Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/python-crypto-2.6.1/src/inc-msvc/stdint.h
Examining data/python-crypto-2.6.1/src/inc-msvc/config.h
Examining data/python-crypto-2.6.1/src/DES.c
Examining data/python-crypto-2.6.1/src/SHA256.c
Examining data/python-crypto-2.6.1/src/hash_template.c
Examining data/python-crypto-2.6.1/src/ARC4.c
Examining data/python-crypto-2.6.1/src/pycrypto_compat.h
Examining data/python-crypto-2.6.1/src/hash_SHA2_template.c
Examining data/python-crypto-2.6.1/src/libtom/tomcrypt_math.h
Examining data/python-crypto-2.6.1/src/libtom/tomcrypt_hash.h
Examining data/python-crypto-2.6.1/src/libtom/tomcrypt_prng.h
Examining data/python-crypto-2.6.1/src/libtom/tomcrypt_des.c
Examining data/python-crypto-2.6.1/src/libtom/tomcrypt_misc.h
Examining data/python-crypto-2.6.1/src/libtom/tomcrypt_cfg.h
Examining data/python-crypto-2.6.1/src/libtom/tomcrypt_custom.h
Examining data/python-crypto-2.6.1/src/libtom/tomcrypt.h
Examining data/python-crypto-2.6.1/src/libtom/tomcrypt_cipher.h
Examining data/python-crypto-2.6.1/src/libtom/tomcrypt_macros.h
Examining data/python-crypto-2.6.1/src/libtom/tomcrypt_pk.h
Examining data/python-crypto-2.6.1/src/libtom/tomcrypt_mac.h
Examining data/python-crypto-2.6.1/src/libtom/tomcrypt_pkcs.h
Examining data/python-crypto-2.6.1/src/libtom/tomcrypt_argchk.h
Examining data/python-crypto-2.6.1/src/SHA512.c
Examining data/python-crypto-2.6.1/src/hash_SHA2.h
Examining data/python-crypto-2.6.1/src/SHA224.c
Examining data/python-crypto-2.6.1/src/strxor.c
Examining data/python-crypto-2.6.1/src/_counter.h
Examining data/python-crypto-2.6.1/src/SHA384.c
Examining data/python-crypto-2.6.1/src/cast5.c
Examining data/python-crypto-2.6.1/src/Blowfish-tables.h
Examining data/python-crypto-2.6.1/src/XOR.c
Examining data/python-crypto-2.6.1/src/CAST.c
Examining data/python-crypto-2.6.1/src/MD4.c
Examining data/python-crypto-2.6.1/src/AES.c
Examining data/python-crypto-2.6.1/src/winrand.c
Examining data/python-crypto-2.6.1/src/Blowfish.c
Examining data/python-crypto-2.6.1/src/MD2.c
Examining data/python-crypto-2.6.1/src/stream_template.c
Examining data/python-crypto-2.6.1/src/ARC2.c
Examining data/python-crypto-2.6.1/src/_counter.c
Examining data/python-crypto-2.6.1/src/RIPEMD160.c
Examining data/python-crypto-2.6.1/src/DES3.c
Examining data/python-crypto-2.6.1/src/_fastmath.c
Examining data/python-crypto-2.6.1/src/block_template.c
FINAL RESULTS:
data/python-crypto-2.6.1/src/ARC2.c:185:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->xkey, key, keylength);
data/python-crypto-2.6.1/src/ARC4.c:35:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char state[256];
data/python-crypto-2.6.1/src/Blowfish.c:202:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->S1, initial_S1, 256*sizeof(uint32_t));
data/python-crypto-2.6.1/src/Blowfish.c:203:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->S2, initial_S2, 256*sizeof(uint32_t));
data/python-crypto-2.6.1/src/Blowfish.c:204:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->S3, initial_S3, 256*sizeof(uint32_t));
data/python-crypto-2.6.1/src/Blowfish.c:205:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->S4, initial_S4, 256*sizeof(uint32_t));
data/python-crypto-2.6.1/src/CAST.c:354:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(key, abuf, 16);
data/python-crypto-2.6.1/src/CAST.c:355:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(key, bbuf, 16);
data/python-crypto-2.6.1/src/CAST.c:441:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, 8);
data/python-crypto-2.6.1/src/CAST.c:449:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, 8);
data/python-crypto-2.6.1/src/MD2.c:90:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->buf, src->buf, dest->count);
data/python-crypto-2.6.1/src/MD2.c:91:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->X, src->X, 48);
data/python-crypto-2.6.1/src/MD2.c:92:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->C, src->C, 16);
data/python-crypto-2.6.1/src/MD2.c:102:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->buf+self->count, buf, L);
data/python-crypto-2.6.1/src/MD2.c:112:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->X+16, self->buf, 16);
data/python-crypto-2.6.1/src/MD2.c:139:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp, self, sizeof(hash_state));
data/python-crypto-2.6.1/src/MD4.c:75:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->buf, src->buf, dest->count);
data/python-crypto-2.6.1/src/MD4.c:92:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->buf+self->count, buf, L);
data/python-crypto-2.6.1/src/MD4.c:187:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp, self, sizeof(hash_state));
data/python-crypto-2.6.1/src/RIPEMD160.c:168:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->h, initial_h, RIPEMD160_DIGEST_SIZE);
data/python-crypto-2.6.1/src/RIPEMD160.c:331:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&self->buf.b[self->bufpos], p, bytes_needed);
data/python-crypto-2.6.1/src/RIPEMD160.c:342:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&self->buf.b[self->bufpos], p, length);
data/python-crypto-2.6.1/src/RIPEMD160.c:351:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, source, sizeof(ripemd160_state));
