Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/osmo-bsc-1.6.1+dfsg1/include/compat_af_isdn.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/mISDNif.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/a_reset.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/abis_nm.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/abis_om2000.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/abis_rsl.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/acc_ramp.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/arfcn_range_encode.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/assignment_fsm.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/bsc_msc_data.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/bsc_msg_filter.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/bsc_rll.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/bsc_subscr_conn_fsm.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/bsc_subscriber.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/bss.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/bts_ipaccess_nanobts_omlattr.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/chan_alloc.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/codec_pref.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/ctrl.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/debug.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/e1_config.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/gsm_04_08_rr.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/gsm_04_80.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/gsm_08_08.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/gsm_data.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_decision.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_decision_2.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_fsm.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_vty.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/ipaccess.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/lchan_fsm.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/lchan_rtp_fsm.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/lchan_select.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/meas_feed.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/meas_rep.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/misdn.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/neighbor_ident.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/network_listen.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/openbscdefines.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/osmo_bsc.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/osmo_bsc_grace.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/osmo_bsc_lcls.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/osmo_bsc_reset.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/osmo_bsc_rf.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/osmo_bsc_sigtran.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/osmux.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/paging.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/pcu_if.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/pcuif_proto.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/penalty_timers.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/rest_octets.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/rs232.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/signal.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/smscb.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/system_information.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/timeslot_fsm.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/ussd.h
Examining data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/vty.h
Examining data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/abisip-find.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-config.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-firmware.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-proxy.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/stubs.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/network_listen.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/libfilter/bsc_msg_acc.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/libfilter/bsc_msg_filter.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/libfilter/bsc_msg_vty.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/a_reset.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_bs11.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm_ipaccess.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm_vty.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_rsl.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/acc_ramp.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/arfcn_range_encode.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/assignment_fsm.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_ctrl_commands.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_ctrl_lookup.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_init.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_rf_ctrl.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_rll.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_subscr_conn_fsm.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_subscriber.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_ericsson_rbs2000.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_init.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_ipaccess_nanobts.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_ipaccess_nanobts_omlattr.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_nokia_site.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_siemens_bs11.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_sysmobts.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_unknown.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/cbch_scheduler.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/cbsp_link.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/chan_alloc.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/codec_pref.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/e1_config.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/gsm_04_08_rr.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/gsm_04_80_utils.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/gsm_08_08.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/gsm_data.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_cfg.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_decision.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_decision_2.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_fsm.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_logic.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_vty.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/lchan_fsm.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/lchan_rtp_fsm.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/lchan_select.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/meas_feed.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/meas_rep.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/neighbor_ident.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/neighbor_ident_vty.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/net_init.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_bssap.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_ctrl.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_filter.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_grace.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_lcls.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_main.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_mgcp.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_msc.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_sigtran.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_vty.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/paging.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/pcu_sock.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/penalty_timers.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/rest_octets.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/smscb.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/system_information.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/timeslot_fsm.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/utils/isdnsync.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_db.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_db.h
Examining data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_json.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_pcap2db.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_udp2db.c
Examining data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_vis.c
Examining data/osmo-bsc-1.6.1+dfsg1/tests/abis/abis_test.c
Examining data/osmo-bsc-1.6.1+dfsg1/tests/bsc/bsc_test.c
Examining data/osmo-bsc-1.6.1+dfsg1/tests/codec_pref/codec_pref_test.c
Examining data/osmo-bsc-1.6.1+dfsg1/tests/gsm0408/gsm0408_test.c
Examining data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c
Examining data/osmo-bsc-1.6.1+dfsg1/tests/handover/neighbor_ident_test.c
Examining data/osmo-bsc-1.6.1+dfsg1/tests/nanobts_omlattr/nanobts_omlattr_test.c
Examining data/osmo-bsc-1.6.1+dfsg1/tests/subscr/bsc_subscr_test.c
FINAL RESULTS:
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1309:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)sw->file_id, file_id);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1311:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)sw->file_version, file_version);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000.c:2482:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "Fault Report: %s (",
