Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/call_leg.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/cell_id_list.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/db.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/debug.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/e_link.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_04_08.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_04_11.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_04_11_gsup.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_04_14.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_04_80.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_09_11.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_data.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_data_shared.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_subscriber.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsup_client_mux.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/mncc.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/mncc_call.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/mncc_int.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_a.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_a_remote.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_common.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_ho.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_i.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_i_remote.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_roles.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_t.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_t_remote.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msub.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/neighbor_ident.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/osmux.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/paging.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/ran_conn.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/ran_infra.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/ran_msg.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/ran_msg_a.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/ran_msg_iu.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/ran_peer.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/rrlp.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/rtp_stream.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sccp_ran.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sdp_msg.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sgs_iface.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sgs_server.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sgs_vty.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/signal.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/silent_call.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/smpp.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sms_queue.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/transaction.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vlr.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vlr_sgs.h Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vty.h Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/call_leg.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/cell_id_list.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/ctrl_commands.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/db.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/e_link.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08_cc.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11_gsup.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_14.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_80.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_09_11.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsup_client_mux.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/mncc.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/mncc_builtin.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/mncc_call.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/mncc_sock.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_a.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_a_remote.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_ho.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_i.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_i_remote.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_net_init.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_t.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_t_remote.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msub.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/neighbor_ident.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/neighbor_ident_vty.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/paging.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_conn.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_infra.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_iu.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_peer.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_up_l2.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/rrlp.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/rtp_stream.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/sccp_ran.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/sdp_msg.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_iface.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_server.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_vty.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/silent_call.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_openbsc.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.h Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_utils.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/sms_queue.c Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/transaction.c Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_access_req_fsm.c Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_access_req_fsm.h Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_auth_fsm.c Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_auth_fsm.h Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_core.h Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_lu_fsm.c Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_lu_fsm.h Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_sgs.c Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_sgs_fsm.c Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_sgs_fsm.h Examining data/osmo-msc-1.6.2+dfsg1/src/osmo-msc/msc_main.c Examining data/osmo-msc-1.6.2+dfsg1/src/utils/smpp_mirror.c Examining data/osmo-msc-1.6.2+dfsg1/tests/db_sms/db_sms_test.c Examining data/osmo-msc-1.6.2+dfsg1/tests/mncc/mncc_test.c Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_authen_reuse.c Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_call.c Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_gsm_authen.c Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_gsm_ciph.c Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_hlr_reject.c Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_hlr_timeout.c Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_ms_timeout.c Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_no_authen.c Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_reject_concurrency.c Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_rest.c Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_ss.c Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_umts_authen.c Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_tests.c Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_tests.h