data/python-crypto-2.6.1/src/RIPEMD160.c:388:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &tmp.h, RIPEMD160_DIGEST_SIZE);
data/python-crypto-2.6.1/src/RIPEMD160.c:411:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DIGEST_SIZE];
data/python-crypto-2.6.1/src/XOR.c:37:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[MAX_KEY_SIZE];
data/python-crypto-2.6.1/src/_counter.c:114:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->val, PyBytes_AS_STRING(prefix), PyBytes_GET_SIZE(prefix));
data/python-crypto-2.6.1/src/_counter.c:115:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->p, PyBytes_AS_STRING(initval), self->nbytes);
data/python-crypto-2.6.1/src/_counter.c:116:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->p + self->nbytes, PyBytes_AS_STRING(suffix), PyBytes_GET_SIZE(suffix));
data/python-crypto-2.6.1/src/block_template.c:66:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[BLOCK_SIZE], oldCipher[BLOCK_SIZE];
data/python-crypto-2.6.1/src/block_template.c:253:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->IV, IV, IVlen);
data/python-crypto-2.6.1/src/block_template.c:266:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[BLOCK_SIZE];
data/python-crypto-2.6.1/src/block_template.c:321:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->IV, buffer+i, BLOCK_SIZE);
data/python-crypto-2.6.1/src/block_template.c:335:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->IV, buffer + i, BLOCK_SIZE);
data/python-crypto-2.6.1/src/block_template.c:341:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->IV + BLOCK_SIZE - sz, buffer + i,
data/python-crypto-2.6.1/src/block_template.c:355:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->IV, temp, BLOCK_SIZE);
data/python-crypto-2.6.1/src/block_template.c:498:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[BLOCK_SIZE];
data/python-crypto-2.6.1/src/block_template.c:549:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->oldCipher, self->IV, BLOCK_SIZE);
data/python-crypto-2.6.1/src/block_template.c:569:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->IV, str + i, BLOCK_SIZE);
data/python-crypto-2.6.1/src/block_template.c:575:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->IV + BLOCK_SIZE - sz, str + i,
data/python-crypto-2.6.1/src/block_template.c:589:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->IV, temp, BLOCK_SIZE);
data/python-crypto-2.6.1/src/block_template.c:659:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->IV, PyBytes_AsString(v), BLOCK_SIZE);
data/python-crypto-2.6.1/src/hash_SHA2.h:101:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BLOCK_SIZE];
data/python-crypto-2.6.1/src/hash_SHA2_template.c:184:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest,src,sizeof(hash_state));
data/python-crypto-2.6.1/src/hash_SHA2_template.c:191:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[DIGEST_SIZE];
data/python-crypto-2.6.1/src/libtom/tomcrypt_cipher.h:28:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char K[33][16];
data/python-crypto-2.6.1/src/libtom/tomcrypt_cipher.h:68:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char S[32], start;
data/python-crypto-2.6.1/src/libtom/tomcrypt_cipher.h:81:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char safer_block_t[SAFER_BLOCK_LEN];
data/python-crypto-2.6.1/src/libtom/tomcrypt_cipher.h:82:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char safer_key_t[SAFER_KEY_LEN];
data/python-crypto-2.6.1/src/libtom/tomcrypt_cipher.h:114:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[10];
data/python-crypto-2.6.1/src/libtom/tomcrypt_cipher.h:212:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[MAXBLOCKSIZE],
data/python-crypto-2.6.1/src/libtom/tomcrypt_cipher.h:230:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[MAXBLOCKSIZE];
data/python-crypto-2.6.1/src/libtom/tomcrypt_cipher.h:244:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[MAXBLOCKSIZE];
data/python-crypto-2.6.1/src/libtom/tomcrypt_cipher.h:263:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ctr[MAXBLOCKSIZE],
data/python-crypto-2.6.1/src/libtom/tomcrypt_cipher.h:279:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[16],
data/python-crypto-2.6.1/src/libtom/tomcrypt_cipher.h:292:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char PC[16][256][16];
data/python-crypto-2.6.1/src/libtom/tomcrypt_cipher.h:307:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[MAXBLOCKSIZE],
data/python-crypto-2.6.1/src/libtom/tomcrypt_custom.h:37:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#ifdef memcpy
data/python-crypto-2.6.1/src/libtom/tomcrypt_custom.h:40:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define XMEMCPY memcpy
data/python-crypto-2.6.1/src/libtom/tomcrypt_des.c:68:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char pc1[56] = {
data/python-crypto-2.6.1/src/libtom/tomcrypt_des.c:75:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char totrot[16] = {
data/python-crypto-2.6.1/src/libtom/tomcrypt_des.c:82:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char pc2[48] = {
data/python-crypto-2.6.1/src/libtom/tomcrypt_des.c:1310:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pc1m[56], pcr[56];
data/python-crypto-2.6.1/src/libtom/tomcrypt_des.c:1691:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[8], txt[8], out[8];
