Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/gsupclient/gsup_client.h
Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/auc.h
Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/ctrl.h
Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/db.h
Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/gsup_router.h
Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/gsup_server.h
Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/hlr.h
Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/hlr_ussd.h
Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/hlr_vty.h
Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/hlr_vty_subscr.h
Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/logging.h
Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/luop.h
Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/rand.h
Examining data/osmo-hlr-1.2.0+dfsg1/src/auc.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/ctrl.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/db.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/db_auc.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/db_debug.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/db_hlr.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/dbd_decode_binary.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/gsup_router.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/gsup_send.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/gsup_server.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/gsupclient/gsup_client.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/gsupclient/gsup_test_client.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/hlr.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/hlr_db_tool.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty_subscr.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/logging.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/luop.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/osmo-euse-demo.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/rand_fake.c
Examining data/osmo-hlr-1.2.0+dfsg1/src/rand_urandom.c
Examining data/osmo-hlr-1.2.0+dfsg1/tests/auc/auc_test.c
Examining data/osmo-hlr-1.2.0+dfsg1/tests/auc/gen_ts_55_205_test_sets/func_template.c
Examining data/osmo-hlr-1.2.0+dfsg1/tests/auc/gen_ts_55_205_test_sets/main_template.c
Examining data/osmo-hlr-1.2.0+dfsg1/tests/db/db_test.c
Examining data/osmo-hlr-1.2.0+dfsg1/tests/gsup_server/gsup_server_test.c
FINAL RESULTS:
data/osmo-hlr-1.2.0+dfsg1/src/hlr_db_tool.c:303:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(imsi_str, sizeof(imsi_str), "%" PRId64, imsi);
data/osmo-hlr-1.2.0+dfsg1/tests/auc/auc_test.c:40:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, #val " == " fmt "\n", (val)); \
data/osmo-hlr-1.2.0+dfsg1/tests/auc/auc_test.c:53:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
pos += snprintf(pos, sizeof(buf) - (pos - buf), \
data/osmo-hlr-1.2.0+dfsg1/tests/auc/gen_ts_55_205_test_sets/main_template.c:44:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, #val " == " fmt "\n", (val)); \
data/osmo-hlr-1.2.0+dfsg1/tests/auc/gen_ts_55_205_test_sets/main_template.c:57:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
pos += snprintf(pos, sizeof(buf) - (pos - buf), \
data/osmo-hlr-1.2.0+dfsg1/tests/db/db_test.c:55:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, #call " --> -ENOKEY\n"); \
data/osmo-hlr-1.2.0+dfsg1/tests/db/db_test.c:57:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, #call " --> -ENOTSUP\n"); \
data/osmo-hlr-1.2.0+dfsg1/tests/db/db_test.c:59:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, #call " --> " #expect_rc "\n"); \
data/osmo-hlr-1.2.0+dfsg1/tests/gsup_server/gsup_server_test.c:31:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(#val " == " fmt "\n", (val)); \
data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:747:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hc:l:d:Dse:TUV",
data/osmo-hlr-1.2.0+dfsg1/src/hlr_db_tool.c:107:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hl:d:sTe:UV",
data/osmo-hlr-1.2.0+dfsg1/tests/auc/auc_test.c:581:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hv",
data/osmo-hlr-1.2.0+dfsg1/tests/db/db_test.c:937:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hv",
data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/db.h:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[GSM23003_IMSI_MAX_DIGITS+1];
data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/db.h:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msisdn[GSM23003_MSISDN_MAX_DIGITS+1];
data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/db.h:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imei[GSM23003_IMEI_NUM_DIGITS+1];
data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/db.h:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vlr_number[32];
data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/db.h:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sgsn_number[32];
data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/db.h:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sgsn_address[GT_MAX_DIGITS+1];
data/osmo-hlr-1.2.0+dfsg1/src/gsupclient/gsup_test_client.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[17];
data/osmo-hlr-1.2.0+dfsg1/src/gsupclient/gsup_test_client.c:304:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi_buf[17] = { 0 };
data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msisdn[GSM23003_MSISDN_MAX_DIGITS + 1];
data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:483:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imei[GSM23003_IMEI_NUM_DIGITS_NO_CHK+1] = {0};
data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:537:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char namebuf[255];
data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:773:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_set_log_level(osmo_stderr_target, atoi(optarg));