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_fsm.c:101:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_fsm.c:107:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_fsm.c:114:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_fsm.c:120:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_fsm.c:128:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_fsm.c:135:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_fsm.c:143:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_fsm.c:150:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), LOG_FMT_HO_SCOPE, LOG_ARGS_HO_SCOPE(conn));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/neighbor_ident.c:55:47: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define APPEND_STR(fmt, args...) APPEND_THING(snprintf, fmt, ##args)
data/osmo-bsc-1.6.1+dfsg1/tests/subscr/bsc_subscr_test.c:36:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(#val " == " fmt "\n", (val)); \
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/abisip-find.c:88:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hb:i:lt:j",
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-config.c:980:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "Gu:o:i:g:rn:S:U:l:L:hs:d:f:wcpqH", long_options,
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-proxy.c:1156:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hsTe:l:b:g:",
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1823:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
from_lchan = find_used_voice_lchan(vty, random());
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1842:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
from_lchan = find_used_voice_lchan(vty, random());
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1861:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
from_lchan = find_used_voice_lchan(vty, random());
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_main.c:134:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hd:DsTVc:e:r:t",
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_main.c:863:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c:810:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hp:s:S:td:Dw:fra:",
data/osmo-bsc-1.6.1+dfsg1/tests/gsm0408/gsm0408_test.c:435:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(1);
data/osmo-bsc-1.6.1+dfsg1/tests/gsm0408/gsm0408_test.c:447:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
min_freq = random() % (1023 - range);
data/osmo-bsc-1.6.1+dfsg1/tests/gsm0408/gsm0408_test.c:450:28: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int arfcn = min_freq + random() % (range + 1);
data/osmo-bsc-1.6.1+dfsg1/include/mISDNif.h:292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MISDN_MAX_IDLEN];
data/osmo-bsc-1.6.1+dfsg1/include/mISDNif.h:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MISDN_MAX_IDLEN];
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/bsc_subscriber.h:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[GSM23003_IMSI_MAX_DIGITS+1];
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/gsm_data.h:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msc_rtp_addr[INET_ADDRSTRLEN];
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/gsm_data.h:194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cell_id_serving_name[64];
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/gsm_data.h:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cell_id_target_name[64];
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/gsm_data.h:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msc_assigned_rtp_addr[INET_ADDRSTRLEN];
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/gsm_data.h:289:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msc_assigned_rtp_addr[INET_ADDRSTRLEN];
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/gsm_data.h:1032:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[MAX_VERSION_LENGTH];
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/gsm_data.h:1033:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub_model[MAX_VERSION_LENGTH];
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/gsm_data.h:1040:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcu_version[MAX_VERSION_LENGTH];
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/gsm_data.h:1279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[INET6_ADDRSTRLEN];
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:33:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (bool)(atoi(arg));
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:84:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"", "handover algorithm", "1|2", atoi, "%d", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:96:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover1 ", "window rxlev averaging", "<1-10>", atoi, "%u", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:103:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover1 ", "window rxqual averaging", "<1-10>", atoi, "%u", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:110:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover1 ", "window rxlev neighbor averaging", "<1-10>", atoi, "%u", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:118:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover1 ", "power budget interval", "<1-99>", atoi, "%u", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:125:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover1 ", "power budget hysteresis", "<0-999>", atoi, "%u", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:132:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover1 ", "maximum distance" , "<0-9999>", atoi, "%u", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:142:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover2 ", "window rxlev averaging", "<1-10>", atoi, "%u", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:149:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover2 ", "window rxqual averaging", "<1-10>", atoi, "%u", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:156:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover2 ", "window rxlev neighbor averaging", "<1-10>", atoi, "%u", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:164:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover2 ", "power budget interval", "<1-99>", atoi, "%u", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:171:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover2 ", "power budget hysteresis", "<0-999>", atoi, "%u", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:178:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover2 ", "maximum distance" , "<0-9999>", atoi, "%u", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:199:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover2 ", "min rxlev", "<-110--50>", atoi, "%d", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:206:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover2 ", "min rxqual", "<0-7>", atoi, "%d", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:213:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover2 ", "afs-bias rxlev", "<0-20>", atoi, "%d", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:220:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover2 ", "afs-bias rxqual", "<0-7>", atoi, "%d", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:227:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover2 ", "min-free-slots tch/f", "<0-9999>", atoi, "%d", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:234:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover2 ", "min-free-slots tch/h", "<0-9999>", atoi, "%d", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:241:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover2 ", "max-handovers", "<1-9999>", atoi, "%d", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:247:59: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover2 ", "penalty-time max-distance", "<0-99999>", atoi, "%d", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:255:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover2 ", "penalty-time failed-ho", "<0-99999>", atoi, "%d", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:263:64: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover2 ", "penalty-time failed-assignment", "<0-99999>", atoi, "%d", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/handover_cfg.h:271:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"handover2 ", "retries", "<0-9>", atoi, "%d", as_is, \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/ipaccess.h:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[GSM23003_IMSI_MAX_DIGITS+1];
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/meas_feed.h:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[15+1];
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/meas_feed.h:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[31+1];
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/meas_feed.h:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scenario[31+1];
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/pcuif_proto.h:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[TXT_MAX_LEN]; /* Text to be transmitted to BTS */
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/abisip-find.c:384:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[255];
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-config.c:281:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oml_ip[20] = {0};
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-config.c:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit_id[40] = {0};
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-config.c:693:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-config.c:735:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[4096];
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-config.c:745:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_fd = open(filename, O_WRONLY | O_CREAT, 0660);
