen("sdlog", "w");
data/openvpn-2.5.0/src/openvpn/crypto_openssl.c:455:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst_data, data_read, data_read_len);
data/openvpn-2.5.0/src/openvpn/crypto_openssl.c:664:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(mode_str, "-CBC");
data/openvpn-2.5.0/src/openvpn/crypto_openssl.c:869:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH],
data/openvpn-2.5.0/src/openvpn/crypto_openssl.c:1068:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char password[64];
data/openvpn-2.5.0/src/openvpn/cryptoapi.c:748:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[255];
data/openvpn-2.5.0/src/openvpn/dhcp.c:107:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(&ret, p+i+2, 4);
data/openvpn-2.5.0/src/openvpn/env_set.c:263:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[64];
data/openvpn-2.5.0/src/openvpn/env_set.c:271:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[64];
data/openvpn-2.5.0/src/openvpn/env_set.c:279:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[64];
data/openvpn-2.5.0/src/openvpn/error.c:176:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    msgfp = fopen(OPENVPN_DEBUG_FILE, "w");
data/openvpn-2.5.0/src/openvpn/error.c:597:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        int out = open(file,
data/openvpn-2.5.0/src/openvpn/error.c:982:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char message[256];
data/openvpn-2.5.0/src/openvpn/forward.c:1447:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ethhdr.source, orig_ethhdr->dest, OPENVPN_ETH_ALEN);
data/openvpn-2.5.0/src/openvpn/forward.c:1448:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ethhdr.dest, orig_ethhdr->source, OPENVPN_ETH_ALEN);
data/openvpn-2.5.0/src/openvpn/httpdigest.h:27:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char HASH[HASHLEN];
data/openvpn-2.5.0/src/openvpn/httpdigest.h:29:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char HASHHEX[HASHHEXLEN+1];
data/openvpn-2.5.0/src/openvpn/init.c:723:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(up.username, "Please insert your cryptographic token"); /* put the high-level message in up.username */
data/openvpn-2.5.0/src/openvpn/init.c:952:56:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        buffer_list_push(bl, (unsigned char *)text[i]);
data/openvpn-2.5.0/src/openvpn/list.c:399:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[256];
data/openvpn-2.5.0/src/openvpn/list.c:400:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char wordbuf[256];
data/openvpn-2.5.0/src/openvpn/manage.c:477:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char in[32];
data/openvpn-2.5.0/src/openvpn/manage.c:478:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char out[32];
data/openvpn-2.5.0/src/openvpn/manage.c:494:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char in[32];
data/openvpn-2.5.0/src/openvpn/manage.c:495:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char out[32];
data/openvpn-2.5.0/src/openvpn/manage.c:513:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char p1[128];
data/openvpn-2.5.0/src/openvpn/manage.c:514:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char p2[128];
data/openvpn-2.5.0/src/openvpn/manage.c:528:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                const int port = atoi(p2);
data/openvpn-2.5.0/src/openvpn/manage.c:607:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    else if (streq(parm, "all") || (n = atoi(parm)) > 0)
data/openvpn-2.5.0/src/openvpn/manage.c:1307:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        man->connection.client_version = atoi(version);
data/openvpn-2.5.0/src/openvpn/manage.c:1350:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            level = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/manage.c:1383:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            version = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/manage.c:1398:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int level = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/manage.c:1417:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int level = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/manage.c:1551:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            man_bytecount(man, atoi(p[1]));
data/openvpn-2.5.0/src/openvpn/manage.c:1621:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            man_pkcs11_id_get(man, atoi(p[1]));
data/openvpn-2.5.0/src/openvpn/manage.c:1645:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int n = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/manage.c:2038:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *parms[MAX_PARMS+1];
data/openvpn-2.5.0/src/openvpn/manage.c:2110:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char control[CMSG_SPACE(sizeof(int))];
data/openvpn-2.5.0/src/openvpn/manage.c:2143:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char control[CMSG_SPACE(sizeof(int))];
data/openvpn-2.5.0/src/openvpn/manage.c:2210:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(up.username,"tunmethod");
data/openvpn-2.5.0/src/openvpn/manage.c:2243:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[256];
data/openvpn-2.5.0/src/openvpn/manage.c:2913:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[256];
data/openvpn-2.5.0/src/openvpn/manage.c:3720:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(result, buf->data, BLEN(buf));
data/openvpn-2.5.0/src/openvpn/manage.c:3749:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(result, buf->data, BLEN(buf));
data/openvpn-2.5.0/src/openvpn/misc.c:62:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open("/dev/null", O_RDWR, 0)) != -1)
data/openvpn-2.5.0/src/openvpn/misc.c:208:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                strcpy(up->password, "ok");
data/openvpn-2.5.0/src/openvpn/misc.c:230:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char password_buf[USER_PASS_LEN] = { '\0' };
data/openvpn-2.5.0/src/openvpn/misc.c:566:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[OPTION_LINE_SIZE];
data/openvpn-2.5.0/src/openvpn/misc.c:747:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[256];
data/openvpn-2.5.0/src/openvpn/misc.h:75:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char username[USER_PASS_LEN];
data/openvpn-2.5.0/src/openvpn/misc.h:76:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char password[USER_PASS_LEN];
data/openvpn-2.5.0/src/openvpn/mroute.c:257:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(maddr->ether.addr, ether_addr, OPENVPN_ETH_ALEN);
data/openvpn-2.5.0/src/openvpn/mstats.c:47:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char mmap_fn[128];
data/openvpn-2.5.0/src/openvpn/mstats.c:69:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(fn, O_CREAT | O_TRUNC | O_RDWR, S_IRUSR | S_IWUSR);
data/openvpn-2.5.0/src/openvpn/mudp.c:180:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[16];
data/openvpn-2.5.0/src/openvpn/mudp.c:184:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(buf, "SR/");
data/openvpn-2.5.0/src/openvpn/mudp.c:188:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(buf, "SW/");
data/openvpn-2.5.0/src/openvpn/mudp.c:192:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(buf, "TR/");
data/openvpn-2.5.0/src/openvpn/mudp.c:196:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(buf, "TW/");
data/openvpn-2.5.0/src/openvpn/mudp.c:201:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(buf, "FC/");
data/openvpn-2.5.0/src/openvpn/multi.c:901:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char flags[2] = {0, 0};
data/openvpn-2.5.0/src/openvpn/multi.c:986:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char flags[2] = {0, 0};
data/openvpn-2.5.0/src/openvpn/multi.c:1969:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fp = fopen(ccs->deferred_ret_file, "r");
data/openvpn-2.5.0/src/openvpn/multi.c:2717:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[INOTIFY_EVENT_BUFFER_SIZE];
data/openvpn-2.5.0/src/openvpn/multi.h:114:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg_prefix[MULTI_PREFIX_MAX_LENGTH];
data/openvpn-2.5.0/src/openvpn/networking_iproute2.c:329:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fp = fopen("/proc/net/route", "r");
data/openvpn-2.5.0/src/openvpn/networking_iproute2.c:335:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[256];
data/openvpn-2.5.0/src/openvpn/networking_iproute2.c:347:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char name[16];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:72:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:81:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:90:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:130:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(RTA_DATA(rta), data, alen);
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:226:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024 * 16];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:427:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char iface[IFNAMSIZ];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:461:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&res->gw, RTA_DATA(rta), res->addr_size);
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:537:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(best_gw, &res.gw, res.addr_size);
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:550:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[INET6_ADDRSTRLEN];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:602:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[INET_ADDRSTRLEN];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:978:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[INET_ADDRSTRLEN];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:998:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[INET6_ADDRSTRLEN];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:1018:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[INET_ADDRSTRLEN];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:1038:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[INET6_ADDRSTRLEN];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:1059:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf1[INET_ADDRSTRLEN];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:1060:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf2[INET_ADDRSTRLEN];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:1086:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[INET6_ADDRSTRLEN];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:1142:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dst_str[INET_ADDRSTRLEN];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:1143:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gw_str[INET_ADDRSTRLEN];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:1173:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dst_str[INET6_ADDRSTRLEN];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:1174:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gw_str[INET6_ADDRSTRLEN];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:1229:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dst_str[INET_ADDRSTRLEN];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:1230:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gw_str[INET_ADDRSTRLEN];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:1258:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dst_str[INET6_ADDRSTRLEN];
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:1259:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gw_str[INET6_ADDRSTRLEN];
data/openvpn-2.5.0/src/openvpn/ntlm.c:81:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(result, md, MD4_DIGEST_LENGTH);
data/openvpn-2.5.0/src/openvpn/ntlm.c:170:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&msg_buf[*msg_bufpos], data, msg_buf[sb_offset]);
data/openvpn-2.5.0/src/openvpn/ntlm.c:201:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pwbuf[sizeof(p->up.password) * 2]; /* for unicode password */
data/openvpn-2.5.0/src/openvpn/ntlm.c:210:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char userdomain_u[256];     /* for uppercase unicode username and domain */
data/openvpn-2.5.0/src/openvpn/ntlm.c:211:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char userdomain[128];       /* the same as previous but ascii */
data/openvpn-2.5.0/src/openvpn/ntlm.c:219:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char domain[128];
data/openvpn-2.5.0/src/openvpn/ntlm.c:220:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char username[128];
data/openvpn-2.5.0/src/openvpn/ntlm.c:337:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&ntlmv2_blob[0x1c], tib_ptr, tib_len);
data/openvpn-2.5.0/src/openvpn/ntlm.c:352:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&ntlmv2_response[8], challenge, 8);
data/openvpn-2.5.0/src/openvpn/ntlm.c:361:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ntlmv2_response, ntlmv2_hmacmd5, MD5_DIGEST_LENGTH);
data/openvpn-2.5.0/src/openvpn/ntlm.c:365:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char key1[DES_KEY_LENGTH], key2[DES_KEY_LENGTH];
data/openvpn-2.5.0/src/openvpn/ntlm.c:366:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char key3[DES_KEY_LENGTH];
data/openvpn-2.5.0/src/openvpn/ntlm.c:382:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy((char *)phase3, "NTLMSSP\0");      /* signature */
data/openvpn-2.5.0/src/openvpn/options.c:1051:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ret, addr, len);
data/openvpn-2.5.0/src/openvpn/options.c:1093:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bs[3];
data/openvpn-2.5.0/src/openvpn/options.c:4123:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(ret, start, val_len);
data/openvpn-2.5.0/src/openvpn/options.c:4427:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int i = atoi(str);