data/python-crypto-2.6.1/src/libtom/tomcrypt_des.c:1797:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[8];
data/python-crypto-2.6.1/src/libtom/tomcrypt_des.c:1831:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[24], pt[8], ct[8], tmp[8];
data/python-crypto-2.6.1/src/libtom/tomcrypt_hash.h:6:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/python-crypto-2.6.1/src/libtom/tomcrypt_hash.h:14:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/python-crypto-2.6.1/src/libtom/tomcrypt_hash.h:22:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/python-crypto-2.6.1/src/libtom/tomcrypt_hash.h:30:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/python-crypto-2.6.1/src/libtom/tomcrypt_hash.h:38:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/python-crypto-2.6.1/src/libtom/tomcrypt_hash.h:46:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/python-crypto-2.6.1/src/libtom/tomcrypt_hash.h:52:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chksum[16], X[48], buf[16];
data/python-crypto-2.6.1/src/libtom/tomcrypt_hash.h:60:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/python-crypto-2.6.1/src/libtom/tomcrypt_hash.h:68:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/python-crypto-2.6.1/src/libtom/tomcrypt_hash.h:76:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/python-crypto-2.6.1/src/libtom/tomcrypt_hash.h:84:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/python-crypto-2.6.1/src/libtom/tomcrypt_hash.h:92:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/python-crypto-2.6.1/src/libtom/tomcrypt_hash.h:100:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char state[MAXBLOCKSIZE], buf[MAXBLOCKSIZE];
data/python-crypto-2.6.1/src/libtom/tomcrypt_hash.h:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[1];
data/python-crypto-2.6.1/src/libtom/tomcrypt_hash.h:361:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \
data/python-crypto-2.6.1/src/libtom/tomcrypt_mac.h:32:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[MAXBLOCKSIZE],
data/python-crypto-2.6.1/src/libtom/tomcrypt_mac.h:59:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */
data/python-crypto-2.6.1/src/libtom/tomcrypt_mac.h:106:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char N[MAXBLOCKSIZE];
data/python-crypto-2.6.1/src/libtom/tomcrypt_mac.h:142:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char L[MAXBLOCKSIZE], /* L value */
data/python-crypto-2.6.1/src/libtom/tomcrypt_mac.h:236:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char H[16], /* multiplier */
data/python-crypto-2.6.1/src/libtom/tomcrypt_mac.h:251:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char PC[16][256][16] /* 16 tables of 8x128 */
data/python-crypto-2.6.1/src/libtom/tomcrypt_mac.h:297:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char state[16];
data/python-crypto-2.6.1/src/libtom/tomcrypt_mac.h:315:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char K[3][MAXBLOCKSIZE],
data/python-crypto-2.6.1/src/libtom/tomcrypt_mac.h:347:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char akey[MAXBLOCKSIZE],
data/python-crypto-2.6.1/src/libtom/tomcrypt_prng.h:5:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pool[MAXBLOCKSIZE];
data/python-crypto-2.6.1/src/libtom/tomcrypt_prng.h:14:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256];
data/python-crypto-2.6.1/src/libtom/tomcrypt_prng.h:24:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char K[32], /* the current key */
data/python-crypto-2.6.1/src/libtom/tomcrypt_prng.h:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[1];
data/python-crypto-2.6.1/src/stream_template.c:160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, str, len);
data/python-crypto-2.6.1/src/stream_template.c:192:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, str, len);
data/python-crypto-2.6.1/src/strxor.c:104:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[7] = "\x00hello"; /* NUL + "hello" + NUL */
data/python-crypto-2.6.1/src/strxor.c:105:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char y[7] = "\xffworld"; /* 0xff + "world" + NUL */
data/python-crypto-2.6.1/src/strxor.c:106:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char z[9] = "[ABCDEFG]"; /* "[ABCDEFG]" + NUL */
data/python-crypto-2.6.1/src/strxor.c:115:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[7] = "\x00hello"; /* NUL + "hello" + NUL */
data/python-crypto-2.6.1/src/strxor.c:117:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char z[9] = "[ABCDEFG]"; /* "[ABCDEFG]" + NUL */
data/python-crypto-2.6.1/src/winrand.c:158:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, str, len);
data/python-crypto-2.6.1/src/libtom/tomcrypt_prng.h:95:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned long (*read)(unsigned char *out, unsigned long outlen, prng_state *prng);
ANALYSIS SUMMARY:
Hits = 103
Lines analyzed = 16522 in approximately 0.62 seconds (26725 lines/second)
Physical Source Lines of Code (SLOC) = 12459
Hits@level = [0] 21 [1] 1 [2] 102 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 124 [1+] 103 [2+] 102 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 9.95264 [1+] 8.26712 [2+] 8.18685 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.