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-config.c:789:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-config.c:1030:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
net_listen_testnr = atoi(optarg);
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-config.c:1043:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stream_id = atoi(optarg);
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-firmware.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-proxy.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *id_tags[256];
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-proxy.c:356:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipbc->id_resp, msg->data, ipbc->id_resp_len);
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-proxy.c:978:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-proxy.c:1184:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_set_log_level(osmo_stderr_target, atoi(optarg));
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/network_listen.c:99:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload, phys_conf, phys_conf_len);
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/network_listen.c:152:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&test_rep_len, &foh->data[3], sizeof(uint16_t));
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/network_listen.c:161:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ferr_list_len, &foh->data[7], sizeof(uint16_t));
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/network_listen.c:173:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ferr_list_len, &foh->data[7], sizeof(uint16_t));
data/osmo-bsc-1.6.1+dfsg1/src/libfilter/bsc_msg_filter.c:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/osmo-bsc-1.6.1+dfsg1/src/libfilter/bsc_msg_filter.c:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/osmo-bsc-1.6.1+dfsg1/src/libfilter/bsc_msg_filter.c:217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/osmo-bsc-1.6.1+dfsg1/src/libfilter/bsc_msg_filter.c:244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/osmo-bsc-1.6.1+dfsg1/src/libfilter/bsc_msg_vty.c:125:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entry->cm_reject_cause = atoi(argv[2]);
data/osmo-bsc-1.6.1+dfsg1/src/libfilter/bsc_msg_vty.c:127:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entry->lu_reject_cause = atoi(argv[3]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:512:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit_id[40];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:556:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (!handle_attr(bts, str2btsattr((const char *)sw_descr[i].file_id),
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char next_seg_buf[256];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seg_buf[256];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char more_magic[4];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1287:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_id[12+1];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_version[80+1];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1291:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sw->fd = open(fname, O_RDONLY);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1324:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)sw->file_id, "id");
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1326:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)sw->file_version, "version");
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1739:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, attr, attr_len);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1757:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, attr, attr_len);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2010:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, attr, att_len);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2027:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, rawmsg, len);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2196:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, attr, attr_len);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2454:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char swl_fname[PATH_MAX];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2464:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[PATH_MAX];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2482:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[255];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2487:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
swl = fopen(bs11_sw->swl_fname, "r");
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2498:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_id[12+1];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2499:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_version[80+1];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2501:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dir[PATH_MAX];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2849:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, attr, attr_len);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2894:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr + 6, &ia.s_addr, sizeof(uint32_t));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2941:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&_buf->rac, &ci, sizeof(ci));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm_vty.c:93:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm_vty.c:107:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->obj_inst[0] = atoi(argv[2]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm_vty.c:108:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->obj_inst[1] = atoi(argv[3]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm_vty.c:109:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->obj_inst[2] = atoi(argv[4]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm_vty.c:127:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm_vty.c:140:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->obj_class = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm_vty.c:141:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->obj_inst[0] = atoi(argv[2]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm_vty.c:142:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->obj_inst[1] = atoi(argv[3]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm_vty.c:143:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->obj_inst[2] = atoi(argv[4]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000.c:789:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mo_buf[64];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000.c:1824:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idbuf[64];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000.c:2087:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idbuf[32];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000.c:2302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idbuf[16];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000.c:2375:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iwd_v->gen_char, cur, 3);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000.c:2377:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iwd_v->rev_char, cur, 3);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000.c:2398:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_cur, last_v->gen_char, 3);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000.c:2400:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_cur, last_v->rev_char, 3);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000.c:2473:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[255];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000.c:2490:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string + strlen(string), "%d", k + i*8);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000.c:2496:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string + strlen(string), ")\n");
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:90:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:110:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->mo.bts = atoi(argv[2]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:111:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->mo.assoc_so = atoi(argv[3]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:112:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->mo.inst = atoi(argv[4]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:130:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:143:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->mo.class = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:144:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->mo.bts = atoi(argv[2]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:145:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->mo.assoc_so = atoi(argv[3]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:146:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oms->mo.inst = atoi(argv[4]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:230:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int oper = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:322:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t cgid = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:350:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t cgid = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:379:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t ccp = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:380:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t ci = atoi(argv[2]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:381:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t tei = atoi(argv[3]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:401:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t ccp = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:402:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t ci = atoi(argv[2]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:403:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t tag = atoi(argv[3]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:447:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t icp1 = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:448:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t icp2 = atoi(argv[2]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000_vty.c:449:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t ci = atoi(argv[3]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_rsl.c:157:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, len);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_rsl.c:168:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, lchan->encr.key, lchan->encr.key_len);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_rsl.c:185:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_rsl.c:700:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l3h, l3_info, l3_info_len);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_rsl.c:1450:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ia->mob_alloc, lchan->ts->hopping.ma_data, ia->mob_alloc_len);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_ctrl_commands.c:381:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int locked = atoi(cmd->value);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_ctrl_commands.c:384:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char now_buf[64];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_ctrl_commands.c:417:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int locked = atoi(cmd->value);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_ctrl_commands.c:439:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tmp = atoi(value);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_ctrl_commands.c:462:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trx->max_power_red = atoi(cmd->value);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_rf_ctrl.c:307:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_subscriber.c:111:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_subscriber.c:125:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:546:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:581:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:593:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e1_link->e1_nr = atoi(line);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:594:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e1_link->e1_ts = atoi(ts);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:598:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e1_link->e1_ts_ss = atoi(ss);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1156:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1165:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trx_nr = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1251:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1260:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trx_nr = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1269:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ts_nr = atoi(argv[2]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1515:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1527:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trx_nr = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1539:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ts_nr = atoi(argv[2]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1551:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lchan_nr = atoi(argv[3]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1672:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1673:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int trx_nr = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1674:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int ts_nr = atoi(argv[2]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1675:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int ss_nr = atoi(argv[3]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1680:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr_new = atoi(argv[4]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1910:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1938:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1967:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->neci = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1981:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->pag_any_tch = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2004:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2128:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ci = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2146:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int lac = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2182:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bsic = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2203:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int site_id = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2204:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_id = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2269:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->nokia.skip_reset = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2289:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->nokia.no_loc_rel_cnf = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2309:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->nokia.bts_reset_timer_cnf = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2324:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int stream_id = atoi(argv[0]), linenr = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2324:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int stream_id = atoi(argv[0]), linenr = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2380:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->oml_tei = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2412:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.rach_control.tx_integer = atoi(argv[0]) & 0xf;
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2428:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.rach_control.max_trans = rach_max_trans_val2raw(atoi(argv[0]));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2443:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.chan_desc.att = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2462:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bs_pa_mfrms = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2482:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bs_ag_blks_res = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2504:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->ccch_load_ind_thresh = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2519:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->rach_b_thresh = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2532:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->rach_ldavg_slots = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2546:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.rach_control.cell_bar = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2562:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(argv[0]) == 0)
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2600:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
control_class = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2624:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->ms_max_power = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2639:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.cell_sel_par.cell_resel_hyst = atoi(argv[0])/2;
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2653:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.cell_sel_par.rxlev_acc_min = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2666:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.cell_ro_sel_par.cbq = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2681:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.cell_ro_sel_par.cell_resel_off = atoi(argv[0])/2;
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2695:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.cell_ro_sel_par.temp_offs = atoi(argv[0])/10;
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2723:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->si_common.cell_ro_sel_par.penalty_time = (atoi(argv[0])-20)/20;