data/openvpn-2.5.0/src/openvpn/options.c:4470:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char parm[OPTION_PARM_SIZE];
data/openvpn-2.5.0/src/openvpn/options.c:4551:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(p[ret], parm, parm_len);
data/openvpn-2.5.0/src/openvpn/options.c:4666:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[OPTION_LINE_SIZE];
data/openvpn-2.5.0/src/openvpn/options.c:4776:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[OPTION_LINE_SIZE+1];
data/openvpn-2.5.0/src/openvpn/options.c:4777:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p[MAX_PARMS+1];
data/openvpn-2.5.0/src/openvpn/options.c:4847:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[OPTION_LINE_SIZE];
data/openvpn-2.5.0/src/openvpn/options.c:4855:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *p[MAX_PARMS+1];
data/openvpn-2.5.0/src/openvpn/options.c:4892:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *p[MAX_PARMS];
data/openvpn-2.5.0/src/openvpn/options.c:4904:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char *p[MAX_PARMS];
data/openvpn-2.5.0/src/openvpn/options.c:4987:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[OPTION_PARM_SIZE];
data/openvpn-2.5.0/src/openvpn/options.c:4994:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *p[MAX_PARMS+1];
data/openvpn-2.5.0/src/openvpn/options.c:5168:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char script_name[100];
data/openvpn-2.5.0/src/openvpn/options.c:5461:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        cache = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/options.c:6046:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        version = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/options.c:6116:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        options->nice = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/options.c:6132:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        options->mark = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/options.c:6174:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        shaper = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/options.c:6399:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        options->keepalive_ping = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/options.c:6400:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        options->keepalive_timeout = atoi(p[2]);
data/openvpn-2.5.0/src/openvpn/options.c:6744:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        script_security_set(atoi(p[1]));
data/openvpn-2.5.0/src/openvpn/options.c:6944:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        real = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/options.c:6945:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        virtual = atoi(p[2]);
data/openvpn-2.5.0/src/openvpn/options.c:6959:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        cf_max = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/options.c:6960:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        cf_per = atoi(p[2]);
data/openvpn-2.5.0/src/openvpn/options.c:6974:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        max_clients = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/options.c:6990:50:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        options->max_routes_per_client = max_int(atoi(p[1]), 1);
data/openvpn-2.5.0/src/openvpn/options.c:7143:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        n_bcast_buf = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/options.c:7155:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        tcp_queue_limit = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/options.c:7306:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ageing_time = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/options.c:7309:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            check_interval = atoi(p[2]);
data/openvpn-2.5.0/src/openvpn/options.c:7338:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        options->push_continuation = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/options.c:7362:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if (atoi(p[2]))
data/openvpn-2.5.0/src/openvpn/options.c:7450:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    int offset = atoi(p[2]);
data/openvpn-2.5.0/src/openvpn/options.c:7466:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    lease_time = atoi(p[3]);
data/openvpn-2.5.0/src/openvpn/options.c:7499:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            t = atoi(p[2]);
data/openvpn-2.5.0/src/openvpn/options.c:7586:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        s = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/options.c:7669:50:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            options->exit_event_initial_state = (atoi(p[2]) != 0);
data/openvpn-2.5.0/src/openvpn/options.c:8017:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int sl = atoi(p[2]);
data/openvpn-2.5.0/src/openvpn/options.c:8042:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            replay_window = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/options.c:8057:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                replay_time = atoi(p[2]);
data/openvpn-2.5.0/src/openvpn/options.c:8110:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        keysize = atoi(p[1]) / 8;
data/openvpn-2.5.0/src/openvpn/options.c:8597:55:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        bool cert_private = (p[2] == NULL ? false : ( atoi(p[2]) != 0 ));
data/openvpn-2.5.0/src/openvpn/options.c:8649:61:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            options->pkcs11_protected_authentication[j-1] = atoi(p[j]) != 0 ? 1 : 0;
data/openvpn-2.5.0/src/openvpn/options.c:8671:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            options->pkcs11_cert_private[j-1] = atoi(p[j]) != 0 ? 1 : 0;
data/openvpn-2.5.0/src/openvpn/options.c:8677:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        options->pkcs11_pin_cache_period = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/options.c:8706:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        options->peer_id = atoi(p[1]);
data/openvpn-2.5.0/src/openvpn/options.h:182:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char host[RH_HOST_LEN];
data/openvpn-2.5.0/src/openvpn/options.h:184:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char port[RH_PORT_LEN];
data/openvpn-2.5.0/src/openvpn/options.h:561:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *pkcs11_providers[MAX_PARMS];
data/openvpn-2.5.0/src/openvpn/packet_id.c:659:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[80];
data/openvpn-2.5.0/src/openvpn/pf.c:192:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[PF_MAX_LINE_LEN];
data/openvpn-2.5.0/src/openvpn/pkcs11.c:176:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char Buffer[10*1024];
data/openvpn-2.5.0/src/openvpn/pkcs11.c:242:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prompt[1024];
data/openvpn-2.5.0/src/openvpn/pkcs11.c:914:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char serial[1024] = {0};
data/openvpn-2.5.0/src/openvpn/platform.c:310:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return fopen(path, mode);
data/openvpn-2.5.0/src/openvpn/platform.c:323:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return open(path, flags, mode);
data/openvpn-2.5.0/src/openvpn/platform.c:347:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[256] = { 0 };
data/openvpn-2.5.0/src/openvpn/platform.c:422:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char dirsep[2];
data/openvpn-2.5.0/src/openvpn/plugin.c:263:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char full[PATH_MAX];
data/openvpn-2.5.0/src/openvpn/pool.c:774:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[256];
data/openvpn-2.5.0/src/openvpn/pool.c:813:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[256];
data/openvpn-2.5.0/src/openvpn/proxy.c:300:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/openvpn-2.5.0/src/openvpn/proxy.c:323:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/openvpn-2.5.0/src/openvpn/proxy.c:464:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char k[64];
data/openvpn-2.5.0/src/openvpn/proxy.c:465:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char v[256];
data/openvpn-2.5.0/src/openvpn/proxy.c:569:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[512];
data/openvpn-2.5.0/src/openvpn/proxy.c:643:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[512];
data/openvpn-2.5.0/src/openvpn/proxy.c:644:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf2[129];
data/openvpn-2.5.0/src/openvpn/proxy.c:645:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char get[80];
data/openvpn-2.5.0/src/openvpn/proxy.c:876:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char uri[128];
data/openvpn-2.5.0/src/openvpn/ps.c:84:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char foo[16];
data/openvpn-2.5.0/src/openvpn/ps.c:235:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(CMSG_DATA(h), &sd_send, sizeof(sd_send));
data/openvpn-2.5.0/src/openvpn/ps.c:240:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(CMSG_DATA(h), &sd_null[0], sizeof(sd_null[0]));
data/openvpn-2.5.0/src/openvpn/ps.c:531:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(CMSG_DATA(h), &socket_undefined, sizeof(socket_undefined));
data/openvpn-2.5.0/src/openvpn/push.c:674:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[256] = {0};
data/openvpn-2.5.0/src/openvpn/push.c:777:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[OPTION_PARM_SIZE];
data/openvpn-2.5.0/src/openvpn/push.c:892:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char *p[MAX_PARMS];
data/openvpn-2.5.0/src/openvpn/route.c:410:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        r->metric = atoi(ro->metric);
data/openvpn-2.5.0/src/openvpn/route.c:466:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        r6->metric = atoi(r6o->metric);
data/openvpn-2.5.0/src/openvpn/route.c:1629:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char out[128];
data/openvpn-2.5.0/src/openvpn/route.c:1980:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char out[64];
data/openvpn-2.5.0/src/openvpn/route.c:2766:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(rgi->hwaddr, ai->Address, 6);
data/openvpn-2.5.0/src/openvpn/route.c:3202:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(rgi->iface, "android-gw");
data/openvpn-2.5.0/src/openvpn/route.c:3223:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(rgi6->iface, "android-gw");
data/openvpn-2.5.0/src/openvpn/route.c:3233:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char best_name[IFNAMSIZ];
data/openvpn-2.5.0/src/openvpn/route.c:3343:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(rgi->hwaddr, &ifreq.ifr_hwaddr.sa_data, 6);
data/openvpn-2.5.0/src/openvpn/route.c:3367:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char attrbuf[512];
data/openvpn-2.5.0/src/openvpn/route.c:3416:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char m_space[512];
data/openvpn-2.5.0/src/openvpn/route.c:3574:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(rgi->iface, adl->sdl_data, adl->sdl_nlen);
data/openvpn-2.5.0/src/openvpn/route.c:3654:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(rgi->hwaddr, LLADDR(sdl), 6);
data/openvpn-2.5.0/src/openvpn/route.c:3822:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(rgi6->iface, adl->sdl_data, adl->sdl_nlen);
data/openvpn-2.5.0/src/openvpn/route.h:159:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char iface[16]; /* interface name (null terminated), may be empty */
data/openvpn-2.5.0/src/openvpn/route.h:191:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char iface[IFNAMSIZ]; /* interface name (null terminated), may be empty */
data/openvpn-2.5.0/src/openvpn/run_command.h:60:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[256];
data/openvpn-2.5.0/src/openvpn/socket.c:2847:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hostaddr[NI_MAXHOST] = "";
data/openvpn-2.5.0/src/openvpn/socket.c:2848:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char servname[NI_MAXSERV] = "";
data/openvpn-2.5.0/src/openvpn/socket.c:2938:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ifname[IF_NAMESIZE] = "[undef]";
data/openvpn-2.5.0/src/openvpn/socket.c:2969:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char buf[INET6_ADDRSTRLEN] = "[undef]";
data/openvpn-2.5.0/src/openvpn/socket.c:3024:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp_out_buf[64];       /* inet_ntop wants pointer to buffer */
data/openvpn-2.5.0/src/openvpn/socket.c:3068:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name_buf[256];
data/openvpn-2.5.0/src/openvpn/socket.c:3070:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/openvpn-2.5.0/src/openvpn/socks.c:101:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char to_send[516];
data/openvpn-2.5.0/src/openvpn/socks.c:102:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[2];
data/openvpn-2.5.0/src/openvpn/socks.c:196:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[2];
data/openvpn-2.5.0/src/openvpn/socks.c:202:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char method_sel[3] = { 0x05, 0x01, 0x00 };
data/openvpn-2.5.0/src/openvpn/socks.c:315:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[270];		/* 4 + alen(max 256) + 2 */
data/openvpn-2.5.0/src/openvpn/socks.c:434:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    port = atoi(servname);
data/openvpn-2.5.0/src/openvpn/socks.c:457:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[270];
data/openvpn-2.5.0/src/openvpn/socks.c:475:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf + 5, host, len);
data/openvpn-2.5.0/src/openvpn/socks.h:40:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char server[128];