Examining data/osmo-msc-1.6.2+dfsg1/tests/sdp_msg/sdp_msg_test.c Examining data/osmo-msc-1.6.2+dfsg1/tests/smpp/smpp_test.c Examining data/osmo-msc-1.6.2+dfsg1/tests/sms_queue/sms_queue_test.c Examining data/osmo-msc-1.6.2+dfsg1/tests/stubs.c FINAL RESULTS: data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_t.c:90:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rc = snprintf(ho_nr_str, sizeof(ho_nr_str), "%"PRIu64, ho_nr); data/osmo-msc-1.6.2+dfsg1/src/libmsc/sdp_msg.c:232:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(src, A_RTPMAP "%u", &payload_type) != 1) data/osmo-msc-1.6.2+dfsg1/src/libmsc/sdp_msg.c:253:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(src, A_FMTP "%u", &payload_type) != 1) data/osmo-msc-1.6.2+dfsg1/src/libmsc/sdp_msg.c:272:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(src, A_PTIME "%u", &sdp->ptime) != 1) data/osmo-msc-1.6.2+dfsg1/src/libmsc/sdp_msg.c:373:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(src, "IN %s %s", ipv, addr_str) < 2) data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:150:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(acl->system_id, sys_id); data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:159:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(smsc->system_id, argv[0]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:264:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(acl->passwd, argv[0]); data/osmo-msc-1.6.2+dfsg1/tests/db_sms/db_sms_test.c:293:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(test->sms.text, ud->dec_text); data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_tests.h:43:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, LOG_COLOR " %4d:%s: " fmt LOG_COLOR_OFF "\n", \ data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_tests.h:46:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, fmt "\n", ## args ); \ data/osmo-msc-1.6.2+dfsg1/src/osmo-msc/msc_main.c:154:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "hd:Dsl:TVc:e:CM:", data/osmo-msc-1.6.2+dfsg1/src/osmo-msc/msc_main.c:628:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_tests.c:1110:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "hv", data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_data.h:281:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[21+1]; data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_data.h:299:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_id[16]; data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_data.h:314:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[SMS_TEXT_SIZE]; data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/mncc.h:158:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imsi[16]; data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/mncc.h:164:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sdp[1024]; data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/mncc.h:170:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[0]; data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/mncc.h:196:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sdp[1024]; data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_t.h:34:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char handover_number[16]; /* No libosmocore definition for MSISDN_MAXLEN? */ data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/neighbor_ident.h:21:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/neighbor_ident.h:32:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_ran_peer_pc_str[23]; data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sdp_msg.h:15:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subtype_name[16]; data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sdp_msg.h:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmtp[64]; data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sgs_iface.h:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sockname[OSMO_SOCK_NAME_MAXLEN]; data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sgs_iface.h:73:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fqdn[GSM23003_MME_DOMAIN_LEN + 1]; data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sgs_server.h:41:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_addr[INET6_ADDRSTRLEN]; data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sgs_server.h:44:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vlr_name[SGS_VLR_NAME_MAXLEN]; data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vlr.h:128:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imsi[GSM23003_IMSI_MAX_DIGITS+1]; /* 2.1.1.1 */ data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vlr.h:129:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msisdn[GSM23003_MSISDN_MAX_DIGITS+1]; /* 2.1.2 */ data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vlr.h:130:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[VLR_NAME_LENGTH+1]; /* proprietary */ data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vlr.h:147:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imeisv[GSM23003_IMEISV_NUM_DIGITS+1]; /* 2.2.3 */ data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vlr.h:148:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imei[GSM23003_IMEI_NUM_DIGITS_NO_CHK+1]; /* 2.1.9 */ data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vlr.h:189:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mme_name[SGS_MME_NAME_LEN + 1]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/db.c:248:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sms->user_data, user_data, user_data_len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/db.c:276:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/db.c:592:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). db_rev = atoi(rev_s); data/osmo-msc-1.6.2+dfsg1/src/libmsc/e_link.c:90:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->remote_name, remote_name, remote_name_len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/e_link.c:366:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdu->l2h, pdu_data, pdu_len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:142:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mid, mi, len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:315:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mi_string[GSM48_MI_SIZE]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:637:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ar->rand, rand, 16); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:660:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mi_string[GSM48_MI_SIZE]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:828:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mi_string[GSM48_MI_SIZE]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:851:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mi_string[GSM48_MI_SIZE]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:924:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, ar->sres, sizeof(ar->sres)); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:970:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res + 4, &data[2], ie_len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:1290:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gh->data+2, apdu, apdu_len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08_cc.c:244:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, mncc, sizeof(struct