The following issues were found
drivers/net/wireless/atmel/atmel.c
60 issues
Line: 2841
Column: 73
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
}
}
static void send_authentication_request(struct atmel_private *priv, u16 system,
u8 *challenge, int challenge_len)
{
struct ieee80211_hdr header;
struct auth_body auth;
Reported by FlawFinder.
Line: 2858
Column: 25
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
/* no WEP for authentication frames with TrSeqNo 1 */
header.frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
auth.alg = cpu_to_le16(system);
auth.status = 0;
auth.trans_seq = cpu_to_le16(priv->CurrentAuthentTransactionSeqNum);
priv->ExpectedAuthentTransactionSeqNum = priv->CurrentAuthentTransactionSeqNum+1;
priv->CurrentAuthentTransactionSeqNum += 2;
Reported by FlawFinder.
Line: 3056
Column: 39
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
} else if (system == WLAN_AUTH_SHARED_KEY) {
if (trans_seq_no == 0x0002 &&
auth->el_id == WLAN_EID_CHALLENGE) {
send_authentication_request(priv, system, auth->chall_text, auth->chall_text_len);
return;
} else if (trans_seq_no == 0x0004) {
should_associate = 1;
}
}
Reported by FlawFinder.
Line: 2868
CWE codes:
476
if (challenge_len != 0) {
auth.el_id = 16; /* challenge_text */
auth.chall_text_len = challenge_len;
memcpy(auth.chall_text, challenge, challenge_len);
atmel_transmit_management_frame(priv, &header, (u8 *)&auth, 8 + challenge_len);
} else {
atmel_transmit_management_frame(priv, &header, (u8 *)&auth, 6);
}
}
Reported by Cppcheck.
Line: 442
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct atmel_private {
void *card; /* Bus dependent structure varies for PCcard */
int (*present_callback)(void *); /* And callback which uses it */
char firmware_id[32];
AtmelFWType firmware_type;
u8 *firmware;
int firmware_length;
struct timer_list management_timer;
struct net_device *dev;
Reported by FlawFinder.
Line: 844
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
frame_ctl |= IEEE80211_FCTL_PROTECTED;
if (priv->operating_mode == IW_MODE_ADHOC) {
skb_copy_from_linear_data(skb, &header.addr1, ETH_ALEN);
memcpy(&header.addr2, dev->dev_addr, ETH_ALEN);
memcpy(&header.addr3, priv->BSSID, ETH_ALEN);
} else {
frame_ctl |= IEEE80211_FCTL_TODS;
memcpy(&header.addr1, priv->CurrentBSSID, ETH_ALEN);
memcpy(&header.addr2, dev->dev_addr, ETH_ALEN);
Reported by FlawFinder.
Line: 845
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (priv->operating_mode == IW_MODE_ADHOC) {
skb_copy_from_linear_data(skb, &header.addr1, ETH_ALEN);
memcpy(&header.addr2, dev->dev_addr, ETH_ALEN);
memcpy(&header.addr3, priv->BSSID, ETH_ALEN);
} else {
frame_ctl |= IEEE80211_FCTL_TODS;
memcpy(&header.addr1, priv->CurrentBSSID, ETH_ALEN);
memcpy(&header.addr2, dev->dev_addr, ETH_ALEN);
skb_copy_from_linear_data(skb, &header.addr3, ETH_ALEN);
Reported by FlawFinder.
Line: 848
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&header.addr3, priv->BSSID, ETH_ALEN);
} else {
frame_ctl |= IEEE80211_FCTL_TODS;
memcpy(&header.addr1, priv->CurrentBSSID, ETH_ALEN);
memcpy(&header.addr2, dev->dev_addr, ETH_ALEN);
skb_copy_from_linear_data(skb, &header.addr3, ETH_ALEN);
}
if (priv->use_wpa)
Reported by FlawFinder.
Line: 849
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
frame_ctl |= IEEE80211_FCTL_TODS;
memcpy(&header.addr1, priv->CurrentBSSID, ETH_ALEN);
memcpy(&header.addr2, dev->dev_addr, ETH_ALEN);
skb_copy_from_linear_data(skb, &header.addr3, ETH_ALEN);
}
if (priv->use_wpa)
memcpy(&header.addr4, rfc1042_header, ETH_ALEN);
Reported by FlawFinder.
