Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/call_leg.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/cell_id_list.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/db.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/debug.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/e_link.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_04_08.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_04_11.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_04_11_gsup.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_04_14.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_04_80.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_09_11.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_data.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_data_shared.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_subscriber.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsup_client_mux.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/mncc.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/mncc_call.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/mncc_int.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_a.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_a_remote.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_common.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_ho.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_i.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_i_remote.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_roles.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_t.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_t_remote.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msub.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/neighbor_ident.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/osmux.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/paging.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/ran_conn.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/ran_infra.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/ran_msg.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/ran_msg_a.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/ran_msg_iu.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/ran_peer.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/rrlp.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/rtp_stream.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sccp_ran.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sdp_msg.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sgs_iface.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sgs_server.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sgs_vty.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/signal.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/silent_call.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/smpp.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sms_queue.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/transaction.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vlr.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vlr_sgs.h
Examining data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vty.h
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/call_leg.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/cell_id_list.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/ctrl_commands.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/db.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/e_link.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08_cc.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11_gsup.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_14.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_80.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_09_11.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsup_client_mux.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/mncc.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/mncc_builtin.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/mncc_call.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/mncc_sock.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_a.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_a_remote.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_ho.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_i.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_i_remote.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_net_init.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_t.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_t_remote.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/msub.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/neighbor_ident.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/neighbor_ident_vty.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/paging.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_conn.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_infra.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_iu.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_peer.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_up_l2.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/rrlp.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/rtp_stream.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/sccp_ran.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/sdp_msg.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_iface.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_server.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_vty.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/silent_call.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_openbsc.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.h
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_utils.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/sms_queue.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libmsc/transaction.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_access_req_fsm.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_access_req_fsm.h
Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_auth_fsm.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_auth_fsm.h
Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_core.h
Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_lu_fsm.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_lu_fsm.h
Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_sgs.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_sgs_fsm.c
Examining data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_sgs_fsm.h
Examining data/osmo-msc-1.6.2+dfsg1/src/osmo-msc/msc_main.c
Examining data/osmo-msc-1.6.2+dfsg1/src/utils/smpp_mirror.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/db_sms/db_sms_test.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/mncc/mncc_test.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_authen_reuse.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_call.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_gsm_authen.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_gsm_ciph.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_hlr_reject.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_hlr_timeout.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_ms_timeout.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_no_authen.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_reject_concurrency.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_rest.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_ss.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_test_umts_authen.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_tests.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_tests.h