gsm_mncc)); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08_cc.c:1017:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&trans->cc.msg, disc, sizeof(struct gsm_mncc)); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08_cc.c:1110:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&trans->cc.msg, rel, sizeof(struct gsm_mncc)); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08_cc.c:1939:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&trans->cc.msg, data, sizeof(struct gsm_mncc)); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11.c:323:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(smsp, oa, oa_len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11.c:350:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(smsp, sms->user_data, octet_len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11.c:355:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(smsp, sms->user_data, sms->user_data_len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11.c:392:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(smsp, oa, oa_len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11.c:540:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(address_lv, smsp, da_len_bytes); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11.c:600:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsms->user_data, smsp, gsm_get_octet_len(gsms->user_data_len)); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11.c:612:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsms->user_data, smsp, gsms->user_data_len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/mncc_call.c:96:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, mncc_msg, sizeof(*mncc_msg)); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_a.c:728:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_a.c:826:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_a.c:1023:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_a.c:1433:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos, data, len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_t.c:78:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ho_nr_str[GSM23003_MSISDN_MAX_DIGITS+1]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:102:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gsmnet->plmn.mcc = atoi(argv[0]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:163:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gsmnet->a5_encryption_mask |= (1 << atoi(argv[i])); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:185:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mask |= (1 << atoi(argv[i])); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:239:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gsmnet->send_mm_info = atoi(argv[0]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:256:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int tzhr = atoi(argv[0]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:257:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int tzmn = atoi(argv[1]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:280:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int tzhr = atoi(argv[0]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:281:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int tzmn = atoi(argv[1]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:282:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int tzdst = atoi(argv[2]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:314:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). net->t3212 = atoi(argv[0]) / 6; data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:450:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gsmnet->mncc_guard_timeout = atoi(argv[0]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:467:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gsmnet->ncss_guard_timeout = atoi(argv[0]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:492:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gsmnet->a.cs7_instance = atoi(argv[0]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:502:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gsmnet->iu.cs7_instance = atoi(argv[0]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:516:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gsmnet->vlr->cfg.auth_tuple_max_reuse_count = atoi(argv[0]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:526:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gsmnet->vlr->cfg.auth_reuse_old_sets_on_error = atoi(argv[0]) ? true : false; data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:563:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gsmnet->paging_response_timer = atoi(argv[0]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:738:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:817:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:870:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:1180:47: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return vlr_subscr_find_by_tmsi(gsmnet->vlr, atoi(id), VSUB_USE_VTY); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:1448:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = argc >= 6 ? atoi(argv[5]) : 4000; data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:1523:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). level = atoi(argv[2]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:1785:47: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sms_queue_set_max_pending(gsmnet->sms_queue, atoi(argv[0])); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:1803:47: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sms_queue_set_max_failure(gsmnet->sms_queue, atoi(argv[0])); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:1923:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gsmnet->gsup_server_port = atoi(argv[0]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msub.c:467:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[128]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/neighbor_ident.c:84:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[128]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/neighbor_ident_vty.c:188:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). .id.lac = atoi(argv[0]), data/osmo-msc-1.6.2+dfsg1/src/libmsc/neighbor_ident_vty.c:199:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). .lac = atoi(argv[0]), data/osmo-msc-1.6.2+dfsg1/src/libmsc/neighbor_ident_vty.c:200:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). .ci = atoi(argv[1]), data/osmo-msc-1.6.2+dfsg1/src/libmsc/neighbor_ident_vty.c:228:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cgi->lai.lac = atoi(lac); data/osmo-msc-1.6.2+dfsg1/src/libmsc/neighbor_ident_vty.c:229:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cgi->cell_identity = atoi(ci); data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_conn.c:88:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char