Line: 854
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (priv->use_wpa)
memcpy(&header.addr4, rfc1042_header, ETH_ALEN);
header.frame_control = cpu_to_le16(frame_ctl);
/* Copy the wireless header into the card */
atmel_copy_to_card(dev, buff, (unsigned char *)&header, DATA_FRAME_WS_HEADER_SIZE);
/* Copy the packet sans its 802.3 header addresses which have been replaced */
Reported by FlawFinder.
tools/include/uapi/sound/asound.h
59 issues
Line: 1046
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct snd_ctl_elem_info {
struct snd_ctl_elem_id id; /* W: element ID */
snd_ctl_elem_type_t type; /* R: value type - SNDRV_CTL_ELEM_TYPE_* */
unsigned int access; /* R: value access (bitmask) - SNDRV_CTL_ELEM_ACCESS_* */
unsigned int count; /* count of values */
__kernel_pid_t owner; /* owner's PID of this control */
union {
struct {
long min; /* R: minimum value */
Reported by FlawFinder.
Line: 60
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
****************************************************************************/
struct snd_aes_iec958 {
unsigned char status[24]; /* AES/IEC958 channel status bits */
unsigned char subcode[147]; /* AES/IEC958 subcode bits */
unsigned char pad; /* nothing */
unsigned char dig_subframe[4]; /* AES/IEC958 subframe bits */
};
Reported by FlawFinder.
Line: 61
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_aes_iec958 {
unsigned char status[24]; /* AES/IEC958 channel status bits */
unsigned char subcode[147]; /* AES/IEC958 subcode bits */
unsigned char pad; /* nothing */
unsigned char dig_subframe[4]; /* AES/IEC958 subframe bits */
};
/****************************************************************************
Reported by FlawFinder.
Line: 63
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char status[24]; /* AES/IEC958 channel status bits */
unsigned char subcode[147]; /* AES/IEC958 subcode bits */
unsigned char pad; /* nothing */
unsigned char dig_subframe[4]; /* AES/IEC958 subframe bits */
};
/****************************************************************************
* *
* CEA-861 Audio InfoFrame. Used in HDMI and DisplayPort *
Reported by FlawFinder.
Line: 124
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_hwdep_info {
unsigned int device; /* WR: device number */
int card; /* R: card number */
unsigned char id[64]; /* ID (user selectable) */
unsigned char name[80]; /* hwdep name */
int iface; /* hwdep interface */
unsigned char reserved[64]; /* reserved for future */
};
Reported by FlawFinder.
Line: 125
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int device; /* WR: device number */
int card; /* R: card number */
unsigned char id[64]; /* ID (user selectable) */
unsigned char name[80]; /* hwdep name */
int iface; /* hwdep interface */
unsigned char reserved[64]; /* reserved for future */
};
/* generic DSP loader */
Reported by FlawFinder.
Line: 127
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char id[64]; /* ID (user selectable) */
unsigned char name[80]; /* hwdep name */
int iface; /* hwdep interface */
unsigned char reserved[64]; /* reserved for future */
};
/* generic DSP loader */
struct snd_hwdep_dsp_status {
unsigned int version; /* R: driver-specific version */
Reported by FlawFinder.
Line: 133
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* generic DSP loader */
struct snd_hwdep_dsp_status {
unsigned int version; /* R: driver-specific version */
unsigned char id[32]; /* R: driver-specific ID string */
unsigned int num_dsps; /* R: number of DSP images to transfer */
unsigned int dsp_loaded; /* R: bit flags indicating the loaded DSPs */
unsigned int chip_ready; /* R: 1 = initialization finished */
unsigned char reserved[16]; /* reserved for future use */
};
Reported by FlawFinder.
Line: 137
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int num_dsps; /* R: number of DSP images to transfer */
unsigned int dsp_loaded; /* R: bit flags indicating the loaded DSPs */
unsigned int chip_ready; /* R: 1 = initialization finished */
unsigned char reserved[16]; /* reserved for future use */
};
struct snd_hwdep_dsp_image {
unsigned int index; /* W: DSP index */
unsigned char name[64]; /* W: ID (e.g. file name) */
Reported by FlawFinder.