Examining data/osmo-msc-1.6.2+dfsg1/tests/sdp_msg/sdp_msg_test.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/smpp/smpp_test.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/sms_queue/sms_queue_test.c
Examining data/osmo-msc-1.6.2+dfsg1/tests/stubs.c
FINAL RESULTS:
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_t.c:90:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rc = snprintf(ho_nr_str, sizeof(ho_nr_str), "%"PRIu64, ho_nr);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/sdp_msg.c:232:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(src, A_RTPMAP "%u", &payload_type) != 1)
data/osmo-msc-1.6.2+dfsg1/src/libmsc/sdp_msg.c:253:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(src, A_FMTP "%u", &payload_type) != 1)
data/osmo-msc-1.6.2+dfsg1/src/libmsc/sdp_msg.c:272:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(src, A_PTIME "%u", &sdp->ptime) != 1)
data/osmo-msc-1.6.2+dfsg1/src/libmsc/sdp_msg.c:373:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(src, "IN %s %s", ipv, addr_str) < 2)
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:150:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(acl->system_id, sys_id);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:159:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(smsc->system_id, argv[0]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:264:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(acl->passwd, argv[0]);
data/osmo-msc-1.6.2+dfsg1/tests/db_sms/db_sms_test.c:293:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(test->sms.text, ud->dec_text);
data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_tests.h:43:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LOG_COLOR " %4d:%s: " fmt LOG_COLOR_OFF "\n", \
data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_tests.h:46:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, fmt "\n", ## args ); \
data/osmo-msc-1.6.2+dfsg1/src/osmo-msc/msc_main.c:154:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hd:Dsl:TVc:e:CM:",
data/osmo-msc-1.6.2+dfsg1/src/osmo-msc/msc_main.c:628:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_tests.c:1110:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hv",
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_data.h:281:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[21+1];
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_data.h:299:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_id[16];
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/gsm_data.h:314:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[SMS_TEXT_SIZE];
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/mncc.h:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[16];
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/mncc.h:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdp[1024];
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/mncc.h:170:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[0];
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/mncc.h:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdp[1024];
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/msc_t.h:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handover_number[16]; /* No libosmocore definition for MSISDN_MAXLEN? */
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/neighbor_ident.h:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/neighbor_ident.h:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_ran_peer_pc_str[23];
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sdp_msg.h:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subtype_name[16];
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sdp_msg.h:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmtp[64];
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sgs_iface.h:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sockname[OSMO_SOCK_NAME_MAXLEN];
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sgs_iface.h:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fqdn[GSM23003_MME_DOMAIN_LEN + 1];
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sgs_server.h:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_addr[INET6_ADDRSTRLEN];
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/sgs_server.h:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vlr_name[SGS_VLR_NAME_MAXLEN];
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vlr.h:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[GSM23003_IMSI_MAX_DIGITS+1]; /* 2.1.1.1 */
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vlr.h:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msisdn[GSM23003_MSISDN_MAX_DIGITS+1]; /* 2.1.2 */
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vlr.h:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[VLR_NAME_LENGTH+1]; /* proprietary */
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vlr.h:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imeisv[GSM23003_IMEISV_NUM_DIGITS+1]; /* 2.2.3 */
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vlr.h:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imei[GSM23003_IMEI_NUM_DIGITS_NO_CHK+1]; /* 2.1.9 */
data/osmo-msc-1.6.2+dfsg1/include/osmocom/msc/vlr.h:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mme_name[SGS_MME_NAME_LEN + 1];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/db.c:248:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sms->user_data, user_data, user_data_len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/db.c:276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/db.c:592:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
db_rev = atoi(rev_s);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/e_link.c:90:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->remote_name, remote_name, remote_name_len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/e_link.c:366:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu->l2h, pdu_data, pdu_len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:142:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mid, mi, len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:315:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:637:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ar->rand, rand, 16);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:660:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:828:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:851:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:924:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, ar->sres, sizeof(ar->sres));
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:970:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res + 4, &data[2], ie_len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:1290:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gh->data+2, apdu, apdu_len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08_cc.c:244:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, mncc, sizeof(struct gsm_mncc));