data/openvpn-2.5.0/src/openvpn/socks.h:42:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char authfile[256];
data/openvpn-2.5.0/src/openvpn/ssl.c:1397:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(buf1, b, e1);
data/openvpn-2.5.0/src/openvpn/ssl.c:1398:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(buf2, b + e1, e2);
data/openvpn-2.5.0/src/openvpn/ssl.c:1399:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(b, buf2, e2);
data/openvpn-2.5.0/src/openvpn/ssl.c:1400:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(b + e2, buf1, e1);
data/openvpn-2.5.0/src/openvpn/ssl.c:1659:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(out,A1,olen);
data/openvpn-2.5.0/src/openvpn/ssl.c:1866:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ctx->implicit_iv, key, impl_iv_len);
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:200:59:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms,
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:201:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                           const unsigned char *kb, size_t maclen,
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:203:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                           const unsigned char client_random[32],
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:204:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                           const unsigned char server_random[32],
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:209:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char client_server_random[64];
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:214:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(client_server_random, client_random, 32);
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:215:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(client_server_random + 32, server_random, 32);
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:507:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char passbuf[512] = {0};
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:521:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char passbuf[512] = {0};
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:637:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( p, oid, oid_size );
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:649:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p, hash, hashlen);
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:858:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(out + read_len, cur_entry->data + in->data_start,
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:875:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(out + read_len, in->first_block->data + in->data_start,
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:904:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_block->data, in, len);
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:949:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char old_sha256_hash[32] = {0};
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:950:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sha256_hash[32] = {0};
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:1437:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s1[256];
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:1438:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s2[256];
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:1522:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char mbedtls_version[30];
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:1524:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( mbedtls_version, "mbed TLS %d.%d.%d",
data/openvpn-2.5.0/src/openvpn/ssl_openssl.c:427:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&openssl_ciphers[openssl_ciphers_len], current_cipher, current_cipher_len);
data/openvpn-2.5.0/src/openvpn/ssl_openssl.c:464:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char openssl_ciphers[4096];
data/openvpn-2.5.0/src/openvpn/ssl_openssl.c:520:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char openssl_ciphers[4096];
data/openvpn-2.5.0/src/openvpn/ssl_openssl.c:772:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char password[256];
data/openvpn-2.5.0/src/openvpn/ssl_openssl.c:1753:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char fn[256];
data/openvpn-2.5.0/src/openvpn/ssl_openssl.c:1755:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        biofp = fopen(fn, "w");
data/openvpn-2.5.0/src/openvpn/ssl_openssl.c:2055:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s1[256];
data/openvpn-2.5.0/src/openvpn/ssl_openssl.c:2056:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s2[256];
data/openvpn-2.5.0/src/openvpn/ssl_verify.c:423:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char envname[64];
data/openvpn-2.5.0/src/openvpn/ssl_verify.c:523:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    peercert_file = fopen(peercert_filename, "w+");
data/openvpn-2.5.0/src/openvpn/ssl_verify.c:606:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fn[256];
data/openvpn-2.5.0/src/openvpn/ssl_verify.c:648:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char common_name[TLS_USERNAME_LEN+1] = {0}; /* null-terminated */
data/openvpn-2.5.0/src/openvpn/ssl_verify.c:886:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            FILE *fp = fopen(ks->auth_control_file, "r");
data/openvpn-2.5.0/src/openvpn/ssl_verify.h:55:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sha256_hash[256/8];
data/openvpn-2.5.0/src/openvpn/ssl_verify_mbedtls.c:69:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char errstr[512] = { 0 };
data/openvpn-2.5.0/src/openvpn/ssl_verify_mbedtls.c:145:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( cn, name->val.p, name->val.len );
data/openvpn-2.5.0/src/openvpn/ssl_verify_mbedtls.c:150:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( cn, name->val.p, cn_len);
data/openvpn-2.5.0/src/openvpn/ssl_verify_mbedtls.c:234:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp_subject[MAX_SUBJECT_LENGTH] = {0};
data/openvpn-2.5.0/src/openvpn/ssl_verify_mbedtls.c:287:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(val, orig->p, orig->len);
data/openvpn-2.5.0/src/openvpn/ssl_verify_mbedtls.c:373:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[128] = { 0 };
data/openvpn-2.5.0/src/openvpn/ssl_verify_mbedtls.c:379:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char name_expand[64+8];
data/openvpn-2.5.0/src/openvpn/ssl_verify_mbedtls.c:504:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char oid_num_str[1024];
data/openvpn-2.5.0/src/openvpn/ssl_verify_openssl.c:356:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(subject, subject_mem->data, subject_mem->length);
data/openvpn-2.5.0/src/openvpn/ssl_verify_openssl.c:725:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szOid[1024];
data/openvpn-2.5.0/src/openvpn/status.c:230:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[STATUS_PRINTF_MAXLEN+2]; /* leave extra bytes for CR, LF */
data/openvpn-2.5.0/src/openvpn/tls_crypt.c:533:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char metadata_type_str[4] = { 0 }; /* Max value: 255 */
data/openvpn-2.5.0/src/openvpn/tun.c:1037:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char out6[64];
data/openvpn-2.5.0/src/openvpn/tun.c:1258:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char out[64];
data/openvpn-2.5.0/src/openvpn/tun.c:1727:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tunname[256];
data/openvpn-2.5.0/src/openvpn/tun.c:1728:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dynamic_name[256];
data/openvpn-2.5.0/src/openvpn/tun.c:1759:31:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                if ((tt->fd = open( "/dev/tap", O_RDWR)) < 0)
data/openvpn-2.5.0/src/openvpn/tun.c:1784:35:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                    if ((tt->fd = open(tunname, O_RDWR)) > 0)
data/openvpn-2.5.0/src/openvpn/tun.c:1814:27:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if ((tt->fd = open(tunname, O_RDWR)) < 0)
data/openvpn-2.5.0/src/openvpn/tun.c:1970:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((tt->fd = open(node, O_RDWR)) < 0)
data/openvpn-2.5.0/src/openvpn/tun.c:2280:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((tt->ip_fd = open(ip_node, O_RDWR, 0)) < 0)
data/openvpn-2.5.0/src/openvpn/tun.c:2285:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((tt->fd = open(dev_node, O_RDWR, 0)) < 0)
data/openvpn-2.5.0/src/openvpn/tun.c:2298:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ppa = atoi(ptr);
data/openvpn-2.5.0/src/openvpn/tun.c:2339:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((if_fd = open(dev_node, O_RDWR, 0)) < 0)
data/openvpn-2.5.0/src/openvpn/tun.c:2401:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((arp_fd = open(arp_node, O_RDWR, 0)) < 0)
data/openvpn-2.5.0/src/openvpn/tun.c:3100:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char utunname[20];
data/openvpn-2.5.0/src/openvpn/tun.c:3129:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char ifname[20];
data/openvpn-2.5.0/src/openvpn/tun.c:3282:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tunname[256];
data/openvpn-2.5.0/src/openvpn/tun.c:3283:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dynamic_name[20];
data/openvpn-2.5.0/src/openvpn/tun.c:3359:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((tt->fd = open(tunname, O_RDWR)) < 0)
data/openvpn-2.5.0/src/openvpn/tun.c:3667:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char net_cfg_instance_id[256];
data/openvpn-2.5.0/src/openvpn/tun.c:3668:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char device_instance_id[256];
data/openvpn-2.5.0/src/openvpn/tun.c:3786:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char enum_name[256];
data/openvpn-2.5.0/src/openvpn/tun.c:3787:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char unit_string[256];
data/openvpn-2.5.0/src/openvpn/tun.c:3790:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char component_id[256];
data/openvpn-2.5.0/src/openvpn/tun.c:3792:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char net_cfg_instance_id[256];
data/openvpn-2.5.0/src/openvpn/tun.c:3923:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char enum_name[256];
data/openvpn-2.5.0/src/openvpn/tun.c:3924:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char connection_string[256];
data/openvpn-2.5.0/src/openvpn/tun.c:4834:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t wbuf[256];
data/openvpn-2.5.0/src/openvpn/tun.c:5031:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char actual_buffer[256];
data/openvpn-2.5.0/src/openvpn/tun.c:5032:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char device_path[256];
data/openvpn-2.5.0/src/openvpn/tun.c:5806:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char         tmp_buf[256];
data/openvpn-2.5.0/src/openvpn/tun.c:6462:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tuntap_device_path[256];
data/openvpn-2.5.0/src/openvpn/tun.c:6526:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char actual_buffer[256];
data/openvpn-2.5.0/src/openvpn/tun.h:118:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *domain_search_list[N_SEARCH_LIST_LEN];
data/openvpn-2.5.0/src/openvpn/tun.h:642:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(packet->data, BPTR(buf), BLEN(buf));
data/openvpn-2.5.0/src/openvpn/win32.c:975:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char force_path[256];
data/openvpn-2.5.0/src/openvpn/win32.c:1159:13:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    int n = MultiByteToWideChar(CP_UTF8, 0, utf8, -1, NULL, 0);
data/openvpn-2.5.0/src/openvpn/win32.c:1161:5:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    MultiByteToWideChar(CP_UTF8, 0, utf8, -1, ucs16, n);
data/openvpn-2.5.0/src/openvpn/win32.c:1173:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char self_exe[256];
data/openvpn-2.5.0/src/openvpn/win32.c:1226:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/openvpn-2.5.0/src/openvpn/win32.c:1243:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char tmpdir[MAX_PATH];
data/openvpn-2.5.0/src/openvpn/win32.h:72:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char old_window_title[256];
data/openvpn-2.5.0/src/openvpnmsica/dllmain.c:125:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBufStack[128];
data/openvpn-2.5.0/src/openvpnmsica/msica_arg.c:67:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p->val, argument, argument_size);
data/openvpn-2.5.0/src/openvpnmsica/msica_arg.c:88:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p->val, argument, argument_size);
data/openvpn-2.5.0/src/openvpnmsica/msiex.c:51:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR szBufStack[128];
data/openvpn-2.5.0/src/openvpnmsica/msiex.c:64:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(*pszValue, szBufStack, dwLength * sizeof(TCHAR));
data/openvpn-2.5.0/src/openvpnmsica/msiex.c:109:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR szBufStack[128];
data/openvpn-2.5.0/src/openvpnmsica/msiex.c:122:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(*pszValue, szBufStack, dwLength * sizeof(TCHAR));
data/openvpn-2.5.0/src/openvpnmsica/msiex.c:167:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR szBufStack[128];
data/openvpn-2.5.0/src/openvpnmsica/msiex.c:180:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(*pszValue, szBufStack, dwLength * sizeof(TCHAR));
data/openvpn-2.5.0/src/openvpnmsica/openvpnmsica.c:106:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR szTitle[0x100], szMessage[0x100+MAX_PATH], szProcessPath[MAX_PATH];
data/openvpn-2.5.0/src/openvpnmsica/openvpnmsica.c:191:17:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                TCHAR szPID[10 /*MAXDWORD in decimal*/ + 1 /*terminator*/];
