Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/vsmartcard-3.3+dfsg/ccid/src/scutil.h
Examining data/vsmartcard-3.3+dfsg/ccid/src/usb.c
Examining data/vsmartcard-3.3+dfsg/ccid/src/ccid-types.h
Examining data/vsmartcard-3.3+dfsg/ccid/src/ccid.h
Examining data/vsmartcard-3.3+dfsg/ccid/src/scutil.c
Examining data/vsmartcard-3.3+dfsg/ccid/src/usbstring.c
Examining data/vsmartcard-3.3+dfsg/ccid/src/ccid.c
Examining data/vsmartcard-3.3+dfsg/ccid/src/usbstring.h
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/MacOSX/ifdhandler.h
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd/lock.c
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd/vpcd.c
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd/vpcd.h
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd/lock.h
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.h
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/src/pcsclite-vpcd/PCSC/pcsclite.h
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/src/pcsclite-vpcd/PCSC/ifdhandler.h
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/src/pcsclite-vpcd/PCSC/winscard.h
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/src/pcsclite-vpcd/PCSC/wintypes.h
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/src/pcsclite-vpcd/error.c
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/src/pcsclite-vpcd/misc.h
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/src/pcsclite-vpcd/winscard.c
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd-config/vpcd-config.c
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd-config/inet_ntop.c
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd-config/local-ip.c
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd-config/qransi.c
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/sectionLocker.h
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/sectionLocker.cpp
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/TcpIpReader.cpp
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/memory.cpp
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Queue.cpp
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.h
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.cpp
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/resource.h
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Queue.h
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/device.h
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/driver.h
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/driver.cpp
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/VpcdReader.cpp
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/DllMain.cpp
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/device.cpp
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/internal.h
Examining data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/memory.h
Examining data/vsmartcard-3.3+dfsg/TCardEmulator/src/tcardemulator.c
Examining data/vsmartcard-3.3+dfsg/TCardEmulator/src/sap.c
Examining data/vsmartcard-3.3+dfsg/TCardEmulator/inc/sap_app.h
Examining data/vsmartcard-3.3+dfsg/TCardEmulator/inc/tcardemulator.h
Examining data/vsmartcard-3.3+dfsg/pcsc-relay/src/pcsc.c
Examining data/vsmartcard-3.3+dfsg/pcsc-relay/src/lnfc.c
Examining data/vsmartcard-3.3+dfsg/pcsc-relay/src/opicc.c
Examining data/vsmartcard-3.3+dfsg/pcsc-relay/src/pcsc-relay.c
Examining data/vsmartcard-3.3+dfsg/pcsc-relay/src/pcsc-relay.h
Examining data/vsmartcard-3.3+dfsg/pcsc-relay/src/vicc.c
Examining data/vsmartcard-3.3+dfsg/pcsc-relay/src/vpcd-driver.c
FINAL RESULTS:
data/vsmartcard-3.3+dfsg/pcsc-relay/src/pcsc-relay.h:73:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (__VA_ARGS__);}
data/vsmartcard-3.3+dfsg/pcsc-relay/src/pcsc-relay.h:76:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (__VA_ARGS__);}
data/vsmartcard-3.3+dfsg/pcsc-relay/src/pcsc-relay.h:79:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (__VA_ARGS__);}
data/vsmartcard-3.3+dfsg/pcsc-relay/src/pcsc-relay.h:83:27: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (verbose >= 0) fprintf (stderr, __VA_ARGS__); \
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c:78:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(void)vsnprintf(debug_buffer, sizeof debug_buffer, fmt, argptr);
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/pcsclite-vpcd/winscard.c:139:18: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
length = snprintf(reader, *pcchReaderLen, reader_format_str, (uint32_t) Lun);
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/pcsclite-vpcd/winscard.c:146:18: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
length = snprintf(reader, 0, reader_format_str, (uint32_t) Lun);
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/pcsclite-vpcd/winscard.c:168:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (1 != sscanf(szReader, reader_format_str, &index)
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd-config/vpcd-config.c:59:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(command, IE_PATH);
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd-config/vpcd-config.c:60:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command, QR_SERVICE_URL);
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd-config/vpcd-config.c:61:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command, uri);
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd-config/vpcd-config.c:62:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd-config/vpcd-config.c:93:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(uri, "vpcd://%s:%d", ip, port);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:144:2: [4] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
swprintf(temp,L"\\\\.\\pipe\\%s",pipeName);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:146:2: [4] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
swprintf(temp,L"\\\\.\\pipe\\%s",pipeEventName);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:149:2: [4] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
swprintf(log,L"[BixVReader]Pipe created:%s:%p",pipeName,_pipe);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/sectionLocker.cpp:12:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logBuffer,"[BixVReader]Locking:Function:%s,Line:%i,Object:%p,Lock:%p",Function,Line,Object,section);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/sectionLocker.cpp:25:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logBuffer,"[BixVReader]Unlocking:Function:%s,Line:%i,Object:%p,Lock:%p",Function,Line,Object,section);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/sectionLocker.cpp:37:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logBuffer,"[BixVReader]Start section:%s",SectionName);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/sectionLocker.cpp:43:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logBuffer,"[BixVReader]End section:%s elapsed:%i",SectionName,end-start);