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2751:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsm_bts_set_radio_link_timeout(bts, atoi(argv[0]));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2791:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->gprs.cell.bvci = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2809:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->gprs.nse.nsei = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2824:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int idx = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2831:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->gprs.nsvc[idx].nsvci = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2845:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int idx = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2852:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->gprs.nsvc[idx].local_port = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2866:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int idx = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2873:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->gprs.nsvc[idx].remote_port = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2886:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int idx = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2908:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->paging.free_chans_need = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2920:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2957:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:2986:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->gprs.rac = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3040:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->gprs.net_ctrl_ord = atoi(argv[0] + 2);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3076:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts->gprs.supports_egprs_11bit_rach = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3277:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t arfcn = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3314:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t arfcn = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3315:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t thresh_hi = atoi(argv[1]), thresh_lo = atoi(argv[2]),
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3315:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t thresh_hi = atoi(argv[1]), thresh_lo = atoi(argv[2]),
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3316:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prio = atoi(argv[3]), qrx = atoi(argv[4]), meas = atoi(argv[5]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3316:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prio = atoi(argv[3]), qrx = atoi(argv[4]), meas = atoi(argv[5]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3316:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prio = atoi(argv[3]), qrx = atoi(argv[4]), meas = atoi(argv[5]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3363:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t arfcn = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3382:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t arfcn = atoi(argv[0]), scramble = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3382:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t arfcn = atoi(argv[0]), scramble = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3384:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch(bts_uarfcn_add(bts, arfcn, scramble, atoi(argv[2]))) {
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3411:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (bts_uarfcn_del(bts, atoi(argv[0]), atoi(argv[1])) < 0) {
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3411:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (bts_uarfcn_del(bts, atoi(argv[0]), atoi(argv[1])) < 0) {
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3430:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t arfcn = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3522:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
error = acc_ramp_set_step_interval(&bts->acc_ramp, atoi(argv[0]));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3545:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
error = acc_ramp_set_step_size(&bts->acc_ramp, atoi(argv[0]));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3677:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int dep = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3709:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int dep = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3734:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mode = atoi(argv[i]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3751:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mr->gsm48_ie[1] |= 1 << atoi(argv[i]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3756:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mr->ms_mode[i].mode = atoi(argv[i]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3757:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mr->bts_mode[i].mode = atoi(argv[i]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3779:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
modes[i].threshold = atoi(argv[i + 1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3791:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
modes[i].hysteresis = atoi(argv[i + 1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3812:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (num < atoi(argv[0]))
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:3815:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mr_conf->smod = atoi(argv[0]) - 1;
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4135:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int trx_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4167:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int arfcn = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4194:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trx->nominal_power = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4205:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int maxpwr_r = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4261:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trx->rsl_tei = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4273:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int locked = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4287:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4359:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ts->tsc = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4373:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int enabled = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4395:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ts->hopping.hsn = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4409:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ts->hopping.maio = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4422:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int arfcn = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4442:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int arfcn = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4503:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4550:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4588:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4619:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4621:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int last_block = atoi(argv[2]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4681:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_nr = atoi(bts_str);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4682:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int trx_nr = atoi(trx_str);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4683:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ts_nr = atoi(ts_str);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4811:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ss_nr = atoi(argv[3]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4857:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
amr_mode = atoi(argv[6]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4889:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ss_nr = atoi(argv[3]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4932:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ss_nr = atoi(argv[3]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4933:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int port = atoi(argv[5]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:4967:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ctrl_cmd_send_trap(net->ctrl, argv[0], (char *) argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:5045:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->a5_encryption_mask |= (1 << atoi(argv[i]));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:5058:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->dyn_ts_allow_tch_f = atoi(argv[0]) ? true : false;
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:5076:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tzhr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:5077:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tzmn = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:5100:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tzhr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:5101:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tzmn = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:5102:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tzdst = atoi(argv[2]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:5136:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
d->val = atoi(argv[0]) / 6;