data/openvpn-2.5.0/src/openvpnmsica/openvpnmsica.c:343:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(szAdaptersTail, szAdapterId, 38 * sizeof(TCHAR));
data/openvpn-2.5.0/src/openvpnmsica/openvpnmsica.c:351:17:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
            if (MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, p->AdapterName, -1, szId, _countof(szId)) > 0
data/openvpn-2.5.0/src/openvpnmsica/openvpnmsica.c:362:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(szAdaptersActiveTail, szAdapterId, 38 * sizeof(TCHAR));
data/openvpn-2.5.0/src/openvpnmsica/openvpnmsica.c:487:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR szStackBuf[MAX_PATH];
data/openvpn-2.5.0/src/openvpnmsica/openvpnmsica.c:584:13:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            TCHAR szArgument[10 /*create=""|deleteN=""*/ + MAX_PATH /*szDisplayName*/ + 1 /*|*/ + MAX_PATH /*szHardwareId*/ + 1 /*terminator*/];
data/openvpn-2.5.0/src/openvpnmsica/openvpnmsica.c:685:13:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            TCHAR szArgument[8 /*disable=|enable=|delete=*/ + 38 /*{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}*/ + 1 /*terminator*/];
data/openvpn-2.5.0/src/openvpnmsica/openvpnmsica.c:860:9:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        TCHAR szzHardwareIDs[0x100] = { 0 };
data/openvpn-2.5.0/src/openvpnserv/automatic.c:203:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR event_name[256];
data/openvpn-2.5.0/src/openvpnserv/automatic.c:272:9:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        TCHAR find_string[MAX_PATH];
data/openvpn-2.5.0/src/openvpnserv/automatic.c:292:13:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            TCHAR log_file[MAX_PATH];
data/openvpn-2.5.0/src/openvpnserv/automatic.c:293:13:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            TCHAR log_path[MAX_PATH];
data/openvpn-2.5.0/src/openvpnserv/automatic.c:294:13:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            TCHAR command_line[256];
data/openvpn-2.5.0/src/openvpnserv/common.c:28:8:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static wchar_t win_sys_path[MAX_PATH];
data/openvpn-2.5.0/src/openvpnserv/common.c:103:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR reg_path[256];
data/openvpn-2.5.0/src/openvpnserv/common.c:104:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR priority[64];
data/openvpn-2.5.0/src/openvpnserv/common.c:105:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR append[2];
data/openvpn-2.5.0/src/openvpnserv/common.c:108:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR install_path[MAX_PATH];
data/openvpn-2.5.0/src/openvpnserv/common.c:109:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR default_value[MAX_PATH];
data/openvpn-2.5.0/src/openvpnserv/common.c:231:12:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static TCHAR buf[256];
data/openvpn-2.5.0/src/openvpnserv/common.c:261:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR msg[2][256];
data/openvpn-2.5.0/src/openvpnserv/common.c:297:13:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    int n = MultiByteToWideChar(CP_UTF8, 0, utf8, -1, NULL, 0);
data/openvpn-2.5.0/src/openvpnserv/common.c:303:5:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    MultiByteToWideChar(CP_UTF8, 0, utf8, -1, utf16, n);
data/openvpn-2.5.0/src/openvpnserv/interactive.c:762:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR buf[256];
data/openvpn-2.5.0/src/openvpnserv/interactive.c:806:5:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    MultiByteToWideChar(CP_UTF8, 0, settings.exe_path, MAX_PATH, wide_path, MAX_PATH);
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1033:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t argv0[MAX_PATH];
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1092:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t argv0[MAX_PATH];
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1200:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t addr[46]; /* large enough to hold string representation of an ipv4 / ipv6 address */
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1300:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t argv0[MAX_PATH];
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1621:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR ovpn_pipe_name[256]; /* The entire pipe name string can be up to 256 characters long according to MSDN. */
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1843:5:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    MultiByteToWideChar(CP_UTF8, 0, settings.exe_path, MAX_PATH, wide_path, MAX_PATH);
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1958:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR pipe_name[256]; /* The entire pipe name string can be up to 256 characters long according to MSDN. */
data/openvpn-2.5.0/src/openvpnserv/service.c:61:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR path[512];
data/openvpn-2.5.0/src/openvpnserv/service.h:66:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR exe_path[MAX_PATH];
data/openvpn-2.5.0/src/openvpnserv/service.h:67:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR config_dir[MAX_PATH];
data/openvpn-2.5.0/src/openvpnserv/service.h:68:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR ext_string[16];
data/openvpn-2.5.0/src/openvpnserv/service.h:69:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR log_dir[MAX_PATH];
data/openvpn-2.5.0/src/openvpnserv/service.h:70:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR ovpn_admin_group[MAX_NAME];
data/openvpn-2.5.0/src/openvpnserv/validate.c:85:9:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    if (MultiByteToWideChar(CP_UTF8, 0, s->config_dir, -1, widepath, MAX_PATH) == 0)
data/openvpn-2.5.0/src/plugins/auth-pam/auth-pam.c:119:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char username[128];
data/openvpn-2.5.0/src/plugins/auth-pam/auth-pam.c:120:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char password[128];
data/openvpn-2.5.0/src/plugins/auth-pam/auth-pam.c:121:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char common_name[128];
data/openvpn-2.5.0/src/plugins/auth-pam/auth-pam.c:122:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char response[128];
data/openvpn-2.5.0/src/plugins/auth-pam/auth-pam.c:433:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            context->verb = atoi(verb_string);
data/openvpn-2.5.0/src/plugins/auth-pam/auth-pam.c:867:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int ac_fd = open( ac_file_name, O_WRONLY );
data/openvpn-2.5.0/src/plugins/auth-pam/auth-pam.c:894:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ac_file_name[PATH_MAX];
data/openvpn-2.5.0/src/plugins/auth-pam/utils.c:71:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[templen+1];
data/openvpn-2.5.0/src/plugins/down-root/down-root.c:321:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        context->command[i-1] = (char *) argv[i];
data/openvpn-2.5.0/src/plugins/down-root/down-root.c:331:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            context->verb = atoi(verb_string);
data/openvpn-2.5.0/src/tapctl/main.c:275:9:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        TCHAR szzHwId[0x100] =
data/openvpn-2.5.0/src/tapctl/main.c:344:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&guidAdapter, &pAdapter->guid, sizeof(GUID));
data/openvpn-2.5.0/src/tapctl/tap.c:680:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(*ppData, bBufStack, dwRequiredSize);
data/openvpn-2.5.0/src/tapctl/tap.c:751:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR szClassName[MAX_CLASS_NAME_LEN];
data/openvpn-2.5.0/src/tapctl/tap.c:1087:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR szRegKey[ADAPTER_REGKEY_PATH_MAX];
data/openvpn-2.5.0/src/tapctl/tap.c:1274:9:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        TCHAR szRegKey[ADAPTER_REGKEY_PATH_MAX];
data/openvpn-2.5.0/src/tapctl/tap.c:1319:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&node->guid, &guidAdapter, sizeof(GUID));
data/openvpn-2.5.0/src/tapctl/tap.c:1321:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(node->szzHardwareIDs, szzDeviceHardwareIDs, hwid_size);
data/openvpn-2.5.0/src/tapctl/tap.c:1323:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(node->szName, szName, name_size);
data/openvpn-2.5.0/tests/unit_tests/engine-key/libtestengine.c:35:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char auth[256];
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_auth_token.c:108:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(ctx->up.username, "test user name");
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_auth_token.c:109:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(ctx->up.password, "ignored");
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_auth_token.c:286:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(ctx->up.username, "test user name");
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_auth_token.c:292:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(ctx->up.username, "test user name");
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_networking.c:219:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    test = atoi(argv[1]);
data/openvpn-2.5.0/sample/sample-plugins/client-connect/sample-client-connect.c:90:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int namelen = strlen(name);
data/openvpn-2.5.0/sample/sample-plugins/defer/simple.c:90:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int namelen = strlen(name);
data/openvpn-2.5.0/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c:72:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int namelen = strlen(name);
data/openvpn-2.5.0/sample/sample-plugins/log/log.c:56:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int namelen = strlen(name);
data/openvpn-2.5.0/sample/sample-plugins/log/log_v3.c:59:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int namelen = strlen(name);
data/openvpn-2.5.0/sample/sample-plugins/simple/base64.c:59:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int namelen = strlen(name);
data/openvpn-2.5.0/sample/sample-plugins/simple/base64.c:173:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int r = ovpn_base64_encode(clcert_cn, strlen(clcert_cn), &buf);
data/openvpn-2.5.0/sample/sample-plugins/simple/simple.c:58:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int namelen = strlen(name);
data/openvpn-2.5.0/src/compat/compat-inet_pton.c:56:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(src_copy, src, INET6_ADDRSTRLEN+1);
data/openvpn-2.5.0/src/openvpn/argv.c:299:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *f = gc_malloc(strlen(format) + 1, true, gc);
data/openvpn-2.5.0/src/openvpn/argv.c:300:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (int i = 0, j = 0; i < strlen(format); i++)
data/openvpn-2.5.0/src/openvpn/auth_token.c:124:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy(session_id, session_id_source + strlen(SESSION_ID_PREFIX),
data/openvpn-2.5.0/src/openvpn/auth_token.c:198:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char *old_sessid = multi->auth_token + strlen(SESSION_ID_PREFIX);
data/openvpn-2.5.0/src/openvpn/auth_token.c:245:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        hmac_ctx_update(ctx, (uint8_t *) up->username, (int) strlen(up->username));
data/openvpn-2.5.0/src/openvpn/auth_token.c:265:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(SESSION_ID_PREFIX) + strlen(b64output) + 1, &gc);
data/openvpn-2.5.0/src/openvpn/auth_token.c:265:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(SESSION_ID_PREFIX) + strlen(b64output) + 1, &gc);
data/openvpn-2.5.0/src/openvpn/auth_token.c:267:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ASSERT(buf_write(&session_token, SESSION_ID_PREFIX, strlen(SESSION_ID_PREFIX)));
data/openvpn-2.5.0/src/openvpn/auth_token.c:268:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ASSERT(buf_write(&session_token, b64output, (int)strlen(b64output)));
data/openvpn-2.5.0/src/openvpn/auth_token.c:290:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hmac_ctx_update(ctx, (uint8_t *) username, (int)strlen(username));
data/openvpn-2.5.0/src/openvpn/auth_token.c:307:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int decoded_len = openvpn_base64_decode(up->password + strlen(SESSION_ID_PREFIX),
data/openvpn-2.5.0/src/openvpn/auth_token.c:340:9:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
        strcpy(up->username, "");
data/openvpn-2.5.0/src/openvpn/auth_token.c:358:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                strlen(multi->auth_token_initial)) == 0;
data/openvpn-2.5.0/src/openvpn/auth_token.c:396:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            secure_memzero(multi->auth_token, strlen(multi->auth_token));
data/openvpn-2.5.0/src/openvpn/auth_token.c:402:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           strlen(multi->auth_token_initial));
data/openvpn-2.5.0/src/openvpn/auth_token.h:130:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 strlen(SESSION_ID_PREFIX)) == 0);
data/openvpn-2.5.0/src/openvpn/base64.c:103:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strlen(s);
data/openvpn-2.5.0/src/openvpn/buffer.c:261:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            buf->len += (int) strlen((char *)ptr);
data/openvpn-2.5.0/src/openvpn/buffer.c:281:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        buf->len += (int) strlen((char *)ptr);
data/openvpn-2.5.0/src/openvpn/buffer.c:345:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int len = (int) strlen(str) + 1;
data/openvpn-2.5.0/src/openvpn/buffer.c:527:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t separator_len = separator ? strlen(separator) : 0;
data/openvpn-2.5.0/src/openvpn/buffer.c:667:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int len = strlen(str);