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:1546:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand ((int) time (0));
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd/lock.c:27:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(io_lock);
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd/lock.c:40:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(io_lock);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:38:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&eventSection);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:39:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&dataSection);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/TcpIpReader.cpp:23:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&eventSection);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/TcpIpReader.cpp:24:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&dataSection);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/VpcdReader.cpp:18:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&ioSection);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/device.h:33:9: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&m_RequestLock);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/sectionLocker.cpp:15:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(section);
data/vsmartcard-3.3+dfsg/TCardEmulator/src/sap.c:107:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(final_message, prefix, prefix_len);
data/vsmartcard-3.3+dfsg/TCardEmulator/src/sap.c:108:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(final_message + prefix_len * sizeof(char), message, message_len);
data/vsmartcard-3.3+dfsg/ccid/src/ccid.c:546:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(apdu->resp, Herstellername, apdu->resplen);
data/vsmartcard-3.3+dfsg/ccid/src/ccid.c:550:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(apdu->resp, Produktname, apdu->resplen);
data/vsmartcard-3.3+dfsg/ccid/src/ccid.c:554:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(apdu->resp, Firmwareversion, apdu->resplen);
data/vsmartcard-3.3+dfsg/ccid/src/ccid.c:558:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(apdu->resp, Treiberversion, apdu->resplen);
data/vsmartcard-3.3+dfsg/ccid/src/scutil.c:108:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1800];
data/vsmartcard-3.3+dfsg/ccid/src/scutil.c:124:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card_atr[0x3e];
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:813:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [USB_BUFSIZE];
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:816:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (name, O_RDWR);
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:826:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 4, fs, USB_DT_ENDPOINT_SIZE);
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:828:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 4 + USB_DT_ENDPOINT_SIZE,
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:856:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
status_fd = status_open (((char **) param)[0]);
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:1012:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *names[2];
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:1020:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char * interruptnames[1];
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:1074:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, &config, config.bLength);
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:1077:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, &source_sink_intf, sizeof source_sink_intf);
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:1081:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, &ccid_desc, sizeof ccid_desc);
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:1085:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, ep [i], USB_DT_ENDPOINT_SIZE);
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:1095:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [4096], *cp = &buf [0];
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:1111:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (DEVNAME, O_RDWR);
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:1132:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, &device_desc, sizeof device_desc);
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:1430:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[26];
data/vsmartcard-3.3+dfsg/pcsc-relay/src/lnfc.c:215:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, data->abtCapdu, data->iCapduLen);
data/vsmartcard-3.3+dfsg/pcsc-relay/src/opicc.c:64:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "%0lX:", (unsigned long) inlen);
data/vsmartcard-3.3+dfsg/pcsc-relay/src/opicc.c:71:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, " %02X", *next);
data/vsmartcard-3.3+dfsg/pcsc-relay/src/opicc.c:169:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
data->fd = fopen(PICCDEV, "a+"); /*O_NOCTTY ?*/
data/vsmartcard-3.3+dfsg/pcsc-relay/src/pcsc-relay.c:142:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outputBuffer[MAX_EXT_BUFFER_SIZE];
data/vsmartcard-3.3+dfsg/pcsc-relay/src/vicc.c:34:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char atr[256];
data/vsmartcard-3.3+dfsg/pcsc-relay/src/vpcd-driver.c:117:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recv, rapdu, size);
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debug_buffer[160]; /* up to 2 lines of 80 characters */
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _hostname[MAX_READERNAME];
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c:149:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_hostname, DeviceName, hostname_len);
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c:250:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Value, atr, size);
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c:407:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RxBuffer, rapdu, size);
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/pcsclite-vpcd/PCSC/pcsclite.h:53:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgbAtr[MAX_ATR_SIZE];
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/pcsclite-vpcd/error.c:82:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char strError[75];
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/pcsclite-vpcd/winscard.c:70:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &p, sizeof p);