Line: 142
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_hwdep_dsp_image {
unsigned int index; /* W: DSP index */
unsigned char name[64]; /* W: ID (e.g. file name) */
unsigned char __user *image; /* W: binary image */
size_t length; /* W: size of image in bytes */
unsigned long driver_data; /* W: driver-specific data */
};
Reported by FlawFinder.
drivers/edac/ghes_edac.c
59 issues
Line: 397
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
dmi_memdev_name(mem_err->mem_dev_handle, &bank, &device);
if (bank != NULL && device != NULL)
p += sprintf(p, "DIMM location:%s %s ", bank, device);
else
p += sprintf(p, "DIMM DMI handle: 0x%.4x ",
mem_err->mem_dev_handle);
dimm = find_dimm_by_handle(mci, mem_err->mem_dev_handle);
Reported by FlawFinder.
Line: 405
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
dimm = find_dimm_by_handle(mci, mem_err->mem_dev_handle);
if (dimm) {
e->top_layer = dimm->idx;
strcpy(e->label, dimm->label);
}
}
if (mem_err->validation_bits & CPER_MEM_VALID_CHIP_ID)
p += sprintf(p, "chipID: %d ",
mem_err->extended >> CPER_MEM_CHIP_ID_SHIFT);
Reported by FlawFinder.
Line: 22
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mem_ctl_info *mci;
/* Buffers for the error handling routine */
char other_detail[400];
char msg[80];
};
static refcount_t ghes_refcount = REFCOUNT_INIT(0);
Reported by FlawFinder.
Line: 23
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Buffers for the error handling routine */
char other_detail[400];
char msg[80];
};
static refcount_t ghes_refcount = REFCOUNT_INIT(0);
/*
Reported by FlawFinder.
Line: 298
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p = pvt->msg;
switch (mem_err->error_type) {
case 0:
p += sprintf(p, "Unknown");
break;
case 1:
p += sprintf(p, "No error");
break;
case 2:
Reported by FlawFinder.
Line: 301
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p += sprintf(p, "Unknown");
break;
case 1:
p += sprintf(p, "No error");
break;
case 2:
p += sprintf(p, "Single-bit ECC");
break;
case 3:
Reported by FlawFinder.
Line: 304
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p += sprintf(p, "No error");
break;
case 2:
p += sprintf(p, "Single-bit ECC");
break;
case 3:
p += sprintf(p, "Multi-bit ECC");
break;
case 4:
Reported by FlawFinder.
Line: 307
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p += sprintf(p, "Single-bit ECC");
break;
case 3:
p += sprintf(p, "Multi-bit ECC");
break;
case 4:
p += sprintf(p, "Single-symbol ChipKill ECC");
break;
case 5:
Reported by FlawFinder.
Line: 310
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p += sprintf(p, "Multi-bit ECC");
break;
case 4:
p += sprintf(p, "Single-symbol ChipKill ECC");
break;
case 5:
p += sprintf(p, "Multi-symbol ChipKill ECC");
break;
case 6:
Reported by FlawFinder.
Line: 313
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p += sprintf(p, "Single-symbol ChipKill ECC");
break;
case 5:
p += sprintf(p, "Multi-symbol ChipKill ECC");
break;
case 6:
p += sprintf(p, "Master abort");
break;
case 7:
Reported by FlawFinder.
include/uapi/sound/asound.h
59 issues
Line: 1046
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct snd_ctl_elem_info {
struct snd_ctl_elem_id id; /* W: element ID */
snd_ctl_elem_type_t type; /* R: value type - SNDRV_CTL_ELEM_TYPE_* */
unsigned int access; /* R: value access (bitmask) - SNDRV_CTL_ELEM_ACCESS_* */
unsigned int count; /* count of values */
__kernel_pid_t owner; /* owner's PID of this control */
union {
struct {
long min; /* R: minimum value */
Reported by FlawFinder.
Line: 60
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
****************************************************************************/
struct snd_aes_iec958 {
unsigned char status[24]; /* AES/IEC958 channel status bits */
unsigned char subcode[147]; /* AES/IEC958 subcode bits */
unsigned char pad; /* nothing */
unsigned char dig_subframe[4]; /* AES/IEC958 subframe bits */
};
Reported by FlawFinder.
Line: 61
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_aes_iec958 {
unsigned char status[24]; /* AES/IEC958 channel status bits */
unsigned char subcode[147]; /* AES/IEC958 subcode bits */
unsigned char pad; /* nothing */
unsigned char dig_subframe[4]; /* AES/IEC958 subframe bits */
};
/****************************************************************************
Reported by FlawFinder.