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08_cc.c:1017:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&trans->cc.msg, disc, sizeof(struct gsm_mncc));
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08_cc.c:1110:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&trans->cc.msg, rel, sizeof(struct gsm_mncc));
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08_cc.c:1939:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&trans->cc.msg, data, sizeof(struct gsm_mncc));
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11.c:323:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(smsp, oa, oa_len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11.c:350:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(smsp, sms->user_data, octet_len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11.c:355:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(smsp, sms->user_data, sms->user_data_len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11.c:392:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(smsp, oa, oa_len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11.c:540:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(address_lv, smsp, da_len_bytes);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11.c:600:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gsms->user_data, smsp, gsm_get_octet_len(gsms->user_data_len));
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_11.c:612:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gsms->user_data, smsp, gsms->user_data_len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/mncc_call.c:96:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, mncc_msg, sizeof(*mncc_msg));
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_a.c:728:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_a.c:826:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_a.c:1023:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_a.c:1433:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, data, len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_t.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ho_nr_str[GSM23003_MSISDN_MAX_DIGITS+1];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:102:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->plmn.mcc = atoi(argv[0]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:163:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->a5_encryption_mask |= (1 << atoi(argv[i]));
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:185:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mask |= (1 << atoi(argv[i]));
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:239:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->send_mm_info = atoi(argv[0]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:256:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tzhr = atoi(argv[0]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:257:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tzmn = atoi(argv[1]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:280:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tzhr = atoi(argv[0]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:281:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tzmn = atoi(argv[1]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:282:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tzdst = atoi(argv[2]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:314:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
net->t3212 = atoi(argv[0]) / 6;
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:450:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->mncc_guard_timeout = atoi(argv[0]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:467:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->ncss_guard_timeout = atoi(argv[0]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:492:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->a.cs7_instance = atoi(argv[0]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:502:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->iu.cs7_instance = atoi(argv[0]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:516:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->vlr->cfg.auth_tuple_max_reuse_count = atoi(argv[0]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:526:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->vlr->cfg.auth_reuse_old_sets_on_error = atoi(argv[0]) ? true : false;
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:563:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->paging_response_timer = atoi(argv[0]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:738:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:817:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:870:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:1180:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return vlr_subscr_find_by_tmsi(gsmnet->vlr, atoi(id), VSUB_USE_VTY);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:1448:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = argc >= 6 ? atoi(argv[5]) : 4000;
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:1523:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
level = atoi(argv[2]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:1785:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sms_queue_set_max_pending(gsmnet->sms_queue, atoi(argv[0]));
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:1803:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sms_queue_set_max_failure(gsmnet->sms_queue, atoi(argv[0]));
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:1923:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gsmnet->gsup_server_port = atoi(argv[0]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msub.c:467:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[128];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/neighbor_ident.c:84:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/neighbor_ident_vty.c:188:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
.id.lac = atoi(argv[0]),
data/osmo-msc-1.6.2+dfsg1/src/libmsc/neighbor_ident_vty.c:199:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
.lac = atoi(argv[0]),
data/osmo-msc-1.6.2+dfsg1/src/libmsc/neighbor_ident_vty.c:200:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
.ci = atoi(argv[1]),