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/pcsclite-vpcd/winscard.c:217:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _atr[MAX_ATR_SIZE];
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd-config/inet_ntop.c:8:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(srcaddr.sin_addr), src, sizeof(srcaddr.sin_addr));
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd-config/local-ip.c:38:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[20];
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd-config/vpcd-config.c:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[200];
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd-config/vpcd-config.c:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[60];
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/vpcd/vpcd.c:138:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _port[10];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:43:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t temp[300];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:44:2: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(temp,L"SCardSimulatorDriver%i",instance);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:46:2: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(temp,L"SCardSimulatorDriverEvents%i",instance);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:143:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t temp[300];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:148:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t log[300];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:156:5: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(log,L"[BixVReader]Pipe NOT connected:%x",GetLastError());
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:160:5: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(log,L"[BixVReader]Pipe connected");
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:165:5: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(log,L"[BixVReader]Event Pipe NOT connected:%x",GetLastError());
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:169:5: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(log,L"[BixVReader]Event Pipe connected");
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.cpp:40:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t log[300];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.cpp:41:2: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(log,L"[BixVReader]STATE:%08X",state);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.cpp:112:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t log[300];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.cpp:113:2: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(log,L"[BixVReader][SPRT]IOCTL_SMARTCARD_SET_PROTOCOL:%08X",requestedProtocol);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.cpp:191:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t log[300];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.cpp:192:3: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(log,L"[BixVReader][SATT]ERROR_NOT_SUPPORTED:%08X",minCode);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.cpp:230:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scardRequest+1,RAPDU,RAPDUSize);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.cpp:240:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t log[300]=L"";
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.cpp:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[300];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.cpp:244:2: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(log,L"[BixVReader][GATT] - code %0X",code);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.cpp:258:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp,"%S",pipe->pipeName);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.cpp:271:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp,"%S",pipe->pipeEventName);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.cpp:350:4: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(log,L"[BixVReader][GATT]ERROR_NOT_SUPPORTED:%08X",code);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.h:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendorName[300];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.h:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendorIfdType[300];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.h:49:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t pipeName[300];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/Reader.h:50:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t pipeEventName[300];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/TcpIpReader.cpp:122:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t log[300];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/TcpIpReader.cpp:144:6: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(log,L"[BixVReader]wsa err:%x",err);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/TcpIpReader.cpp:170:4: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(log,L"[BixVReader]Socket connected:%i",AcceptSocket);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/TcpIpReader.cpp:186:6: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(log,L"[BixVReader]wsa err:%x",err);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/TcpIpReader.cpp:210:4: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(log,L"[BixVReader]Event Socket connected:%i",AcceptEventSocket);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/VpcdReader.cpp:73:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ATR, atr, atr_len);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/device.cpp:80:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t name[10];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/device.cpp:81:9: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(name,L"DEV%i",i);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/device.cpp:100:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t log[300];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/device.cpp:101:5: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(log,L"[BixVReader][IOCT]IOCTL %08X - In %i Out %i",ControlCode,inBufSize,outBufSize);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/device.cpp:114:22: [2] (integer) _wtoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
instance=_wtoi(log+(logLen-2));