data/openvpn-2.5.0/src/openvpn/buffer.c:693:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int n = strlen(str) + 1;
data/openvpn-2.5.0/src/openvpn/buffer.c:735:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        secure_memzero(str, strlen(str));
data/openvpn-2.5.0/src/openvpn/buffer.c:800:77:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf_set_read(&buf, (uint8_t *) string_alloc_debug(str, gc, file, line), strlen(str) + 1);
data/openvpn-2.5.0/src/openvpn/buffer.c:802:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf_set_read(&buf, (uint8_t *) string_alloc(str, gc), strlen(str) + 1);
data/openvpn-2.5.0/src/openvpn/buffer.c:820:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int size = strlen(match);
data/openvpn-2.5.0/src/openvpn/buffer.c:833:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        buf_advance(src, strlen(match));
data/openvpn-2.5.0/src/openvpn/buffer.c:893:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return !(eol && !strlen(line));
data/openvpn-2.5.0/src/openvpn/buffer.c:1246:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t len = strlen((const char *)str);
data/openvpn-2.5.0/src/openvpn/buffer.c:1299:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int sep_len = strlen(sep);
data/openvpn-2.5.0/src/openvpn/buffer.h:352:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(dest, src, maxlen-1);
data/openvpn-2.5.0/src/openvpn/buffer.h:964:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return 0 == strncmp(str, prefix, strlen(prefix));
data/openvpn-2.5.0/src/openvpn/console_builtin.c:77:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && WriteFile(err, prompt, strlen(prompt), &len, NULL))
data/openvpn-2.5.0/src/openvpn/console_builtin.c:246:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            secure_memzero(gp, strlen(gp));
data/openvpn-2.5.0/src/openvpn/console_systemd.c:81:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read(std_out, input, capacity-1) != 0)
data/openvpn-2.5.0/src/openvpn/crypto.c:1259:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int hlen = strlen(static_key_head);
data/openvpn-2.5.0/src/openvpn/crypto.c:1260:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int flen = strlen(static_key_foot);
data/openvpn-2.5.0/src/openvpn/crypto.c:1271:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size = strlen(file) + 1;
data/openvpn-2.5.0/src/openvpn/crypto.c:1469:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        secure_memzero(fmt, strlen(fmt));
data/openvpn-2.5.0/src/openvpn/crypto.c:1940:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        buf_set_read(&key_pem, (const void *)key_file, strlen(key_file) + 1);
data/openvpn-2.5.0/src/openvpn/crypto_openssl.c:659:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!mode_str || strlen(mode_str) < 4)
data/openvpn-2.5.0/src/openvpn/cryptoapi.c:242:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            for (p = rv + strlen(rv) - 1; p >= rv; p--)
data/openvpn-2.5.0/src/openvpn/env_set.c:59:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    out = alloc_buf_gc(strlen(name) + strlen(value) + 2, gc);
data/openvpn-2.5.0/src/openvpn/env_set.c:59:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    out = alloc_buf_gc(strlen(name) + strlen(value) + 2, gc);
data/openvpn-2.5.0/src/openvpn/env_set.c:117:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                secure_memzero(current->string, strlen(current->string));
data/openvpn-2.5.0/src/openvpn/env_set.c:310:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t tmpname_len = strlen(name) + 5; /* 3 digits counter max */
data/openvpn-2.5.0/src/openvpn/env_set.c:351:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ASSERT(name && strlen(name) > 1);
data/openvpn-2.5.0/src/openvpn/env_set.c:384:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    struct buffer out = alloc_buf_gc(strlen(name) + 16, gc);
data/openvpn-2.5.0/src/openvpn/event.c:99:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ASSERT(event->read != NULL);
data/openvpn-2.5.0/src/openvpn/event.c:100:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        wes->events[i] = event->read;
data/openvpn-2.5.0/src/openvpn/event.c:155:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (h == event->read || h == event->write)
data/openvpn-2.5.0/src/openvpn/event.c:192:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (h == event->read)
data/openvpn-2.5.0/src/openvpn/event.c:1006:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
               fd_set *read,
data/openvpn-2.5.0/src/openvpn/event.c:1014:36:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        const bool r = FD_ISSET(i, read);
data/openvpn-2.5.0/src/openvpn/event.c:1071:36:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    stat = select(ses->maxfd + 1, &read, &write, NULL, &tv_tmp);
data/openvpn-2.5.0/src/openvpn/event.c:1075:37:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        stat = se_wait_return(ses, &read, &write, out, outlen);
data/openvpn-2.5.0/src/openvpn/event.h:146:40:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (HANDLE_DEFINED(win32_signal.in.read))
data/openvpn-2.5.0/src/openvpn/forward.c:317:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    stat = tls_send_payload(multi, (uint8_t *) str, strlen(str) + 1);
data/openvpn-2.5.0/src/openvpn/httpdigest.c:87:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    md_ctx_update(md5_ctx, (const uint8_t *) pszUserName, strlen(pszUserName));
data/openvpn-2.5.0/src/openvpn/httpdigest.c:89:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    md_ctx_update(md5_ctx, (const uint8_t *) pszRealm, strlen(pszRealm));
data/openvpn-2.5.0/src/openvpn/httpdigest.c:91:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    md_ctx_update(md5_ctx, (const uint8_t *) pszPassword, strlen(pszPassword));
data/openvpn-2.5.0/src/openvpn/httpdigest.c:98:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        md_ctx_update(md5_ctx, (const uint8_t *) pszNonce, strlen(pszNonce));
data/openvpn-2.5.0/src/openvpn/httpdigest.c:100:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        md_ctx_update(md5_ctx, (const uint8_t *) pszCNonce, strlen(pszCNonce));
data/openvpn-2.5.0/src/openvpn/httpdigest.c:131:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    md_ctx_update(md5_ctx, (const uint8_t *) pszMethod, strlen(pszMethod));
data/openvpn-2.5.0/src/openvpn/httpdigest.c:133:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    md_ctx_update(md5_ctx, (const uint8_t *) pszDigestUri, strlen(pszDigestUri));
data/openvpn-2.5.0/src/openvpn/httpdigest.c:146:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    md_ctx_update(md5_ctx, (const uint8_t *) pszNonce, strlen(pszNonce));
data/openvpn-2.5.0/src/openvpn/httpdigest.c:150:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        md_ctx_update(md5_ctx, (const uint8_t *) pszNonceCount, strlen(pszNonceCount));
data/openvpn-2.5.0/src/openvpn/httpdigest.c:152:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        md_ctx_update(md5_ctx, (const uint8_t *) pszCNonce, strlen(pszCNonce));
data/openvpn-2.5.0/src/openvpn/httpdigest.c:154:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        md_ctx_update(md5_ctx, (const uint8_t *) pszQop, strlen(pszQop));
data/openvpn-2.5.0/src/openvpn/init.c:315:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(command) + 1 + strlen(parameters) + 1;
data/openvpn-2.5.0/src/openvpn/init.c:315:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(command) + 1 + strlen(parameters) + 1;
data/openvpn-2.5.0/src/openvpn/init.c:355:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(p[2]) < RH_HOST_LEN && strlen(p[3]) < RH_PORT_LEN)
data/openvpn-2.5.0/src/openvpn/init.c:355:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(p[2]) < RH_HOST_LEN && strlen(p[3]) < RH_PORT_LEN)
data/openvpn-2.5.0/src/openvpn/init.c:2976:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        to.ekm_label_size = strlen(to.ekm_label);
data/openvpn-2.5.0/src/openvpn/list.c:348:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int len = strlen(str);
data/openvpn-2.5.0/src/openvpn/manage.c:517:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        buf_set_read(&buf, (uint8_t *) victim, strlen(victim) + 1);
data/openvpn-2.5.0/src/openvpn/manage.c:521:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(p1) && strlen(p2))
data/openvpn-2.5.0/src/openvpn/manage.c:521:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(p1) && strlen(p2))
data/openvpn-2.5.0/src/openvpn/manage.c:556:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if (strlen(p1))
data/openvpn-2.5.0/src/openvpn/manage.c:672:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (!strlen(man->connection.up_query.username))
data/openvpn-2.5.0/src/openvpn/manage.c:681:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(man->connection.up_query.password))
data/openvpn-2.5.0/src/openvpn/manage.c:2193:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(up.username, msg, sizeof(up.username)-1);
data/openvpn-2.5.0/src/openvpn/manage.c:2841:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const size_t len = strlen(en);
data/openvpn-2.5.0/src/openvpn/manage.c:2920:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            buf_set_read(&buf, (const uint8_t *) peer_info, strlen(peer_info));
data/openvpn-2.5.0/src/openvpn/manage.c:3646:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            alert_msg = alloc_buf_gc(strlen(b64_data)+strlen(prompt)+3, &gc);
data/openvpn-2.5.0/src/openvpn/manage.c:3646:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            alert_msg = alloc_buf_gc(strlen(b64_data)+strlen(prompt)+3, &gc);
data/openvpn-2.5.0/src/openvpn/manage.c:3651:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            alert_msg = alloc_buf_gc(strlen(prompt)+3, &gc);
data/openvpn-2.5.0/src/openvpn/manage.c:3767:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    struct buffer buf_data = alloc_buf(strlen(b64_data) + strlen(algorithm) + 20);
data/openvpn-2.5.0/src/openvpn/manage.c:3767:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    struct buffer buf_data = alloc_buf(strlen(b64_data) + strlen(algorithm) + 20);
data/openvpn-2.5.0/src/openvpn/manage.c:3775:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf_write(&buf_data, b64_data, (int) strlen(b64_data));
data/openvpn-2.5.0/src/openvpn/manage.c:3778:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        buf_write(&buf_data, ",", (int) strlen(","));
data/openvpn-2.5.0/src/openvpn/manage.c:3779:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        buf_write(&buf_data, algorithm, (int) strlen(algorithm));
data/openvpn-2.5.0/src/openvpn/manage.c:3792:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    struct buffer buf_prompt = alloc_buf(strlen(cert_name) + 20);
data/openvpn-2.5.0/src/openvpn/manage.c:3793:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf_write(&buf_prompt, prompt_1, strlen(prompt_1));
data/openvpn-2.5.0/src/openvpn/manage.c:3794:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf_write(&buf_prompt, cert_name, strlen(cert_name)+1); /* +1 for \0 */
data/openvpn-2.5.0/src/openvpn/misc.c:110:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    struct buffer hname = alloc_buf_gc(strlen(hostname)+sizeof(rnd_bytes)*2+4, gc);
data/openvpn-2.5.0/src/openvpn/misc.c:206:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (!strlen(up->password))
data/openvpn-2.5.0/src/openvpn/misc.c:214:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            buf_set_read(&buf, (uint8_t *) auth_file, strlen(auth_file) + 1);
data/openvpn-2.5.0/src/openvpn/misc.c:262:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(up->password, password_buf, USER_PASS_LEN);
data/openvpn-2.5.0/src/openvpn/misc.c:287:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (!(flags & GET_USER_PASS_PASSWORD_ONLY) && strlen(up->username) == 0)
data/openvpn-2.5.0/src/openvpn/misc.c:312:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    challenge = alloc_buf_gc(14+strlen(ac->challenge_text), &gc);
data/openvpn-2.5.0/src/openvpn/misc.c:358:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if (strlen(up->username) == 0)
data/openvpn-2.5.0/src/openvpn/misc.c:371:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    challenge = alloc_buf_gc(14+strlen(auth_challenge), &gc);
data/openvpn-2.5.0/src/openvpn/misc.c:380:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if (openvpn_base64_encode(up->password, strlen(up->password), &pw64) == -1
data/openvpn-2.5.0/src/openvpn/misc.c:381:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        || openvpn_base64_encode(response, strlen(response), &resp64) == -1)
data/openvpn-2.5.0/src/openvpn/misc.c:423:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int len = strlen(auth_challenge);
data/openvpn-2.5.0/src/openvpn/misc.c:472:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ac->user = (char *) gc_malloc(strlen(work)+1, true, gc);
data/openvpn-2.5.0/src/openvpn/misc.c:513:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (token && strlen(token) && up && up->defined)
data/openvpn-2.5.0/src/openvpn/misc.c:572:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf_set_read(&buf, (const uint8_t *) str, strlen(str));
data/openvpn-2.5.0/src/openvpn/misc.c:581:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf_set_read(&buf, (const uint8_t *) str, strlen(str));
data/openvpn-2.5.0/src/openvpn/misc.c:646:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *ret = gc_malloc(strlen(src)+1, false, gc);
data/openvpn-2.5.0/src/openvpn/misc.c:749:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf_set_read(&buf, (const uint8_t *) peer_info, strlen(peer_info));
data/openvpn-2.5.0/src/openvpn/misc.c:769:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int string_len = strlen(string);
data/openvpn-2.5.0/src/openvpn/mstats.c:63:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(fn) >= sizeof(mmap_fn))