data/osmo-hlr-1.2.0+dfsg1/src/hlr_db_tool.c:129:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_set_log_level(osmo_stderr_target, atoi(optarg));
data/osmo-hlr-1.2.0+dfsg1/src/hlr_db_tool.c:242:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[4096];
data/osmo-hlr-1.2.0+dfsg1/src/hlr_db_tool.c:243:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ki[128];
data/osmo-hlr-1.2.0+dfsg1/src/hlr_db_tool.c:298:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi_str[32];
data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[OSMO_IMSI_BUF_SIZE];
data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:326:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[GSM0480_USSD_7BIT_STRING_LEN+1];
data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[GSM0480_USSD_7BIT_STRING_LEN+1];
data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:475:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[128];
data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:476:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(addr, "EUSE-");
data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty.c:336:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_hlr->ncss_guard_timeout = atoi(argv[0]);
data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty.c:371:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rand_msisdn_len = atoi(argv[0]);
data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty_subscr.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datebuf[26]; /* for ctime_r(3) */
data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty_subscr.c:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imei_buf[GSM23003_IMEI_NUM_DIGITS_NO_CHK+1];
data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty_subscr.c:505:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ind_bitlen = argc > 6? atoi(argv[6]) : 5;
data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty_subscr.c:553:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imei_buf[GSM23003_IMEI_NUM_DIGITS_NO_CHK+1];
data/osmo-hlr-1.2.0+dfsg1/src/osmo-euse-demo.c:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[GSM0480_USSD_7BIT_STRING_LEN+1];
data/osmo-hlr-1.2.0+dfsg1/src/osmo-euse-demo.c:229:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
server_port = atoi(argv[2]);
data/osmo-hlr-1.2.0+dfsg1/src/rand_urandom.c:30:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rand_fd = open("/dev/urandom", O_RDONLY);
data/osmo-hlr-1.2.0+dfsg1/tests/auc/auc_test.c:46:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/osmo-hlr-1.2.0+dfsg1/tests/auc/auc_test.c:108:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rand, fake_rand, len);
data/osmo-hlr-1.2.0+dfsg1/tests/auc/gen_ts_55_205_test_sets/main_template.c:50:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/osmo-hlr-1.2.0+dfsg1/tests/auc/gen_ts_55_205_test_sets/main_template.c:97:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rand, fake_rand, len);
data/osmo-hlr-1.2.0+dfsg1/src/ctrl.c:44:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strncmp(str, start, strlen(start)) == 0;
data/osmo-hlr-1.2.0+dfsg1/src/ctrl.c:53:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val = by_selector + strlen(SEL_BY_IMSI);
data/osmo-hlr-1.2.0+dfsg1/src/ctrl.c:59:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val = by_selector + strlen(SEL_BY_MSISDN);
data/osmo-hlr-1.2.0+dfsg1/src/ctrl.c:67:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val = by_selector + strlen(SEL_BY_ID);
data/osmo-hlr-1.2.0+dfsg1/src/ctrl.c:112:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return by_selector + strlen(SEL_BY_IMSI);
data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:104:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(peer_compare) != peer_strlen || strncmp(peer_compare, (const char *)peer, peer_len)) {
data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:502:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(imei) != GSM23003_IMEI_NUM_DIGITS_NO_CHK) {
data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:504:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(imei), GSM23003_IMEI_NUM_DIGITS_NO_CHK);
data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:629:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gsup.imsi) < 5) { /* TODO: move this check to libosmogsm/gsup.c? */
data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:129:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(ussd_code, rt->prefix, strlen(rt->prefix))) {
data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:247:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ss->vlr_number_len = strlen(subscr.vlr_number) + 1;
data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:332:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(subscr.msisdn) == 0)
data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:478:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conn = gsup_route_find(conn->server, (uint8_t *)addr, strlen(addr)+1);
data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:546:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ss->vlr_number_len = strlen((const char *)gsup_rt->addr) + 1;
data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty_subscr.c:292:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(msisdn) > sizeof(subscr.msisdn) - 1) {
data/osmo-hlr-1.2.0+dfsg1/src/rand_urandom.c:37:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(rand_fd, rand, len);
ANALYSIS SUMMARY:
Hits = 63
Lines analyzed = 10170 in approximately 0.31 seconds (33274 lines/second)
Physical Source Lines of Code (SLOC) = 7373
Hits@level = [0] 126 [1] 16 [2] 34 [3] 4 [4] 9 [5] 0
Hits@level+ = [0+] 189 [1+] 63 [2+] 47 [3+] 13 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 25.6341 [1+] 8.54469 [2+] 6.37461 [3+] 1.76319 [4+] 1.22067 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.