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/device.cpp:151:5: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(log,L"[BixVReader][IOCT]ERROR_NOT_SUPPORTED:%08X",ControlCode);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/device.cpp:235:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t section[300];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/device.cpp:236:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sectionA[300];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/device.cpp:237:9: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(section,L"Reader%i",i);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/device.cpp:238:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sectionA,"Reader%i",i);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/device.cpp:304:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t log[300];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/device.cpp:316:22: [2] (integer) _wtoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
instance=_wtoi(log+(logLen-2));
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/memory.cpp:20:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out,data,size);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/sectionLocker.cpp:11:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logBuffer[500];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/sectionLocker.cpp:17:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(logBuffer,"[BixVReader]Elapsed:%i ms",end-start);
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/sectionLocker.cpp:24:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logBuffer[500];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/sectionLocker.cpp:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logBuffer[500];
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/sectionLocker.cpp:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logBuffer[500];
data/vsmartcard-3.3+dfsg/ccid/src/ccid.c:545:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
apdu->resplen = min(apdu->resplen, strlen(Herstellername));
data/vsmartcard-3.3+dfsg/ccid/src/ccid.c:549:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
apdu->resplen = min(apdu->resplen, strlen(Produktname));
data/vsmartcard-3.3+dfsg/ccid/src/ccid.c:553:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
apdu->resplen = min(apdu->resplen, strlen(Firmwareversion));
data/vsmartcard-3.3+dfsg/ccid/src/ccid.c:557:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
apdu->resplen = min(apdu->resplen, strlen(Treiberversion));
data/vsmartcard-3.3+dfsg/ccid/src/scutil.c:144:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(card_atr, "[no card present]", sizeof card_atr);
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:936:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(sink_fd, inbuf, bufsize);
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:1236:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read (fd, &result, 0);
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:1290:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read (fd, &result, 0);
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:1333:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read (fd, &result, 0);
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:1443:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp = read (fd, &event, sizeof event);
data/vsmartcard-3.3+dfsg/ccid/src/usb.c:1544:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(cmdline.serial_arg, "random", strlen("random")) == 0) {
data/vsmartcard-3.3+dfsg/ccid/src/usbstring.c:134:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (s->s);
data/vsmartcard-3.3+dfsg/pcsc-relay/src/pcsc-relay.c:71:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0);
data/vsmartcard-3.3+dfsg/pcsc-relay/src/pcsc.c:116:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(reader)+1, readerslen -= l, reader += l, i++) {
data/vsmartcard-3.3+dfsg/pcsc-relay/src/vicc.c:51:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atr_len = strlen(viccatr);
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c:144:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(openport) != hostname_len
data/vsmartcard-3.3+dfsg/virtualsmartcard/src/pcsclite-vpcd/error.c:228:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(strError, msg, sizeof(strError));
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:56:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!WriteFile(pipe,&command,sizeof(DWORD),&read,NULL)) {
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:61:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!ReadFile(pipe,&size,sizeof(DWORD),&read,NULL)) {
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:67:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!ReadFile(pipe,ATR,size,&read,NULL)) {
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:77:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!WriteFile(pipe,&command,sizeof(DWORD),&read,NULL)) {
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:82:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!WriteFile(pipe,&dwAPDUlen,sizeof(DWORD),&read,NULL)) {
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:86:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!WriteFile(pipe,APDU,APDUlen,&read,NULL)) {
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:92:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!ReadFile(pipe,&dwRespLen,sizeof(DWORD),&read,NULL)) {
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:104:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!ReadFile(pipe,*Resp,dwRespLen,&read,NULL)) {
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:117:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!WriteFile(pipe,&command,sizeof(DWORD),&read,NULL)) {
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:123:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!ReadFile(pipe,&size,sizeof(DWORD),&read,NULL)) {
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:129:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!ReadFile(pipe,ATR,size,&read,NULL)) {
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/PipeReader.cpp:193:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!ReadFile(eventpipe,&command,sizeof(DWORD),&read,NULL)) {
data/vsmartcard-3.3+dfsg/virtualsmartcard/win32/BixVReader/memory.cpp:55:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size=min(outSize,(int)strlen(result)+1);
ANALYSIS SUMMARY:
Hits = 154
Lines analyzed = 13856 in approximately 0.41 seconds (33788 lines/second)
Physical Source Lines of Code (SLOC) = 9965
Hits@level = [0] 94 [1] 30 [2] 94 [3] 10 [4] 20 [5] 0
Hits@level+ = [0+] 248 [1+] 154 [2+] 124 [3+] 30 [4+] 20 [5+] 0
Hits/KSLOC@level+ = [0+] 24.8871 [1+] 15.4541 [2+] 12.4436 [3+] 3.01054 [4+] 2.00702 [5+] 0
Symlinks skipped = 16 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 1 (--followdotdir overrides)
Suppressed hits = 14 (use --neverignore to show them)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.