data/osmo-msc-1.6.2+dfsg1/src/libmsc/neighbor_ident_vty.c:228:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cgi->lai.lac = atoi(lac);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/neighbor_ident_vty.c:229:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cgi->cell_identity = atoi(ci);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_conn.c:88:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char id[42];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:181:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cm.classmark2, ie_cm2->val, cm.classmark2_len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:185:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cm.classmark3, ie_cm3->val, cm.classmark3_len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[OSMO_IMSI_BUF_SIZE];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:533:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(geran_encr.key, encr_info.key, encr_info.key_len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:552:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t*)&classmark.classmark1, ie_classmark1->val, ie_classmark1->len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:558:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t*)&classmark.classmark2, ie_classmark2->val, len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:587:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(classmark.classmark3, ie_classmark3->val, len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:993:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rtp_addr, &rtp_addr_in, sizeof(rtp_addr_in));
data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:1061:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16 * 2 + 1];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:1080:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ei.key, cm->vec->kc, sizeof(cm->vec->kc));
data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:1090:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cm->geran.chosen_key->key, ei.key, ei.key_len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_a.c:1138:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r.encryption_information.key,
data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_iu.c:81:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ran->l3h, ies->nas_pdu.buf, ies->nas_pdu.size);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_iu.c:106:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ran->l3h, nas_pdu->buf, nas_pdu->size);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_iu.c:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET_ADDRSTRLEN];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/ran_msg_iu.c:511:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/rtp_stream.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/sdp_msg.c:371:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv[10];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/sdp_msg.c:372:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[INET6_ADDRSTRLEN];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_iface.c:173:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mme_name, mme_name_enc, TLVP_LEN(tp, SGSAP_IE_MME_NAME));
data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_iface.c:935:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[GSM48_MI_SIZE];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_iface.c:936:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mme_name[SGS_MME_NAME_LEN + 1];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_vty.c:76:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sgs->cfg.local_port = atoi(argv[0]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_vty.c:115:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sgs->cfg.timer[i] = atoi(argv[1]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_vty.c:134:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sgs->cfg.counter[i] = atoi(argv[1]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_vty.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_buf[256];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_openbsc.c:258:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sms->user_data, sms_msg, sms_msg_len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_openbsc.c:297:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)submit_r->message_id, "msg_id_not_implemented");
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_openbsc.c:471:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tlv.value.octet, data, tlv.length);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_openbsc.c:698:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)deliver.service_type, "CMT");
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_openbsc.c:752:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, sms->user_data, udh_len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_openbsc.c:760:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(deliver.short_message, sms->user_data, deliver.sm_length);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:376:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SMALL_BUFF];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SMALL_BUFF];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:852:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, lenptr, sizeof(uint32_t));
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:945:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&esme->sa, s, esme->sa_len);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.h:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[21+1];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.h:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char system_id[SMPP_SYS_ID_LEN+1];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char system_id[SMPP_SYS_ID_LEN+1];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.h:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd[SMPP_PASSWD_LEN+1];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.h:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char system_id[SMPP_SYS_ID_LEN+1];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:134:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t port = atoi(argv[0]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:145:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t port = atoi(argv[1]);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:527:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[128], serv[128];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/sms_queue.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_msisdn[GSM23003_MSISDN_MAX_DIGITS+1];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/sms_queue.c:208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char started_with_msisdn[last_msisdn_buflen];
data/osmo-msc-1.6.2+dfsg1/src/libmsc/transaction.c:309:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char namebuf[32];
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:87:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:122:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name + maxlen - 2, "..");
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:564:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char apn_str[GSM_APN_LENGTH];
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:801:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vsub->hlr.buf, gsup_msg->hlr_enc,
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:848:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdp_data->qos_subscribed, pdp_info->qos_enc, pdp_info->qos_enc_len);
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:1128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_access_req_fsm.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[16];
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_access_req_fsm.c:644:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_lu_fsm.c:674:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[16];