data/openvpn-2.5.0/src/openvpn/multi.c:1864:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(peer_ciphers) > 0)
data/openvpn-2.5.0/src/openvpn/multi.c:1976:19:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    const int c = fgetc(fp);
data/openvpn-2.5.0/src/openvpn/multi.c:2719:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int r = read(m->top.c2.inotify_fd, buffer, INOTIFY_EVENT_BUFFER_SIZE);
data/openvpn-2.5.0/src/openvpn/networking_iproute2.c:350:28:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
            const int np = sscanf(line, "%15s\t%x\t%x\t%x\t%*s\t%*s\t%d\t%x",
data/openvpn-2.5.0/src/openvpn/networking_sitnl.c:538:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(best_iface, res.iface, IFNAMSIZ);
data/openvpn-2.5.0/src/openvpn/ntlm.c:227:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ASSERT(strlen(p->up.username) > 0);
data/openvpn-2.5.0/src/openvpn/ntlm.c:228:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ASSERT(strlen(p->up.password) > 0);
data/openvpn-2.5.0/src/openvpn/ntlm.c:234:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(username, p->up.username, sizeof(username)-1);
data/openvpn-2.5.0/src/openvpn/ntlm.c:240:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(username, separator+1, sizeof(username)-1);
data/openvpn-2.5.0/src/openvpn/ntlm.c:247:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(domain, p->up.username,  len);
data/openvpn-2.5.0/src/openvpn/ntlm.c:281:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(username) + strlen(domain) < sizeof(userdomain))
data/openvpn-2.5.0/src/openvpn/ntlm.c:281:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(username) + strlen(domain) < sizeof(userdomain))
data/openvpn-2.5.0/src/openvpn/ntlm.c:290:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        gen_hmac_md5((uint8_t *)userdomain_u, 2 * strlen(userdomain), md4_hash,
data/openvpn-2.5.0/src/openvpn/ntlm.c:396:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    add_security_buffer(0x24, username, strlen(username), phase3,
data/openvpn-2.5.0/src/openvpn/ntlm.c:401:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    add_security_buffer(0x1c, domain, strlen(domain), phase3, &phase3_bufpos);
data/openvpn-2.5.0/src/openvpn/occ.c:246:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           strlen(c->c2.options_string_local) + 1))
data/openvpn-2.5.0/src/openvpn/options.c:1068:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *ret = (char *) gc_malloc(strlen(src) + 1, true, gc);
data/openvpn-2.5.0/src/openvpn/options.c:1097:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(cp) < 2)
data/openvpn-2.5.0/src/openvpn/options.c:3128:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t newlen = strlen(o->ncp_ciphers) + 1 + strlen(o->ciphername) + 1;
data/openvpn-2.5.0/src/openvpn/options.c:3128:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t newlen = strlen(o->ncp_ciphers) + 1 + strlen(o->ciphername) + 1;
data/openvpn-2.5.0/src/openvpn/options.c:3336:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(chroot) + strlen(PATH_SEPARATOR_STR) + strlen(file) + 1;
data/openvpn-2.5.0/src/openvpn/options.c:3336:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(chroot) + strlen(PATH_SEPARATOR_STR) + strlen(file) + 1;
data/openvpn-2.5.0/src/openvpn/options.c:3336:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(chroot) + strlen(PATH_SEPARATOR_STR) + strlen(file) + 1;
data/openvpn-2.5.0/src/openvpn/options.c:3792:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (ios && strlen(ios))
data/openvpn-2.5.0/src/openvpn/options.c:3929:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return options_cmp_equal_safe(actual, expected, strlen(actual) + 1);
data/openvpn-2.5.0/src/openvpn/options.c:3935:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    options_warning_safe(actual, expected, strlen(actual) + 1);
data/openvpn-2.5.0/src/openvpn/options.c:3976:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(p1) > 0)
data/openvpn-2.5.0/src/openvpn/options.c:3985:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(p2))
data/openvpn-2.5.0/src/openvpn/options.c:4110:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t opt_name_len = strlen(opt_name);
data/openvpn-2.5.0/src/openvpn/options.c:4116:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            && strlen(p) > (opt_name_len+1) && p[opt_name_len] == ' ')
data/openvpn-2.5.0/src/openvpn/options.c:4121:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t val_len = end ? end - start : strlen(start);
data/openvpn-2.5.0/src/openvpn/options.c:4624:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(*p) >= 3 && !strncmp(*p, "--", 2))
data/openvpn-2.5.0/src/openvpn/options.c:4650:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int) strlen(line) + 1 < size)
data/openvpn-2.5.0/src/openvpn/options.c:4652:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat(line, "\n");
data/openvpn-2.5.0/src/openvpn/options.c:4679:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!strncmp(line_ptr, close_tag, strlen(close_tag)))
data/openvpn-2.5.0/src/openvpn/options.c:4684:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!buf_safe(&buf, strlen(line)+1))
data/openvpn-2.5.0/src/openvpn/options.c:4714:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (arg[0] == '<' && arg[strlen(arg)-1] == '>')
data/openvpn-2.5.0/src/openvpn/options.c:4718:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            arg[strlen(arg) - 1] = '\0';
data/openvpn-2.5.0/src/openvpn/options.c:4720:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            close_tag = alloc_buf(strlen(p[0]) + 4);
data/openvpn-2.5.0/src/openvpn/options.c:4798:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen(line) == OPTION_LINE_SIZE)
data/openvpn-2.5.0/src/openvpn/options.c:4851:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf_set_read(&multiline, (uint8_t *)config, strlen(config));
data/openvpn-2.5.0/src/openvpn/options.c:6622:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        f->size = strlen(p[2]);
data/openvpn-2.5.0/src/openvpn/options.c:8360:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if (streq(p[0], "verify-x509-name") && p[1] && strlen(p[1]) && !p[3])
data/openvpn-2.5.0/src/openvpn/options.c:8575:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(s) == i)
data/openvpn-2.5.0/src/openvpn/packet_id.c:461:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            n = read(p->fd, &image, sizeof(image));
data/openvpn-2.5.0/src/openvpn/pf.c:147:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return hash_func((uint8_t *)key, strlen((char *)key) + 1, iv);
data/openvpn-2.5.0/src/openvpn/pkcs11.c:68:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(usec);
data/openvpn-2.5.0/src/openvpn/pkcs11.c:271:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pin) == 0)
data/openvpn-2.5.0/src/openvpn/platform.c:420:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t outsize = strlen(safe_filename) + (directory ? strlen(directory) : 0) + 16;
data/openvpn-2.5.0/src/openvpn/platform.c:420:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t outsize = strlen(safe_filename) + (directory ? strlen(directory) : 0) + 16;
data/openvpn-2.5.0/src/openvpn/pool.c:658:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(ip_buf) > 0)
data/openvpn-2.5.0/src/openvpn/pool.c:681:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (buf_parse(&in, ',', ip6_buf, buf_size) && strlen(ip6_buf) > 0)
data/openvpn-2.5.0/src/openvpn/proxy.c:199:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const ssize_t size = send(sd, buf, strlen(buf), MSG_NOSIGNAL);
data/openvpn-2.5.0/src/openvpn/proxy.c:200:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (size != (ssize_t) strlen(buf))
data/openvpn-2.5.0/src/openvpn/proxy.c:214:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    struct buffer buf = alloc_buf(strlen(src) + 3);
data/openvpn-2.5.0/src/openvpn/proxy.c:215:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ASSERT(buf_write(&buf, src, strlen(src)));
data/openvpn-2.5.0/src/openvpn/proxy.c:242:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return make_base64_string2(str, strlen((const char *)str), gc);
data/openvpn-2.5.0/src/openvpn/proxy.c:249:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    struct buffer out = alloc_buf_gc(strlen(p->up.username) + strlen(p->up.password) + 2, gc);
data/openvpn-2.5.0/src/openvpn/proxy.c:249:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    struct buffer out = alloc_buf_gc(strlen(p->up.username) + strlen(p->up.password) + 2, gc);
data/openvpn-2.5.0/src/openvpn/proxy.c:250:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ASSERT(strlen(p->up.username) > 0);
data/openvpn-2.5.0/src/openvpn/proxy.c:334:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!strlen(buf))
data/openvpn-2.5.0/src/openvpn/proxy.c:906:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    const int len = strlen(opaque)+16;
data/openvpn-2.5.0/src/openvpn/ps.c:85:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(foo, BSTR(buf), 15);
data/openvpn-2.5.0/src/openvpn/ps.c:148:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    const ssize_t size = read(fd, &c, sizeof(c));
data/openvpn-2.5.0/src/openvpn/ps.c:356:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        fnlen =  strlen(journal_dir) + strlen(t) + 2;
data/openvpn-2.5.0/src/openvpn/ps.c:356:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        fnlen =  strlen(journal_dir) + strlen(t) + 2;
data/openvpn-2.5.0/src/openvpn/ps.c:364:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (write(fd, f, strlen(f)) != strlen(f))
data/openvpn-2.5.0/src/openvpn/ps.c:364:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (write(fd, f, strlen(f)) != strlen(f))
data/openvpn-2.5.0/src/openvpn/push.c:271:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (client_reason ? strlen(client_reason)+1 : 0) + sizeof(auth_failed);
data/openvpn-2.5.0/src/openvpn/push.c:298:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(extra)+1 + sizeof(info_pre);
data/openvpn-2.5.0/src/openvpn/push.c:498:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const int l = strlen(e->option);
data/openvpn-2.5.0/src/openvpn/push.c:720:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                && strncmp( e->option, p, strlen(p) ) == 0)
data/openvpn-2.5.0/src/openvpn/push.c:790:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        md_ctx_update(ctx, (const uint8_t *) line, strlen(line)+1);
data/openvpn-2.5.0/src/openvpn/route.c:1926:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int len = strlen(gateway) + 1 + strlen(r6->iface)+1;
data/openvpn-2.5.0/src/openvpn/route.c:1926:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int len = strlen(gateway) + 1 + strlen(r6->iface)+1;
data/openvpn-2.5.0/src/openvpn/route.c:2397:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int len = strlen(gateway) + 1 + strlen(r6->iface)+1;
data/openvpn-2.5.0/src/openvpn/route.c:2397:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int len = strlen(gateway) + 1 + strlen(r6->iface)+1;
data/openvpn-2.5.0/src/openvpn/route.c:3106:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(msg.iface.name, tt->actual_name, sizeof(msg.iface.name));
data/openvpn-2.5.0/src/openvpn/route.c:3386:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(rgi6->iface) > 0)
data/openvpn-2.5.0/src/openvpn/route.c:3526:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        l = read(sockfd, (char *)&m_rtmsg, sizeof(m_rtmsg));
data/openvpn-2.5.0/src/openvpn/route.c:3754:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        l = read(sockfd, (char *)&m_rtmsg, sizeof(m_rtmsg));
data/openvpn-2.5.0/src/openvpn/socket.c:708:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(dotted_quad) > 15)
data/openvpn-2.5.0/src/openvpn/socket.c:758:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(ipv6_text_addr) > INET6_ADDRSTRLEN)
data/openvpn-2.5.0/src/openvpn/socket.c:775:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t len = strlen(addr);
data/openvpn-2.5.0/src/openvpn/socket.c:811:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(mac_addr) > 17)
data/openvpn-2.5.0/src/openvpn/socket.c:1155:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (setsockopt(sock->sd, SOL_SOCKET, SO_BINDTODEVICE, sock->bind_dev, strlen(sock->bind_dev) + 1) != 0)
data/openvpn-2.5.0/src/openvpn/socket.c:4051:31:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    const mode_t orig_umask = umask(0);
data/openvpn-2.5.0/src/openvpn/socket.c:4064:5:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    umask(orig_umask);
data/openvpn-2.5.0/src/openvpn/socket.c:4112:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (name && strlen(name))
data/openvpn-2.5.0/src/openvpn/socks.c:115:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( (strlen(creds.username) > 255) || (strlen(creds.password) > 255) )
data/openvpn-2.5.0/src/openvpn/socks.c:115:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( (strlen(creds.username) > 255) || (strlen(creds.password) > 255) )
data/openvpn-2.5.0/src/openvpn/socks.c:122:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    openvpn_snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s", (int) strlen(creds.username),
data/openvpn-2.5.0/src/openvpn/socks.c:123:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     creds.username, (int) strlen(creds.password), creds.password);
data/openvpn-2.5.0/src/openvpn/socks.c:124:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size = send(sd, to_send, strlen(to_send), MSG_NOSIGNAL);
data/openvpn-2.5.0/src/openvpn/socks.c:126:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (size != strlen(to_send))
data/openvpn-2.5.0/src/openvpn/socks.c:471:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(host);
data/openvpn-2.5.0/src/openvpn/ssl.c:263:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((strlen(pair->openssl_name) == len && 0 == memcmp(cipher_name, pair->openssl_name, len))