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:5165:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t port = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_ipaccess_nanobts.c:474:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[INET6_ADDRSTRLEN];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_ipaccess_nanobts_omlattr.c:35:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "\x55\x5b\x61\x67\x6d\x73", 6);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_ipaccess_nanobts_omlattr.c:53:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "\x1e\x24\x24\xa8\x34\x21\xa8", 7);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_ipaccess_nanobts_omlattr.c:59:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "\x00\x01\x0a", 3);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_ipaccess_nanobts_omlattr.c:114:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, bts->gprs.nse.timer, ARRAY_SIZE(bts->gprs.nse.timer));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_ipaccess_nanobts_omlattr.c:131:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, bts->gprs.cell.timer, ARRAY_SIZE(bts->gprs.cell.timer));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_nokia_site.c:708:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fu_config, fu_config_template, sizeof(fu_config_template));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_nokia_site.c:1011:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fu_config, bts_config_insite, sizeof(bts_config_insite));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_nokia_site.c:1019:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fu_config + len, bts_config_1, sizeof(bts_config_1));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_nokia_site.c:1028:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fu_config + len, bts_config_2, sizeof(bts_config_2));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_nokia_site.c:1036:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fu_config + len, bts_config_3, sizeof(bts_config_3));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_nokia_site.c:1041:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fu_config + len, bts_config_4, sizeof(bts_config_4));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_nokia_site.c:1086:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(noh->data, data, len_data);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_nokia_site.c:1208:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(noh->data, data, len_to_send);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_nokia_site.c:1223:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oh->data, data, len_to_send);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_nokia_site.c:1247:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oh->data, data, len_to_send);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_nokia_site.c:1384:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char indent[100] = ""; /* TODO: move static to BTS context */
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_nokia_site.c:1417:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(indent, " ");
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/cbsp_link.c:322:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cbc->config.cbc_port = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/cbsp_link.c:332:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cbc->config.listen_port = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/codec_pref.c:455:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, &res, sizeof(*c));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/gsm_04_08_rr.c:164:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(network->ctype_by_chreq, ctype_by_chreq, sizeof(ctype_by_chreq));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/gsm_04_08_rr.c:477:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lv + 1, gsm48_ie, 2);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/gsm_04_08_rr.c:525:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, si1->cell_channel_description,
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/gsm_08_08.c:237:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/gsm_08_08.c:613:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _dest_nr[35];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/gsm_08_08.c:638:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_dest_nr + 2, called.number, sizeof(called.number));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/gsm_08_08.c:640:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_dest_nr, called.number, sizeof(called.number));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/gsm_data.c:991:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ts2str[255];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_fsm.c:93:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_fsm.c:442:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&req->classmark.classmark2, e->val, len);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_fsm.c:655:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info.encr.key, req->ei.key, req->ei.key_len);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_fsm.c:765:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ho_perf_params.speech_codec_chosen, &sc, sizeof(sc));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_vty.c:94:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(arg);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/handover_vty.c:99:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[9];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/meas_feed.c:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scenario[31+1];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/meas_feed.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/neighbor_ident.c:79:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/neighbor_ident_vty.c:61:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
.arfcn = atoi(arfcn_str),
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/neighbor_ident_vty.c:67:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
key->bsic = atoi(bsic_str);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/neighbor_ident_vty.c:92:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
struct gsm_bts *bts = gsm_bts_num(g_net, atoi(bts_nr_str));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/neighbor_ident_vty.c:111:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
.id.lac = atoi(argv[0]),
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/neighbor_ident_vty.c:122:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
.lac = atoi(argv[0]),
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/neighbor_ident_vty.c:123:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
.ci = atoi(argv[1]),
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/neighbor_ident_vty.c:151:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cgi->lai.lac = atoi(lac);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/neighbor_ident_vty.c:152:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cgi->cell_identity = atoi(ci);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/neighbor_ident_vty.c:622:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
struct gsm_bts *bts = gsm_bts_num(g_net, atoi(argv[0]));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_bssap.c:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_bssap.c:442:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->lchan->encr.key, key, len);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_bssap.c:580:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&conn->lcls.global_call_ref, gcr, gcr_len);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_bssap.c:1123:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, msg->l3h + sizeof(*header), length - sizeof(*header));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_ctrl.c:447:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curloc->tstamp = atol(tstamp);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_ctrl.c:494:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tstamp = atol(tstampstr);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_ctrl.c:553:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tz->hr = atol(hourstr);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_ctrl.c:554:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tz->mn = minstr ? atol(minstr) : 0;
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_ctrl.c:555:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tz->dst = dststr ? atol(dststr) : 0;
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_ctrl.c:598:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tz_hours = atol(hourstr);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_ctrl.c:599:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tz_mins = atol(minstr);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_ctrl.c:600:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tz_dst = atol(dststr);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_ctrl.c:696:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cic = atoi(cic_str);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_ctrl.c:697:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
alert = atoi(alert_str);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_main.c:164:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_set_log_level(osmo_stderr_target, atoi(optarg));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_sigtran.c:485:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msc_name[32];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_vty.c:67:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int index = argc == 1 ? atoi(argv[0]) : 0;
