Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/python-xeddsa-0.4.6/ref10/crypto_core/crypto_core.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_core/api.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_core/module.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_core/crypto_core_salsa20.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_core/core.c
Examining data/python-xeddsa-0.4.6/ref10/fastrandombytes/module.h
Examining data/python-xeddsa-0.4.6/ref10/fastrandombytes/fastrandombytes.c
Examining data/python-xeddsa-0.4.6/ref10/fastrandombytes/randombytes.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_add.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/montgomery.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_1.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_0.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_frombytes.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/crypto_scalarmult_curve25519.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/base.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_sub.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/scalarmult.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/crypto_scalarmult.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/pow225521.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_cswap.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/api.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_sq.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/module.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_mul121666.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_mul.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_tobytes.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_copy.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_invert.c
Examining data/python-xeddsa-0.4.6/ref10/include/crypto_uint64.h
Examining data/python-xeddsa-0.4.6/ref10/include/crypto_uint8.h
Examining data/python-xeddsa-0.4.6/ref10/include/crypto_uint32.h
Examining data/python-xeddsa-0.4.6/ref10/include/crypto_int64.h
Examining data/python-xeddsa-0.4.6/ref10/include/crypto_int32.h
Examining data/python-xeddsa-0.4.6/ref10/include/crypto_int16.h
Examining data/python-xeddsa-0.4.6/ref10/include/crypto_int8.h
Examining data/python-xeddsa-0.4.6/ref10/include/cross_platform.h
Examining data/python-xeddsa-0.4.6/ref10/include/crypto_uint16.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_verify/verify.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_verify/crypto_verify_32.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_verify/crypto_verify.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_verify/api.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_verify/module.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_rng/crypto_rng_salsa20.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_rng/api.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_rng/crypto_rng.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_rng/module.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_rng/rng.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_stream/crypto_stream_salsa20.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_stream/crypto_stream.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_stream/stream.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_stream/api.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_stream/module.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_stream/xor.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_frombytes.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_add.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_add.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_sub.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_double_scalarmult.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_sq2.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/pow22523.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/crypto_sign_ed25519.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/sc_muladd.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_add.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p2_dbl.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_neg.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_1.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_sub.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_msub.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_0.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_frombytes.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p1p1_to_p3.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p3_tobytes.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_isnonzero.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p3_dbl.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_sub.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/sign.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_isnegative.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/sc_reduce.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/pow225521.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_madd.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p3_0.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_cmov.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/crypto_sign.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_tobytes.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/api.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/open.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/base2.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p1p1_to_p2.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_sq.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/module.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/sqrtm1.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/d.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p2_dbl.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_precomp_0.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_pow22523.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_msub.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/base.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p3_to_cached.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_mul.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/keypair.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p3_to_p2.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_tobytes.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_copy.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_invert.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_madd.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/sc.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/d2.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p2_0.c
Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/getrandom2.c
Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/getrandom3.c
Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/getentropy2.c
Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/getentropy.c
Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/kernelrandombytes.h
Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/test.c
Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/getrandom.c
Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/module.h
Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/rtlgenrandom.c
Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/urandom.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_hashblocks/blocks.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_hashblocks/api.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_hashblocks/module.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_hashblocks/crypto_hashblocks.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_hashblocks/crypto_hashblocks_sha512.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_hash/hash.c
Examining data/python-xeddsa-0.4.6/ref10/crypto_hash/api.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_hash/crypto_hash_sha512.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_hash/module.h
Examining data/python-xeddsa-0.4.6/ref10/crypto_hash/crypto_hash.h
FINAL RESULTS:
data/python-xeddsa-0.4.6/ref10/crypto_hash/hash.c:12:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char iv[64] = {
data/python-xeddsa-0.4.6/ref10/crypto_hash/hash.c:27:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[64];
data/python-xeddsa-0.4.6/ref10/crypto_hash/hash.c:28:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char padded[256];
data/python-xeddsa-0.4.6/ref10/crypto_rng/rng.c:14:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char nonce[NONCEBYTES] = {0};
data/python-xeddsa-0.4.6/ref10/crypto_rng/rng.c:22:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x[KEYBYTES + OUTPUTBYTES];
data/python-xeddsa-0.4.6/ref10/crypto_rng/rng.c:24:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n,x,KEYBYTES);
data/python-xeddsa-0.4.6/ref10/crypto_rng/rng.c:25:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r,x + KEYBYTES,OUTPUTBYTES);
data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/base.c:3:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char basepoint[32] = {9};
data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/scalarmult.c:8:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e[32];
data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_isnegative.c:13:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[32];
data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_isnonzero.c:12:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char zero[32];
data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_isnonzero.c:16:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[32];
data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_double_scalarmult.c:48:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char aslide[256];
data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_double_scalarmult.c:49:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char bslide[256];
data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:66:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char e[64];
data/python-xeddsa-0.4.6/ref10/crypto_sign/keypair.c:9:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char az[64];
data/python-xeddsa-0.4.6/ref10/crypto_sign/open.c:14:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pkcopy[32];
data/python-xeddsa-0.4.6/ref10/crypto_sign/open.c:15:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rcopy[32];
data/python-xeddsa-0.4.6/ref10/crypto_sign/open.c:16:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char scopy[32];
data/python-xeddsa-0.4.6/ref10/crypto_sign/open.c:17:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[64];
data/python-xeddsa-0.4.6/ref10/crypto_sign/open.c:18:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rcheck[32];
data/python-xeddsa-0.4.6/ref10/crypto_sign/sign.c:13:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pk[32];
data/python-xeddsa-0.4.6/ref10/crypto_sign/sign.c:14:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char az[64];
data/python-xeddsa-0.4.6/ref10/crypto_sign/sign.c:15:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[64];
data/python-xeddsa-0.4.6/ref10/crypto_sign/sign.c:16:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hram[64];
data/python-xeddsa-0.4.6/ref10/crypto_stream/stream.c:12:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char sigma[16] = "expand 32-byte k";
data/python-xeddsa-0.4.6/ref10/crypto_stream/stream.c:20:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[16];
data/python-xeddsa-0.4.6/ref10/crypto_stream/stream.c:21:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[64];
data/python-xeddsa-0.4.6/ref10/crypto_stream/stream.c:22:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kcopy[32];
data/python-xeddsa-0.4.6/ref10/crypto_stream/xor.c:12:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char sigma[16] = "expand 32-byte k";
data/python-xeddsa-0.4.6/ref10/crypto_stream/xor.c:21:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[16];
data/python-xeddsa-0.4.6/ref10/crypto_stream/xor.c:22:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[64];
data/python-xeddsa-0.4.6/ref10/crypto_stream/xor.c:23:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kcopy[32];
data/python-xeddsa-0.4.6/ref10/fastrandombytes/fastrandombytes.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char g[crypto_rng_KEYBYTES];
data/python-xeddsa-0.4.6/ref10/fastrandombytes/fastrandombytes.c:12:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char r[crypto_rng_OUTPUTBYTES];
data/python-xeddsa-0.4.6/ref10/fastrandombytes/fastrandombytes.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x,r + pos,ready);
data/python-xeddsa-0.4.6/ref10/kernelrandombytes/test.c:3:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x[65536];
data/python-xeddsa-0.4.6/ref10/kernelrandombytes/urandom.c:15:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom",O_RDONLY);
data/python-xeddsa-0.4.6/ref10/crypto_rng/rng.c:11:12: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
KEYBYTES mismatch!
data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:4:22: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static unsigned char equal(signed char b,signed char c)
data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:41:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,&base[pos][0],equal(babs,1));
data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:42:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,&base[pos][1],equal(babs,2));
data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:43:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,&base[pos][2],equal(babs,3));
data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:44:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,&base[pos][3],equal(babs,4));
data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:45:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,&base[pos][4],equal(babs,5));
data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:46:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,&base[pos][5],equal(babs,6));
data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:47:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,&base[pos][6],equal(babs,7));
data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:48:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,&base[pos][7],equal(babs,8));
data/python-xeddsa-0.4.6/ref10/kernelrandombytes/urandom.c:24:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = read(fd,x,i);
ANALYSIS SUMMARY:
Hits = 49
Lines analyzed = 7515 in approximately 0.30 seconds (24747 lines/second)
Physical Source Lines of Code (SLOC) = 5492
Hits@level = [0] 0 [1] 11 [2] 38 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 49 [1+] 49 [2+] 38 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 8.92207 [1+] 8.92207 [2+] 6.91916 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.