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_sgs_fsm.c:369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char interim_fsm_id[256];
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_sgs_fsm.c:401:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fsm_id[256];
data/osmo-msc-1.6.2+dfsg1/src/osmo-msc/msc_main.c:183:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_set_log_level(osmo_stderr_target, atoi(optarg));
data/osmo-msc-1.6.2+dfsg1/src/utils/smpp_mirror.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char system_id[SMPP_SYS_ID_LEN+1];
data/osmo-msc-1.6.2+dfsg1/src/utils/smpp_mirror.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[SMPP_SYS_ID_LEN+1];
data/osmo-msc-1.6.2+dfsg1/src/utils/smpp_mirror.c:246:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, lenptr, sizeof(uint32_t));
data/osmo-msc-1.6.2+dfsg1/src/utils/smpp_mirror.c:361:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(argv[2]);
data/osmo-msc-1.6.2+dfsg1/tests/db_sms/db_sms_test.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dec_text[GSM340_UDL_SPT_MAX + 1];
data/osmo-msc-1.6.2+dfsg1/tests/db_sms/db_sms_test.c:291:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(test->sms.user_data, ud->data, sizeof(ud->data));
data/osmo-msc-1.6.2+dfsg1/tests/db_sms/db_sms_test.c:528:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *dbf = fopen("db_sms_test.db", "wb");
data/osmo-msc-1.6.2+dfsg1/tests/sdp_msg/sdp_msg_test.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/osmo-msc-1.6.2+dfsg1/tests/sdp_msg/sdp_msg_test.c:346:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/osmo-msc-1.6.2+dfsg1/tests/sdp_msg/sdp_msg_test.c:363:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/osmo-msc-1.6.2+dfsg1/tests/sdp_msg/sdp_msg_test.c:526:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/osmo-msc-1.6.2+dfsg1/tests/sms_queue/sms_queue_test.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_msisdn[GSM23003_MSISDN_MAX_DIGITS+1] = "";
data/osmo-msc-1.6.2+dfsg1/src/libmsc/e_link.c:133:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
.source_name_len = strlen(local_msc_name)+1, /* include terminating nul */
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:469:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(net->name_long);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:483:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = (strlen(net->name_long)*7)/8;
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:484:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_pad = (8 - strlen(net->name_long)*7)%8;
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:500:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(net->name_short);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:511:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = (strlen(net->name_short)*7)/8;
data/osmo-msc-1.6.2+dfsg1/src/libmsc/gsm_04_08.c:512:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_pad = (8 - strlen(net->name_short)*7)%8;
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_ho.c:489:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ipa_name));
data/osmo-msc-1.6.2+dfsg1/src/libmsc/msc_vty.c:766:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name, 30 - (int)strlen(name), "", \
data/osmo-msc-1.6.2+dfsg1/src/libmsc/sdp_msg.c:210:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_end = src + strlen(src);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/sgs_iface.c:962:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(imsi) < GSM23003_IMSI_MIN_DIGITS) {
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_openbsc.c:529:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t imei_len = strlen(vsub->imei);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:139:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sys_id) > SMPP_SYS_ID_LEN)
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:294:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(r->u.prefix.addr))) {
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:445:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(acl->passwd) &&
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:831:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(ofd->fd, lenptr + esme->read_idx, rdlen);
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_smsc.c:860:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(ofd->fd, msg->tail, OSMO_MIN(rdlen, msgb_tailroom(msg)));
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:156:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[0])+1 > sizeof(smsc->system_id))
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:192:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(smsc->system_id) > 0)
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:211:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(id) > 16) {
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:261:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[0])+1 > sizeof(acl->passwd))
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:283:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(str); i++) {
data/osmo-msc-1.6.2+dfsg1/src/libmsc/smpp_vty.c:575:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(acl->passwd))
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:118:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(name);
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:196:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gsup_msg->imsi) == 0)
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr.c:1136:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mi_string) >= sizeof(vsub->imsi)) {
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_auth_fsm.c:510:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vsub->imsi, mi_string, sizeof(vsub->imsi));
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_lu_fsm.c:1510:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lfp->imsi, imsi, sizeof(lfp->imsi)-1);
data/osmo-msc-1.6.2+dfsg1/src/libvlr/vlr_sgs_fsm.c:403:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(vsub->imsi) > 0) {
data/osmo-msc-1.6.2+dfsg1/src/utils/smpp_mirror.c:231:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(ofd->fd, lenptr + esme->read_idx, rdlen);
data/osmo-msc-1.6.2+dfsg1/src/utils/smpp_mirror.c:254:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(ofd->fd, msg->tail, OSMO_MIN(rdlen, msgb_tailroom(msg)));
data/osmo-msc-1.6.2+dfsg1/tests/mncc/mncc_test.c:27:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MNCC->sdp - ((char*)MNCC) + strlen(MNCC->sdp) + 1, 0); \
data/osmo-msc-1.6.2+dfsg1/tests/mncc/mncc_test.c:29:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MNCC->sdp - ((char*)MNCC) + strlen(MNCC->sdp), -EINVAL); \
data/osmo-msc-1.6.2+dfsg1/tests/msc_vlr/msc_vlr_tests.c:787:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OSMO_ASSERT(strlen(gsup_tx_expected) <= (sizeof(buf) * 2));
ANALYSIS SUMMARY:
Hits = 207
Lines analyzed = 49946 in approximately 1.28 seconds (39159 lines/second)
Physical Source Lines of Code (SLOC) = 36659
Hits@level = [0] 114 [1] 34 [2] 159 [3] 3 [4] 11 [5] 0
Hits@level+ = [0+] 321 [1+] 207 [2+] 173 [3+] 14 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 8.75638 [1+] 5.64664 [2+] 4.71917 [3+] 0.381898 [4+] 0.300063 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.