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_vty.c:286:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->core_lac = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_vty.c:296:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->core_ci = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_vty.c:308:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->rtp_base = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_vty.c:344:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->audio_support[i]->ver = atoi(argv[i] + 2);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_vty.c:756:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->mid_call_timeout = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_vty.c:777:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->auto_off_timeout = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_vty.c:854:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[50];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_vty.c:895:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/pcu_sock.c:137:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info_ind->nse_timer, bts->gprs.nse.timer, 7);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/pcu_sock.c:138:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info_ind->cell_timer, bts->gprs.cell.timer, 11);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/pcu_sock.c:335:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi_digit_buf[4];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/pcu_sock.c:365:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l3h, data_req->data, data_req->len);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/pcu_sock.c:380:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tlli, data_req->data, 4);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/pcu_sock.c:388:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l3h, data_req->data + 4, data_req->len - 4);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/smscb.c:75:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(etws->data, sec_info, ETWS_PRIM_NOTIF_SIZE - sizeof(*etws));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/smscb.c:117:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/smscb.c:393:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg_param->content, cont->data, cont->user_len);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/smscb.c:879:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bts_nr = atoi(argv[0]);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/system_information.c:1248:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&si_info.selection_params,
data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c:133:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, obj_bbsig0_attr, sizeof(obj_bbsig0_attr));
data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c:345:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char retbuf[256];
data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c:351:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(retbuf, "BS11 ");
data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c:354:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(retbuf+strlen(retbuf), "Power Amplifier %d ",
data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c:358:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(retbuf+strlen(retbuf), "Line Interface ");
data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c:361:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(retbuf+strlen(retbuf), "CCLK ");
data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c:366:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(retbuf, "SITE MANAGER ");
data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c:369:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(retbuf+strlen(retbuf), "BPORT%u ",
data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c:566:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
abis_nm_bs11_set_pll(g_bts, atoi(value));
data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c:576:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
abis_nm_bs11_set_pll(g_bts, atoi(value));
data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c:833:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delay_ms = atoi(optarg);
data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c:836:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
win_size = atoi(optarg);
data/osmo-bsc-1.6.1+dfsg1/src/utils/isdnsync.c:91:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2048];
data/osmo-bsc-1.6.1+dfsg1/src/utils/isdnsync.c:177:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
card = atoi(argv[1]);
data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_pcap2db.c:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE+1];
data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_vis.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[32];
data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_vis.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *_lbl[1];
data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_vis.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[31+1];
data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_vis.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[15+1];
data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_vis.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[256];
data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_vis.c:155:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *dir_str[2] = {
data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_vis.c:185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[128];
data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_vis.c:264:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *header[1];
data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_vis.c:265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *title[1];
data/osmo-bsc-1.6.1+dfsg1/tests/bsc/bsc_test.c:90:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fprintf(stderr, "get_int(%s) -> %d\n", key, atoi(kv));
data/osmo-bsc-1.6.1+dfsg1/tests/bsc/bsc_test.c:95:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return kv ? atoi(kv) : def;
data/osmo-bsc-1.6.1+dfsg1/tests/bsc/bsc_test.c:152:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l3h, test_def->data, test_def->length);
data/osmo-bsc-1.6.1+dfsg1/tests/gsm0408/gsm0408_test.c:279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_parsed[GSM48_MI_SIZE];
data/osmo-bsc-1.6.1+dfsg1/tests/gsm0408/gsm0408_test.c:444:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rnd_arfcns_set[1024] = {0};
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[sizeof(lchan->conn->bsub->imsi)];
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1411:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
test_case_i = argc > 1? atoi(argv[1]) : -1;
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1464:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
algorithm = atoi(test_case[0]);
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1477:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(test_case[1]);
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1492:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ho_set_hodec2_as_active(bts[atoi(test_case[1])]->ho, atoi(test_case[2]));
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1492:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ho_set_hodec2_as_active(bts[atoi(test_case[1])]->ho, atoi(test_case[2]));
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1498:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ho_set_ho_active(bts[atoi(test_case[1])]->ho, atoi(test_case[2]));
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1498:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ho_set_ho_active(bts[atoi(test_case[1])]->ho, atoi(test_case[2]));
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1504:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ho_set_hodec2_afs_bias_rxlev(bts[atoi(test_case[1])]->ho, atoi(test_case[2]));
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1504:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ho_set_hodec2_afs_bias_rxlev(bts[atoi(test_case[1])]->ho, atoi(test_case[2]));
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1510:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ho_set_hodec2_afs_bias_rxqual(bts[atoi(test_case[1])]->ho, atoi(test_case[2]));
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1510:63: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ho_set_hodec2_afs_bias_rxqual(bts[atoi(test_case[1])]->ho, atoi(test_case[2]));
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1518:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ho_set_hodec2_tchf_min_slots(bts[atoi(test_case[1])]->ho, atoi(test_case[3]));
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1518:63: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ho_set_hodec2_tchf_min_slots(bts[atoi(test_case[1])]->ho, atoi(test_case[3]));
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1520:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ho_set_hodec2_tchh_min_slots(bts[atoi(test_case[1])]->ho, atoi(test_case[3]));
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1520:63: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ho_set_hodec2_tchh_min_slots(bts[atoi(test_case[1])]->ho, atoi(test_case[3]));
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1527:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ho_set_hodec2_ho_max( bts[atoi(test_case[1])]->ho, atoi(test_case[2]));
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1527:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ho_set_hodec2_ho_max( bts[atoi(test_case[1])]->ho, atoi(test_case[2]));
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1534:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ho_set_hodec2_max_distance(bts[atoi(test_case[1])]->ho, atoi(test_case[2]));
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1534:60: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ho_set_hodec2_max_distance(bts[atoi(test_case[1])]->ho, atoi(test_case[2]));
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1541:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lchan[lchan_num] = create_lchan(bts[atoi(test_case[1])],
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1557:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
meas_ta_ms = atoi(test_case[2]);
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1562:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(test_case[4]);
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1563:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
struct gsm_lchan *lc = lchan[atoi(test_case[1])];
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1567:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
meas_dl_rxlev = atoi(test_case[2]);
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1568:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
meas_dl_rxqual = atoi(test_case[3]);