id[42]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:181:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cm.classmark2, ie_cm2->val, cm.classmark2_len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:185:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cm.classmark3, ie_cm3->val, cm.classmark3_len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:500:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imsi[OSMO_IMSI_BUF_SIZE]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:533:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(geran_encr.key, encr_info.key, encr_info.key_len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:552:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((uint8_t*)&classmark.classmark1, ie_classmark1->val, ie_classmark1->len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:558:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((uint8_t*)&classmark.classmark2, ie_classmark2->val, len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:587:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(classmark.classmark3, ie_classmark3->val, len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:993:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rtp_addr, &rtp_addr_in, sizeof(rtp_addr_in)); data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:1061:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16 * 2 + 1]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:1080:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ei.key, cm->vec->kc, sizeof(cm->vec->kc)); data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:1090:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cm->geran.chosen_key->key, ei.key, ei.key_len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:1138:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r.encryption_information.key, data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_iu.c:81:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ran->l3h, ies->nas_pdu.buf, ies->nas_pdu.size); data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_iu.c:106:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ran->l3h, nas_pdu->buf, nas_pdu->size); data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_iu.c:139:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[INET_ADDRSTRLEN]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_iu.c:511:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[32]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/rtp_stream.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/sdp_msg.c:371:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipv[10]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/sdp_msg.c:372:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET6_ADDRSTRLEN]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_iface.c:173:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mme_name, mme_name_enc, TLVP_LEN(tp, SGSAP_IE_MME_NAME)); data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_iface.c:935:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imsi[GSM48_MI_SIZE]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_iface.c:936:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mme_name[SGS_MME_NAME_LEN + 1]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_vty.c:76:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sgs->cfg.local_port = atoi(argv[0]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_vty.c:115:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sgs->cfg.timer[i] = atoi(argv[1]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_vty.c:134:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sgs->cfg.counter[i] = atoi(argv[1]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_vty.c:158:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_buf[256]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_openbsc.c:258:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sms->user_data, sms_msg, sms_msg_len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_openbsc.c:297:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char *)submit_r->message_id, "msg_id_not_implemented"); data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_openbsc.c:471:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tlv.value.octet, data, tlv.length); data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_openbsc.c:698:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char *)deliver.service_type, "CMT"); data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_openbsc.c:752:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, sms->user_data, udh_len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_openbsc.c:760:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(deliver.short_message, sms->user_data, deliver.sm_length); data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:376:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SMALL_BUFF]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:407:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SMALL_BUFF]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:852:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cur, lenptr, sizeof(uint32_t)); data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:945:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&esme->sa, s, esme->sa_len); data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.h:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[21+1]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.h:57:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char system_id[SMPP_SYS_ID_LEN+1]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.h:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char system_id[SMPP_SYS_ID_LEN+1]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.h:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passwd[SMPP_PASSWD_LEN+1]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.h:115:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char system_id[SMPP_SYS_ID_LEN+1]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:134:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint16_t port = atoi(argv[0]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:145:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint16_t port = atoi(argv[1]); data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:527:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[128], serv[128]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/sms_queue.c:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_msisdn[GSM23003_MSISDN_MAX_DIGITS+1]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/sms_queue.c:208:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char started_with_msisdn[last_msisdn_buflen]; data/osmo-msc-1.6.2+dfsg1/src/libmsc/transaction.c:309:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char namebuf[32]; data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:87:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[128]; data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:122:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name + maxlen - 2, ".."); data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:207:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:564:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char apn_str[GSM_APN_LENGTH]; data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:801:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vsub->hlr.buf, gsup_msg->hlr_enc, data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:848:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdp_data->qos_subscribed, pdp_info->qos_enc, pdp_info->qos_enc_len); data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:1128:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mi_string[GSM48_MI_SIZE]; data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_access_req_fsm.