data/openvpn-2.5.0/src/openvpn/ssl.c:264:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            || (strlen(pair->iana_name) == len && 0 == memcmp(cipher_name, pair->iana_name, len)))
data/openvpn-2.5.0/src/openvpn/ssl.c:362:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!strlen(passbuf.password))
data/openvpn-2.5.0/src/openvpn/ssl.c:378:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return strlen(buf);
data/openvpn-2.5.0/src/openvpn/ssl.c:1741:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    struct buffer seed = alloc_buf(strlen(label)
data/openvpn-2.5.0/src/openvpn/ssl.c:1746:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ASSERT(buf_write(&seed, label, strlen(label)));
data/openvpn-2.5.0/src/openvpn/ssl.c:2125:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int len = strlen(str) + 1;
data/openvpn-2.5.0/src/openvpn/ssl.c:2269:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    && buf_safe(&out, strlen(e->string)+1))
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:264:78:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const tls_cipher_name_pair *pair = tls_get_cipher_name_pair(cipher_name, strlen(cipher_name));
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:414:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                           strlen(dh_file) + 1)))
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:473:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                            strlen(cert_file) + 1)))
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:503:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                      strlen(priv_key_file) + 1, NULL, 0);
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:511:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                          strlen(priv_key_file) + 1,
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:513:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                          strlen(passbuf));
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:766:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                            strlen(ca_file) + 1)))
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:796:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                            strlen(extra_certs_file) + 1)))
data/openvpn-2.5.0/src/openvpn/ssl_mbedtls.c:1038:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                            strlen(crl_file) + 1)))
data/openvpn-2.5.0/src/openvpn/ssl_ncp.c:146:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  strlen(ovpn_cipher_name) + 2))
data/openvpn-2.5.0/src/openvpn/ssl_ncp.c:201:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ncp_ciphers_start += strlen("IV_CIPHERS=");
data/openvpn-2.5.0/src/openvpn/ssl_ncp.c:207:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ncp_ciphers_end = ncp_ciphers_start + strlen(ncp_ciphers_start);
data/openvpn-2.5.0/src/openvpn/ssl_openssl.c:385:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher)
data/openvpn-2.5.0/src/openvpn/ssl_openssl.c:406:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            current_cipher_len = strlen(current_cipher);
data/openvpn-2.5.0/src/openvpn/ssl_openssl.c:485:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(ciphers) >= (len - 1))
data/openvpn-2.5.0/src/openvpn/ssl_openssl.c:492:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(openssl_ciphers, ciphers, len);
data/openvpn-2.5.0/src/openvpn/ssl_openssl.c:494:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (size_t i = 0; i < strlen(openssl_ciphers); i++)
data/openvpn-2.5.0/src/openvpn/ssl_openssl.c:780:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                   (int) strlen(pkcs12_file));
data/openvpn-2.5.0/src/openvpn/ssl_openssl.c:2158:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            tls_get_cipher_name_pair(cipher_name, strlen(cipher_name));
data/openvpn-2.5.0/src/openvpn/ssl_verify.c:107:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const uint32_t len = (uint32_t) strlen(common_name);
data/openvpn-2.5.0/src/openvpn/ssl_verify.c:134:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (ret && strlen(ret))
data/openvpn-2.5.0/src/openvpn/ssl_verify.c:198:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (ret && strlen(ret))
data/openvpn-2.5.0/src/openvpn/ssl_verify.c:399:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen(opt->verify_x509_name)) == 0) )
data/openvpn-2.5.0/src/openvpn/ssl_verify.c:822:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (client_reason && strlen(client_reason))
data/openvpn-2.5.0/src/openvpn/ssl_verify.c:889:31:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                const int c = fgetc(fp);
data/openvpn-2.5.0/src/openvpn/ssl_verify.c:1117:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (tmp_file && strlen(tmp_file) > 0)
data/openvpn-2.5.0/src/openvpn/ssl_verify.c:1207:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((session->opt->ssl_flags & SSLF_AUTH_USER_PASS_OPTIONAL) || strlen(up->username))
data/openvpn-2.5.0/src/openvpn/ssl_verify.c:1331:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && strlen(up->username)>TLS_USERNAME_LEN)
data/openvpn-2.5.0/src/openvpn/ssl_verify.c:1491:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            && 0 == strncmp("X509_", item->string, strlen("X509_")))
data/openvpn-2.5.0/src/openvpn/ssl_verify_mbedtls.c:257:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    name_expand_size = 64 + strlen(name);
data/openvpn-2.5.0/src/openvpn/ssl_verify_openssl.c:165:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if (strlen(buf) != name->d.ia5->length)
data/openvpn-2.5.0/src/openvpn/ssl_verify_openssl.c:254:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const result_t ret = (strlen((char *)buf) < size) ? SUCCESS : FAILURE;
data/openvpn-2.5.0/src/openvpn/ssl_verify_openssl.c:422:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    name_expand_size = 64 + strlen(name);
data/openvpn-2.5.0/src/openvpn/ssl_verify_openssl.c:565:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        name_expand_size = 64 + strlen(objbuf);
data/openvpn-2.5.0/src/openvpn/status.c:252:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat(buf, "\n");
data/openvpn-2.5.0/src/openvpn/status.c:253:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen(buf);
data/openvpn-2.5.0/src/openvpn/status.c:290:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                len = read(so->fd, BPTR(&so->read_buf), BCAP(&so->read_buf));
data/openvpn-2.5.0/src/openvpn/tls_crypt.c:660:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (TLS_CRYPT_V2_MAX_B64_METADATA_LEN < strlen(b64_metadata))
data/openvpn-2.5.0/src/openvpn/tls_crypt.c:664:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                (int)strlen(b64_metadata), TLS_CRYPT_V2_MAX_B64_METADATA_LEN);
data/openvpn-2.5.0/src/openvpn/tun.c:110:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(addr.iface.name, tt->actual_name, sizeof(addr.iface.name));
data/openvpn-2.5.0/src/openvpn/tun.c:236:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(dns.iface.name, tt->actual_name, sizeof(dns.iface.name));
data/openvpn-2.5.0/src/openvpn/tun.c:359:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return !strncmp(dev, match_type, strlen(match_type));
data/openvpn-2.5.0/src/openvpn/tun.c:1716:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        return read(tt->fd, buf, len);
data/openvpn-2.5.0/src/openvpn/tun.c:1768:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy( dynamic_name, ifr.ifr_name, sizeof(dynamic_name)-1 );
data/openvpn-2.5.0/src/openvpn/tun.c:1933:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return read(tt->fd, buf, len);
data/openvpn-2.5.0/src/openvpn/tun.c:2218:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return read(tt->fd, buf, len);
data/openvpn-2.5.0/src/openvpn/tun.c:2797:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        return read(tt->fd, buf, len);
data/openvpn-2.5.0/src/openvpn/tun.c:2925:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        return read(tt->fd, buf, len);
data/openvpn-2.5.0/src/openvpn/tun.c:3019:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        return read(tt->fd, buf, len);
data/openvpn-2.5.0/src/openvpn/tun.c:3274:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return read(tt->fd, buf, len);
data/openvpn-2.5.0/src/openvpn/tun.c:3414:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return read(tt->fd, buf, len);
data/openvpn-2.5.0/src/openvpn/tun.c:4556:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (ip_str && netmask_str && strlen(ip_str) && strlen(netmask_str))
data/openvpn-2.5.0/src/openvpn/tun.c:4556:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (ip_str && netmask_str && strlen(ip_str) && strlen(netmask_str))
data/openvpn-2.5.0/src/openvpn/tun.c:4927:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(ip->IpMask.String))
data/openvpn-2.5.0/src/openvpn/tun.c:5271:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!ip_str || !strlen(ip_str))
data/openvpn-2.5.0/src/openvpn/tun.c:5776:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int len = strlen(str);
data/openvpn-2.5.0/src/openvpn/tun.c:5815:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(ptr) + len + 1 > sizeof(tmp_buf))
data/openvpn-2.5.0/src/openvpn/tun.c:5985:42:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        .send_tail_moved = tt->rw_handle.read,
data/openvpn-2.5.0/src/openvpn/tun.c:6272:50:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                                   tt->rw_handle.read,
data/openvpn-2.5.0/src/openvpn/tun.c:6911:35:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        CloseHandle(tt->rw_handle.read);
data/openvpn-2.5.0/src/openvpn/tun.c:7015:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return read(tt->fd, buf, len);
data/openvpn-2.5.0/src/openvpn/win32.c:240:50:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (!(flags & NE32_PERSIST_EVENT) || !event->read)
data/openvpn-2.5.0/src/openvpn/win32.c:250:35:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (WSAEventSelect(sd, event->read, network_events) != 0)
data/openvpn-2.5.0/src/openvpn/win32.c:260:41:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (WSAEnumNetworkEvents(sd, event->read, &wne) != 0)
data/openvpn-2.5.0/src/openvpn/win32.c:274:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (event->read)
data/openvpn-2.5.0/src/openvpn/win32.c:278:43:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            if (WSAEventSelect(sd, event->read, 0) != 0)
data/openvpn-2.5.0/src/openvpn/win32.c:283:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (!ResetEvent(event->read))
data/openvpn-2.5.0/src/openvpn/win32.c:289:37:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            if (!CloseHandle(event->read))
data/openvpn-2.5.0/src/openvpn/win32.c:390:63:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (ws->mode == WSO_MODE_SERVICE && HANDLE_DEFINED(ws->in.read))
data/openvpn-2.5.0/src/openvpn/win32.c:392:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        SetEvent(ws->in.read);
data/openvpn-2.5.0/src/openvpn/win32.c:467:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (ws->in.read != INVALID_HANDLE_VALUE)
data/openvpn-2.5.0/src/openvpn/win32.c:469:39:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            if (GetConsoleMode(ws->in.read, &ws->console_mode_save))
data/openvpn-2.5.0/src/openvpn/win32.c:481:48:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                    if (!SetConsoleMode(ws->in.read, new_console_mode))
data/openvpn-2.5.0/src/openvpn/win32.c:501:35:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        && !HANDLE_DEFINED(ws->in.read) && exit_event_name)
data/openvpn-2.5.0/src/openvpn/win32.c:520:44:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            if (WaitForSingleObject(ws->in.read, 0) != WAIT_TIMEOUT)
data/openvpn-2.5.0/src/openvpn/win32.c:541:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (HANDLE_DEFINED(ws->in.read))
data/openvpn-2.5.0/src/openvpn/win32.c:544:50:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (GetNumberOfConsoleInputEvents(ws->in.read, &n))
data/openvpn-2.5.0/src/openvpn/win32.c:574:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (HANDLE_DEFINED(ws->in.read))
data/openvpn-2.5.0/src/openvpn/win32.c:584:42:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            if (!ReadConsoleInput(ws->in.read, &ir, 1, &n))
data/openvpn-2.5.0/src/openvpn/win32.c:601:63:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (ws->mode == WSO_MODE_SERVICE && HANDLE_DEFINED(ws->in.read))
data/openvpn-2.5.0/src/openvpn/win32.c:603:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        CloseHandle(ws->in.read);
data/openvpn-2.5.0/src/openvpn/win32.c:607:36:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (!SetConsoleMode(ws->in.read, ws->console_mode_save))
data/openvpn-2.5.0/src/openvpn/win32.c:623:35:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (HANDLE_DEFINED(ws->in.read)
data/openvpn-2.5.0/src/openvpn/win32.c:624:43:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            && WaitForSingleObject(ws->in.read, 0) == WAIT_OBJECT_0)
data/openvpn-2.5.0/src/openvpn/win32.c:686:63:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (ws->mode == WSO_MODE_CONSOLE && HANDLE_DEFINED(ws->in.read))
data/openvpn-2.5.0/src/openvpn/win32.c:691:40:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            WaitForSingleObject(ws->in.read, INFINITE);
data/openvpn-2.5.0/src/openvpn/win32.c:994:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nchars += strlen(e->string) + 1;
data/openvpn-2.5.0/src/openvpn/win32.c:997:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nchars += strlen(force_path)+1;
data/openvpn-2.5.0/src/openvpn/win32.c:1008:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                p += strlen(e->string) + 1;
