Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/gsupclient/gsup_client.h Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/auc.h Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/ctrl.h Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/db.h Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/gsup_router.h Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/gsup_server.h Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/hlr.h Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/hlr_ussd.h Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/hlr_vty.h Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/hlr_vty_subscr.h Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/logging.h Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/luop.h Examining data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/rand.h Examining data/osmo-hlr-1.2.0+dfsg1/src/auc.c Examining data/osmo-hlr-1.2.0+dfsg1/src/ctrl.c Examining data/osmo-hlr-1.2.0+dfsg1/src/db.c Examining data/osmo-hlr-1.2.0+dfsg1/src/db_auc.c Examining data/osmo-hlr-1.2.0+dfsg1/src/db_debug.c Examining data/osmo-hlr-1.2.0+dfsg1/src/db_hlr.c Examining data/osmo-hlr-1.2.0+dfsg1/src/dbd_decode_binary.c Examining data/osmo-hlr-1.2.0+dfsg1/src/gsup_router.c Examining data/osmo-hlr-1.2.0+dfsg1/src/gsup_send.c Examining data/osmo-hlr-1.2.0+dfsg1/src/gsup_server.c Examining data/osmo-hlr-1.2.0+dfsg1/src/gsupclient/gsup_client.c Examining data/osmo-hlr-1.2.0+dfsg1/src/gsupclient/gsup_test_client.c Examining data/osmo-hlr-1.2.0+dfsg1/src/hlr.c Examining data/osmo-hlr-1.2.0+dfsg1/src/hlr_db_tool.c Examining data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c Examining data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty.c Examining data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty_subscr.c Examining data/osmo-hlr-1.2.0+dfsg1/src/logging.c Examining data/osmo-hlr-1.2.0+dfsg1/src/luop.c Examining data/osmo-hlr-1.2.0+dfsg1/src/osmo-euse-demo.c Examining data/osmo-hlr-1.2.0+dfsg1/src/rand_fake.c Examining data/osmo-hlr-1.2.0+dfsg1/src/rand_urandom.c Examining data/osmo-hlr-1.2.0+dfsg1/tests/auc/auc_test.c Examining data/osmo-hlr-1.2.0+dfsg1/tests/auc/gen_ts_55_205_test_sets/func_template.c Examining data/osmo-hlr-1.2.0+dfsg1/tests/auc/gen_ts_55_205_test_sets/main_template.c Examining data/osmo-hlr-1.2.0+dfsg1/tests/db/db_test.c Examining data/osmo-hlr-1.2.0+dfsg1/tests/gsup_server/gsup_server_test.c FINAL RESULTS: data/osmo-hlr-1.2.0+dfsg1/src/hlr_db_tool.c:303:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(imsi_str, sizeof(imsi_str), "%" PRId64, imsi); data/osmo-hlr-1.2.0+dfsg1/tests/auc/auc_test.c:40:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, #val " == " fmt "\n", (val)); \ data/osmo-hlr-1.2.0+dfsg1/tests/auc/auc_test.c:53:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. pos += snprintf(pos, sizeof(buf) - (pos - buf), \ data/osmo-hlr-1.2.0+dfsg1/tests/auc/gen_ts_55_205_test_sets/main_template.c:44:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, #val " == " fmt "\n", (val)); \ data/osmo-hlr-1.2.0+dfsg1/tests/auc/gen_ts_55_205_test_sets/main_template.c:57:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. pos += snprintf(pos, sizeof(buf) - (pos - buf), \ data/osmo-hlr-1.2.0+dfsg1/tests/db/db_test.c:55:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, #call " --> -ENOKEY\n"); \ data/osmo-hlr-1.2.0+dfsg1/tests/db/db_test.c:57:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, #call " --> -ENOTSUP\n"); \ data/osmo-hlr-1.2.0+dfsg1/tests/db/db_test.c:59:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, #call " --> " #expect_rc "\n"); \ data/osmo-hlr-1.2.0+dfsg1/tests/gsup_server/gsup_server_test.c:31:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(#val " == " fmt "\n", (val)); \ data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:747:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "hc:l:d:Dse:TUV", data/osmo-hlr-1.2.0+dfsg1/src/hlr_db_tool.c:107:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "hl:d:sTe:UV", data/osmo-hlr-1.2.0+dfsg1/tests/auc/auc_test.c:581:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "hv", data/osmo-hlr-1.2.0+dfsg1/tests/db/db_test.c:937:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "hv", data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/db.h:81:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imsi[GSM23003_IMSI_MAX_DIGITS+1]; data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/db.h:82:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msisdn[GSM23003_MSISDN_MAX_DIGITS+1]; data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/db.h:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imei[GSM23003_IMEI_NUM_DIGITS+1]; data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/db.h:85:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vlr_number[32]; data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/db.h:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sgsn_number[32]; data/osmo-hlr-1.2.0+dfsg1/include/osmocom/hlr/db.h:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sgsn_address[GT_MAX_DIGITS+1]; data/osmo-hlr-1.2.0+dfsg1/src/gsupclient/gsup_test_client.