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imsi[16]; data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_access_req_fsm.c:644:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mi_string[GSM48_MI_SIZE]; data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_lu_fsm.c:674:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imsi[16]; data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_sgs_fsm.c:369:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char interim_fsm_id[256]; data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_sgs_fsm.c:401:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fsm_id[256]; data/osmo-msc-1.6.2+dfsg1/src/osmo-msc/msc_main.c:183:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_set_log_level(osmo_stderr_target, atoi(optarg)); data/osmo-msc-1.6.2+dfsg1/src/utils/smpp_mirror.c:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char system_id[SMPP_SYS_ID_LEN+1]; data/osmo-msc-1.6.2+dfsg1/src/utils/smpp_mirror.c:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char password[SMPP_SYS_ID_LEN+1]; data/osmo-msc-1.6.2+dfsg1/src/utils/smpp_mirror.c:246:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cur, lenptr, sizeof(uint32_t)); data/osmo-msc-1.6.2+dfsg1/src/utils/smpp_mirror.c:361:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(argv[2]); data/osmo-msc-1.6.2+dfsg1/tests/db_sms/db_sms_test.c:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dec_text[GSM340_UDL_SPT_MAX + 1]; data/osmo-msc-1.6.2+dfsg1/tests/db_sms/db_sms_test.c:291:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(test->sms.user_data, ud->data, sizeof(ud->data)); data/osmo-msc-1.6.2+dfsg1/tests/db_sms/db_sms_test.c:528:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *dbf = fopen("db_sms_test.db", "wb"); data/osmo-msc-1.6.2+dfsg1/tests/sdp_msg/sdp_msg_test.c:133:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024]; data/osmo-msc-1.6.2+dfsg1/tests/sdp_msg/sdp_msg_test.c:346:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; data/osmo-msc-1.6.2+dfsg1/tests/sdp_msg/sdp_msg_test.c:363:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024]; data/osmo-msc-1.6.2+dfsg1/tests/sdp_msg/sdp_msg_test.c:526:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/osmo-msc-1.6.2+dfsg1/tests/sms_queue/sms_queue_test.c:161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_msisdn[GSM23003_MSISDN_MAX_DIGITS+1] = ""; data/osmo-msc-1.6.2+dfsg1/src/libmsc/e_link.c:133:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). .source_name_len = strlen(local_msc_name)+1, /* include terminating nul */ data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:469:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_len = strlen(net->name_long); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:483:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_len = (strlen(net->name_long)*7)/8; data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:484:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_pad = (8 - strlen(net->name_long)*7)%8; data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:500:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_len = strlen(net->name_short); data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:511:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_len = (strlen(net->name_short)*7)/8; data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:512:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_pad = (8 - strlen(net->name_short)*7)%8; data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_ho.c:489:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(ipa_name)); data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:766:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name, 30 - (int)strlen(name), "", \ data/osmo-msc-1.6.2+dfsg1/src/libmsc/sdp_msg.c:210:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line_end = src + strlen(src); data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_iface.c:962:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(imsi) < GSM23003_IMSI_MIN_DIGITS) { data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_openbsc.c:529:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t imei_len = strlen(vsub->imei); data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:139:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(sys_id) > SMPP_SYS_ID_LEN) data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:294:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(r->u.prefix.addr))) { data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:445:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(acl->passwd) && data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:831:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(ofd->fd, lenptr + esme->read_idx, rdlen); data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:860:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(ofd->fd, msg->tail, OSMO_MIN(rdlen, msgb_tailroom(msg))); data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:156:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(argv[0])+1 > sizeof(smsc->system_id)) data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:192:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(smsc->system_id) > 0) data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:211:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(id) > 16) { data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:261:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(argv[0])+1 > sizeof(acl->passwd)) data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:283:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(str); i++) { data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:575:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(acl->passwd)) data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:118:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(name); data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:196:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(gsup_msg->imsi) == 0) data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:1136:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(mi_string) >= sizeof(vsub->imsi)) { data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_auth_fsm.c:510:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(vsub->imsi, mi_string, sizeof(vsub->imsi)); data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_lu_fsm.c:1510:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(lfp->imsi, imsi, sizeof(lfp->imsi)-1); data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_sgs_fsm.c:403:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vsub->imsi) > 0) { data/osmo-msc-1.6.2+dfsg1/src/utils/smpp_mirror.c:231:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(ofd->fd, lenptr + esme->read_idx, rdlen); data/osmo-msc-1.6.2+dfsg1/src/utils/smpp_mirror.c:254:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(ofd->fd, msg->tail, OSMO_MIN(rdlen, msgb_tailroom(msg))); data/osmo-msc-1.6.2+dfsg1/tests/mncc/mncc_test.c:27:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MNCC->sdp - ((char*)MNCC) + strlen(MNCC->sdp) + 1, 0); \ data/osmo-msc-1.6.2+dfsg1/tests/mncc/mncc_test.c:29:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MNCC->sdp - ((char*)MNCC) + strlen(MNCC->sdp), -EINVAL); \ data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_tests.c:787:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). OSMO_ASSERT(strlen(gsup_tx_expected) <= (sizeof(buf) * 2)); ANALYSIS SUMMARY: Hits = 207 Lines analyzed = 49946 in approximately 1.28 seconds (39159 lines/second) Physical Source Lines of Code (SLOC) = 36659 Hits@level = [0] 114 [1] 34 [2] 159 [3] 3 [4] 11 [5] 0 Hits@level+ = [0+] 321 [1+] 207 [2+] 173 [3+] 14 [4+] 11 [5+] 0 Hits/KSLOC@level+ = [0+] 8.75638 [1+] 5.64664 [2+] 4.71917 [3+] 0.381898 [4+] 0.300063 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.