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1572:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nr = atoi(test_case[0]);
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1580:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
meas_bcch_f_nc[i] = atoi(test_case[0]);
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1582:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
meas_rxlev_nc[i] = atoi(test_case[1]);
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1608:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
!= atoi(test_case[1])) {
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1613:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (chan_req_lchan->ts->nr != atoi(test_case[2])) {
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1648:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
!= atoi(test_case[1])) {
data/osmo-bsc-1.6.1+dfsg1/tests/handover/handover_test.c:1654:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ho_req_lchan->ts->nr != atoi(test_case[2])) {
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/timeslot_fsm.h:14:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(!fmt || !*fmt || fmt[strlen(fmt)-1] != '\n') ? "\n" : ""); \
data/osmo-bsc-1.6.1+dfsg1/include/osmocom/bsc/timeslot_fsm.h:19:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(!fmt || !*fmt || fmt[strlen(fmt)-1] != '\n') ? "\n" : ""); \
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/abisip-find.c:152:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ifname));
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/abisip-find.c:155:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ifname));
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/abisip-find.c:249:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_len = strlen(out);
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-config.c:435:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msgb_tl16v_put(nmsg, NM_ATT_IPACC_UNIT_ID, strlen(unit_id)+1,
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-config.c:546:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(unit_id);
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-config.c:673:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
load->file_id_len = strlen((char*)load->file_id) + 1;
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-config.c:677:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
load->file_version_len = strlen((char*)load->file_version) + 1;
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-config.c:760:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &c, sizeof(c)) != sizeof(c)) {
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-config.c:849:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(unit_id) < 5)
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-firmware.c:49:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, buf, sizeof(*firmware_header));
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-firmware.c:87:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &table_size, sizeof(table_size)) != sizeof(table_size)) {
data/osmo-bsc-1.6.1+dfsg1/src/ipaccess/ipaccess-firmware.c:111:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, &entry, sizeof(entry));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1158:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line_buf) + 2;
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1165:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line_buf)+2;
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1169:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(sw->fd, &seg_buf, IPACC_SEGMENT_SIZE);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1245:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(sw->fd, &firmware_header, sizeof(firmware_header));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1303:8: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
rc = fscanf(sw->stream, "@(#)%12s:%80s\r\n",
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1310:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sw->file_id_len = strlen(file_id);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:1312:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sw->file_version_len = strlen(file_version);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2366:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen(name);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2374:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(name), (uint8_t *)name);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2388:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(password) != 10)
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2393:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fill_om_fom_hdr(oh, 2+strlen(password), NM_MT_BS11_SET_ATTR,
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2503:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(linebuf) < 4)
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2506:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
rc = sscanf(linebuf+4, "%12s:%80s\r\n", file_id, file_version);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2523:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fle->fname, dirname(dir), sizeof(fle->fname) - 1);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2524:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fle->fname, "/");
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2525:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fle->fname, file_id, sizeof(fle->fname) - 1 -strlen(fle->fname));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_nm.c:2525:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fle->fname, file_id, sizeof(fle->fname) - 1 -strlen(fle->fname));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000.c:2489:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(string + strlen(string), ",");
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000.c:2489:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(string + strlen(string), ",");
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000.c:2490:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(string + strlen(string), "%d", k + i*8);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_om2000.c:2496:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(string + strlen(string), ")\n");
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/abis_rsl.c:708:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, len = strlen(str_in);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_rf_ctrl.c:310:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd->fd, buf, sizeof(buf));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_rf_ctrl.c:467:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
local.sun_len = strlen(local.sun_path);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_rf_ctrl.c:472:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(local.sun_path) +
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1092:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(meas_scenario) > 0)
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bsc_vty.c:1315:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bsub->imsi))
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/bts_nokia_site.c:1416:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int indent_len = strlen(indent);
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/meas_feed.c:120:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(ofd->fd, buf, sizeof(buf));
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_vty.c:335:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[i]) != 3
data/osmo-bsc-1.6.1+dfsg1/src/osmo-bsc/osmo_bsc_vty.c:874:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
timestr[strlen(timestr)-1] = 0;
data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c:354:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(retbuf+strlen(retbuf), "Power Amplifier %d ",
data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c:358:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(retbuf+strlen(retbuf), "Line Interface ");
data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c:361:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(retbuf+strlen(retbuf), "CCLK ");
data/osmo-bsc-1.6.1+dfsg1/src/utils/bs11_config.c:369:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(retbuf+strlen(retbuf), "BPORT%u ",
data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_db.c:276:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc = sqlite3_prepare_v2(db, stmt, strlen(stmt)+1, \
data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_json.c:163:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(ofd->fd, msgb_data(msg), msgb_tailroom(msg));
data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_pcap2db.c:52:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mfm->scenario))
data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_udp2db.c:59:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mfm->scenario))
data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_udp2db.c:77:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(ofd->fd, msgb_data(msg), msgb_tailroom(msg));
data/osmo-bsc-1.6.1+dfsg1/src/utils/meas_vis.c:129:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(ofd->fd, msgb_data(msg), msgb_tailroom(msg));
data/osmo-bsc-1.6.1+dfsg1/tests/bsc/bsc_test.c:89:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kv += strlen(key) + 1;
ANALYSIS SUMMARY:
Hits = 503
Lines analyzed = 64345 in approximately 1.60 seconds (40213 lines/second)
Physical Source Lines of Code (SLOC) = 48159
Hits@level = [0] 581 [1] 56 [2] 422 [3] 12 [4] 13 [5] 0
Hits@level+ = [0+] 1084 [1+] 503 [2+] 447 [3+] 25 [4+] 13 [5+] 0
Hits/KSLOC@level+ = [0+] 22.5088 [1+] 10.4446 [2+] 9.28175 [3+] 0.519114 [4+] 0.269939 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.