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imsi[17]; data/osmo-hlr-1.2.0+dfsg1/src/gsupclient/gsup_test_client.c:304:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imsi_buf[17] = { 0 }; data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:193:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msisdn[GSM23003_MSISDN_MAX_DIGITS + 1]; data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:483:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imei[GSM23003_IMEI_NUM_DIGITS_NO_CHK+1] = {0}; data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:537:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char namebuf[255]; data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:773:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_set_log_level(osmo_stderr_target, atoi(optarg)); data/osmo-hlr-1.2.0+dfsg1/src/hlr_db_tool.c:129:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_set_log_level(osmo_stderr_target, atoi(optarg)); data/osmo-hlr-1.2.0+dfsg1/src/hlr_db_tool.c:242:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char buf[4096]; data/osmo-hlr-1.2.0+dfsg1/src/hlr_db_tool.c:243:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ki[128]; data/osmo-hlr-1.2.0+dfsg1/src/hlr_db_tool.c:298:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imsi_str[32]; data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:153:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imsi[OSMO_IMSI_BUF_SIZE]; data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:326:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[GSM0480_USSD_7BIT_STRING_LEN+1]; data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:352:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[GSM0480_USSD_7BIT_STRING_LEN+1]; data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:475:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[128]; data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:476:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(addr, "EUSE-"); data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty.c:336:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_hlr->ncss_guard_timeout = atoi(argv[0]); data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty.c:371:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rand_msisdn_len = atoi(argv[0]); data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty_subscr.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datebuf[26]; /* for ctime_r(3) */ data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty_subscr.c:151:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imei_buf[GSM23003_IMEI_NUM_DIGITS_NO_CHK+1]; data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty_subscr.c:505:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int ind_bitlen = argc > 6? atoi(argv[6]) : 5; data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty_subscr.c:553:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imei_buf[GSM23003_IMEI_NUM_DIGITS_NO_CHK+1]; data/osmo-hlr-1.2.0+dfsg1/src/osmo-euse-demo.c:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[GSM0480_USSD_7BIT_STRING_LEN+1]; data/osmo-hlr-1.2.0+dfsg1/src/osmo-euse-demo.c:229:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). server_port = atoi(argv[2]); data/osmo-hlr-1.2.0+dfsg1/src/rand_urandom.c:30:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). rand_fd = open("/dev/urandom", O_RDONLY); data/osmo-hlr-1.2.0+dfsg1/tests/auc/auc_test.c:46:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; data/osmo-hlr-1.2.0+dfsg1/tests/auc/auc_test.c:108:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rand, fake_rand, len); data/osmo-hlr-1.2.0+dfsg1/tests/auc/gen_ts_55_205_test_sets/main_template.c:50:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; data/osmo-hlr-1.2.0+dfsg1/tests/auc/gen_ts_55_205_test_sets/main_template.c:97:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rand, fake_rand, len); data/osmo-hlr-1.2.0+dfsg1/src/ctrl.c:44:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strncmp(str, start, strlen(start)) == 0; data/osmo-hlr-1.2.0+dfsg1/src/ctrl.c:53:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). val = by_selector + strlen(SEL_BY_IMSI); data/osmo-hlr-1.2.0+dfsg1/src/ctrl.c:59:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). val = by_selector + strlen(SEL_BY_MSISDN); data/osmo-hlr-1.2.0+dfsg1/src/ctrl.c:67:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). val = by_selector + strlen(SEL_BY_ID); data/osmo-hlr-1.2.0+dfsg1/src/ctrl.c:112:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return by_selector + strlen(SEL_BY_IMSI); data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:104:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(peer_compare) != peer_strlen || strncmp(peer_compare, (const char *)peer, peer_len)) { data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:502:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(imei) != GSM23003_IMEI_NUM_DIGITS_NO_CHK) { data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:504:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(imei), GSM23003_IMEI_NUM_DIGITS_NO_CHK); data/osmo-hlr-1.2.0+dfsg1/src/hlr.c:629:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(gsup.imsi) < 5) { /* TODO: move this check to libosmogsm/gsup.c? */ data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:129:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(ussd_code, rt->prefix, strlen(rt->prefix))) { data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:247:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ss->vlr_number_len = strlen(subscr.vlr_number) + 1; data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:332:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(subscr.msisdn) == 0) data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:478:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). conn = gsup_route_find(conn->server, (uint8_t *)addr, strlen(addr)+1); data/osmo-hlr-1.2.0+dfsg1/src/hlr_ussd.c:546:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ss->vlr_number_len = strlen((const char *)gsup_rt->addr) + 1; data/osmo-hlr-1.2.0+dfsg1/src/hlr_vty_subscr.c:292:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(msisdn) > sizeof(subscr.msisdn) - 1) { data/osmo-hlr-1.2.0+dfsg1/src/rand_urandom.c:37:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read(rand_fd, rand, len); ANALYSIS SUMMARY: Hits = 63 Lines analyzed = 10170 in approximately 0.31 seconds (33274 lines/second) Physical Source Lines of Code (SLOC) = 7373 Hits@level = [0] 126 [1] 16 [2] 34 [3] 4 [4] 9 [5] 0 Hits@level+ = [0+] 189 [1+] 63 [2+] 47 [3+] 13 [4+] 9 [5+] 0 Hits/KSLOC@level+ = [0+] 25.6341 [1+] 8.54469 [2+] 6.37461 [3+] 1.76319 [4+] 1.22067 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.