data/openvpn-2.5.0/src/openvpn/win32.c:1021:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            p += strlen(force_path) + 1;
data/openvpn-2.5.0/src/openvpn/win32.c:1050:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t len = strlen(arg);
data/openvpn-2.5.0/src/openvpn/win32.h:76:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    HANDLE read;
data/openvpn-2.5.0/src/openvpn/win32.h:90:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return event->read != NULL;
data/openvpn-2.5.0/src/openvpnmsica/msica_arg.c:61:29:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t argument_size = (_tcslen(argument) + 1) * sizeof(TCHAR);
data/openvpn-2.5.0/src/openvpnmsica/msica_arg.c:82:29:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t argument_size = (_tcslen(argument) + 1) * sizeof(TCHAR);
data/openvpn-2.5.0/src/openvpnmsica/msica_arg.c:102:17:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size += _tcslen(p->val) + 1 /*space delimiter|zero-terminator*/;
data/openvpn-2.5.0/src/openvpnmsica/msica_arg.c:131:14:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        s += _tcslen(p->val);
data/openvpn-2.5.0/src/openvpnmsica/openvpnmsica.c:610:73:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            for (LPCTSTR hwid = pAdapterOther->szzHardwareIDs;; hwid += _tcslen(hwid) + 1)
data/openvpn-2.5.0/src/openvpnmsica/openvpnmsica.c:868:125:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memcpy_s(szzHardwareIDs, sizeof(szzHardwareIDs) - 2*sizeof(TCHAR) /*requires double zero termination*/, szHwId, _tcslen(szHwId)*sizeof(TCHAR));
data/openvpn-2.5.0/src/openvpnserv/automatic.c:138:22:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (size > 0 && (_tcslen(src) + 1) <= size)
data/openvpn-2.5.0/src/openvpnserv/automatic.c:142:13:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        i = _tcslen(dest);
data/openvpn-2.5.0/src/openvpnserv/automatic.c:155:13:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (_tcslen(dest) + _tcslen(newext) + 2 <= size)
data/openvpn-2.5.0/src/openvpnserv/automatic.c:155:29:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (_tcslen(dest) + _tcslen(newext) + 2 <= size)
data/openvpn-2.5.0/src/openvpnserv/common.c:244:13:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        tmp[_tcslen(tmp) - 2] = TEXT('\0'); /* remove CR/LF characters */
data/openvpn-2.5.0/src/openvpnserv/common.c:314:9:  [1] (buffer) wcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        wcsncpy(win_sys_path, default_sys_path, _countof(win_sys_path));
data/openvpn-2.5.0/src/openvpnserv/interactive.c:214:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    read,
data/openvpn-2.5.0/src/openvpnserv/interactive.c:291:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return AsyncPipeOp(read, pipe, buffer, size, count, events);
data/openvpn-2.5.0/src/openvpnserv/interactive.c:312:39:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    WritePipeAsync(pipe, buf, (DWORD)(wcslen(buf) * 2), count, events);
data/openvpn-2.5.0/src/openvpnserv/interactive.c:340:42:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    WritePipeAsync(pipe, result, (DWORD)(wcslen(result) * 2), count, events);
data/openvpn-2.5.0/src/openvpnserv/interactive.c:455:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    DWORD bytes, read;
data/openvpn-2.5.0/src/openvpnserv/interactive.c:482:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (bytes != read)
data/openvpn-2.5.0/src/openvpnserv/interactive.c:497:11:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = wcslen(sud->directory) + 1;
data/openvpn-2.5.0/src/openvpnserv/interactive.c:507:11:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = wcslen(sud->options) + 1;
data/openvpn-2.5.0/src/openvpnserv/interactive.c:702:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if (strlen(msg->iface.name))
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1058:23:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t ncmdline = wcslen(fmt) + wcslen(if_name) + wcslen(addr) + 32 + 1;
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1058:37:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t ncmdline = wcslen(fmt) + wcslen(if_name) + wcslen(addr) + 32 + 1;
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1058:55:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t ncmdline = wcslen(fmt) + wcslen(if_name) + wcslen(addr) + 32 + 1;
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1070:9:  [1] (buffer) wcsncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
  automatically resizing strings. Risk is low because the source is a
  constant string.
        wcsncat(cmdline, L" validate=no", ncmdline - wcslen(cmdline) - 1);
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1070:54:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        wcsncat(cmdline, L" validate=no", ncmdline - wcslen(cmdline) - 1);
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1110:23:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t ncmdline = wcslen(fmt) + 20 + wcslen(action) /* max 20 for ifindex */
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1110:42:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t ncmdline = wcslen(fmt) + 20 + wcslen(action) /* max 20 for ifindex */
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1111:31:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    + (data ? wcslen(data) + 1 : 1);
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1314:23:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t ncmdline = wcslen(fmt) + 10 + 1;
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1447:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    DWORD read;
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1469:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read != bytes || read < sizeof(msg.header) || read != msg.header.size)
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1469:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read != bytes || read < sizeof(msg.header) || read != msg.header.size)
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1469:55:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read != bytes || read < sizeof(msg.header) || read != msg.header.size)
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1816:20:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cmdline_size = wcslen(sud.options) + 128;
data/openvpn-2.5.0/src/openvpnserv/interactive.c:1875:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        WriteFile(stdin_write, input, (DWORD)strlen(input), &written, NULL);
data/openvpn-2.5.0/src/openvpnserv/validate.c:93:42:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (wcsncmp(config_dir, config_file, wcslen(config_dir)) == 0
data/openvpn-2.5.0/src/openvpnserv/validate.c:94:33:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && wcsstr(config_file + wcslen(config_dir), L"..") == NULL)
data/openvpn-2.5.0/src/plugins/auth-pam/auth-pam.c:139:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    const ssize_t size = read(fd, &c, sizeof(c));
data/openvpn-2.5.0/src/plugins/auth-pam/auth-pam.c:173:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        size = read(fd, buffer, len);
data/openvpn-2.5.0/src/plugins/auth-pam/auth-pam.c:186:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int len = strlen(string) + 1;
data/openvpn-2.5.0/src/plugins/auth-pam/auth-pam.c:285:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strncasecmp(match, query, strlen(match)) == 0;
data/openvpn-2.5.0/src/plugins/auth-pam/auth-pam.c:296:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int skip = strlen("SCRV1:");
data/openvpn-2.5.0/src/plugins/auth-pam/auth-pam.c:343:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        plugin_secure_memzero(tmp, strlen(tmp));
data/openvpn-2.5.0/src/plugins/auth-pam/auth-pam.c:546:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (username && strlen(username) > 0 && password)
data/openvpn-2.5.0/src/plugins/auth-pam/auth-pam.c:976:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen(ac_file_name) > 0)
data/openvpn-2.5.0/src/plugins/auth-pam/utils.c:50:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t tosearchlen = strlen(tosearch);
data/openvpn-2.5.0/src/plugins/auth-pam/utils.c:51:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t replacewithlen = strlen(replacewith);
data/openvpn-2.5.0/src/plugins/auth-pam/utils.c:54:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (tosearchlen == 0 || strlen(searchfor) == 0 || replacewithlen == 0)
data/openvpn-2.5.0/src/plugins/auth-pam/utils.c:82:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(temp,searching,scratch-searching);
data/openvpn-2.5.0/src/plugins/auth-pam/utils.c:85:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        searching = scratch+strlen(searchfor);
data/openvpn-2.5.0/src/plugins/auth-pam/utils.c:97:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int namelen = strlen(name);
data/openvpn-2.5.0/src/plugins/down-root/down-root.c:92:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int namelen = strlen(name);
data/openvpn-2.5.0/src/plugins/down-root/down-root.c:133:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    const ssize_t size = read(fd, &c, sizeof(c));
data/openvpn-2.5.0/src/tapctl/main.c:287:116:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                memcpy_s(szzHwId, sizeof(szzHwId) - 2*sizeof(TCHAR) /*requires double zero termination*/, argv[i], _tcslen(argv[i])*sizeof(TCHAR));
data/openvpn-2.5.0/src/tapctl/tap.c:76:38:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = _countof(libpath) - wcslen(libpath) - 1;
data/openvpn-2.5.0/src/tapctl/tap.c:77:15:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (len < wcslen(libname) + 1)
data/openvpn-2.5.0/src/tapctl/tap.c:82:5:  [1] (buffer) wcsncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
  automatically resizing strings. Risk is low because the source is a
  constant character.
    wcsncat(libpath, L"\\", len);
data/openvpn-2.5.0/src/tapctl/tap.c:83:5:  [1] (buffer) wcsncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
  automatically resizing strings.
    wcsncat(libpath, libname, len-1);
data/openvpn-2.5.0/src/tapctl/tap.c:111:30:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (s = szz; s[0]; s += _tcslen(s) + 1)
data/openvpn-2.5.0/src/tapctl/tap.c:131:41:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (LPCTSTR s = szzHay; s[0]; s += _tcslen(s) + 1)
data/openvpn-2.5.0/src/tapctl/tap.c:794:44:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            (const BYTE *)szHwId, (DWORD)((_tcslen(szHwId) + 1) * sizeof(TCHAR))))
data/openvpn-2.5.0/src/tapctl/tap.c:1120:23:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t ncmdline = _tcslen(szFmt) + _tcslen(szOldName) + _tcslen(szName) + 1;
data/openvpn-2.5.0/src/tapctl/tap.c:1120:40:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t ncmdline = _tcslen(szFmt) + _tcslen(szOldName) + _tcslen(szName) + 1;
data/openvpn-2.5.0/src/tapctl/tap.c:1120:61:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t ncmdline = _tcslen(szFmt) + _tcslen(szOldName) + _tcslen(szName) + 1;
data/openvpn-2.5.0/src/tapctl/tap.c:1239:61:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                for (LPTSTR s = szzDeviceHardwareIDs;; s += _tcslen(s) + 1)
data/openvpn-2.5.0/src/tapctl/tap.c:1311:29:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t name_size = (_tcslen(szName) + 1) * sizeof(TCHAR);
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_auth_token.c:235:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      + strlen(SESSION_ID_PREFIX) + 2*sizeof(uint64_t);
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_auth_token.c:236:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memset(hmacstart, 0x8d, strlen(hmacstart));
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_buffer.c:56:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    assert_int_equal(BLEN(buf), strlen(str)); \
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_buffer.c:145:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buffer_list_aggregate_separator(ctx->one_two_three, strlen(expected) + 1,
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_crypto.c:98:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (int i = 0; i < strlen(ciphername); i++)
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_tls_crypt.c:119:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    struct buffer ret = alloc_buf_gc(strlen(pem_str) + 1, gc);
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_tls_crypt.c:120:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf_write(&ret, pem_str, strlen(pem_str) + 1);
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_tls_crypt.c:169:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf_write(&ctx->source, plaintext, strlen(plaintext));
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_tls_crypt.c:173:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf_write(&ctx->ciphertext, ciphertext, strlen(ciphertext));
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_tls_crypt.c:552:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  strlen(test_server_key));
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_tls_crypt.c:566:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  strlen(test_client_key));
data/openvpn-2.5.0/tests/unit_tests/openvpn/test_tls_crypt.c:585:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen(test_client_key_metadata));

ANALYSIS SUMMARY:

Hits = 977
Lines analyzed = 129364 in approximately 2.95 seconds (43786 lines/second)
Physical Source Lines of Code (SLOC) = 90995
Hits@level = [0] 266 [1] 400 [2] 473 [3]  18 [4]  82 [5]   4
Hits@level+ = [0+] 1243 [1+] 977 [2+] 577 [3+] 104 [4+]  86 [5+]   4
Hits/KSLOC@level+ = [0+] 13.6601 [1+] 10.7369 [2+] 6.34101 [3+] 1.14292 [4+] 0.945107 [5+] 0.0439585
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.