Line: 63
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char status[24]; /* AES/IEC958 channel status bits */
unsigned char subcode[147]; /* AES/IEC958 subcode bits */
unsigned char pad; /* nothing */
unsigned char dig_subframe[4]; /* AES/IEC958 subframe bits */
};
/****************************************************************************
* *
* CEA-861 Audio InfoFrame. Used in HDMI and DisplayPort *
Reported by FlawFinder.
Line: 124
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_hwdep_info {
unsigned int device; /* WR: device number */
int card; /* R: card number */
unsigned char id[64]; /* ID (user selectable) */
unsigned char name[80]; /* hwdep name */
int iface; /* hwdep interface */
unsigned char reserved[64]; /* reserved for future */
};
Reported by FlawFinder.
Line: 125
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int device; /* WR: device number */
int card; /* R: card number */
unsigned char id[64]; /* ID (user selectable) */
unsigned char name[80]; /* hwdep name */
int iface; /* hwdep interface */
unsigned char reserved[64]; /* reserved for future */
};
/* generic DSP loader */
Reported by FlawFinder.
Line: 127
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char id[64]; /* ID (user selectable) */
unsigned char name[80]; /* hwdep name */
int iface; /* hwdep interface */
unsigned char reserved[64]; /* reserved for future */
};
/* generic DSP loader */
struct snd_hwdep_dsp_status {
unsigned int version; /* R: driver-specific version */
Reported by FlawFinder.
Line: 133
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* generic DSP loader */
struct snd_hwdep_dsp_status {
unsigned int version; /* R: driver-specific version */
unsigned char id[32]; /* R: driver-specific ID string */
unsigned int num_dsps; /* R: number of DSP images to transfer */
unsigned int dsp_loaded; /* R: bit flags indicating the loaded DSPs */
unsigned int chip_ready; /* R: 1 = initialization finished */
unsigned char reserved[16]; /* reserved for future use */
};
Reported by FlawFinder.
Line: 137
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int num_dsps; /* R: number of DSP images to transfer */
unsigned int dsp_loaded; /* R: bit flags indicating the loaded DSPs */
unsigned int chip_ready; /* R: 1 = initialization finished */
unsigned char reserved[16]; /* reserved for future use */
};
struct snd_hwdep_dsp_image {
unsigned int index; /* W: DSP index */
unsigned char name[64]; /* W: ID (e.g. file name) */
Reported by FlawFinder.
Line: 142
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_hwdep_dsp_image {
unsigned int index; /* W: DSP index */
unsigned char name[64]; /* W: ID (e.g. file name) */
unsigned char __user *image; /* W: binary image */
size_t length; /* W: size of image in bytes */
unsigned long driver_data; /* W: driver-specific data */
};
Reported by FlawFinder.
net/bluetooth/smp.c
59 issues
Line: 715
CWE codes:
908
rsp->io_capability = conn->hcon->io_capability;
rsp->oob_flag = oob_flag;
rsp->max_key_size = hdev->le_max_key_size;
rsp->init_key_dist = req->init_key_dist & remote_dist;
rsp->resp_key_dist = req->resp_key_dist & local_dist;
rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
smp->remote_key_dist = rsp->init_key_dist;
}
Reported by Cppcheck.
Line: 716
CWE codes:
908
rsp->oob_flag = oob_flag;
rsp->max_key_size = hdev->le_max_key_size;
rsp->init_key_dist = req->init_key_dist & remote_dist;
rsp->resp_key_dist = req->resp_key_dist & local_dist;
rsp->auth_req = (authreq & AUTH_REQ_MASK(hdev));
smp->remote_key_dist = rsp->init_key_dist;
}
Reported by Cppcheck.
Line: 1725
CWE codes:
908
rsp->auth_req = SMP_AUTH_CT2;
rsp->max_key_size = conn->hcon->enc_key_size;
rsp->init_key_dist = req->init_key_dist & remote_dist;
rsp->resp_key_dist = req->resp_key_dist & local_dist;
smp->remote_key_dist = rsp->init_key_dist;
}
Reported by Cppcheck.
Line: 1726
CWE codes:
908
rsp->auth_req = SMP_AUTH_CT2;
rsp->max_key_size = conn->hcon->enc_key_size;
rsp->init_key_dist = req->init_key_dist & remote_dist;
rsp->resp_key_dist = req->resp_key_dist & local_dist;
smp->remote_key_dist = rsp->init_key_dist;
}
static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
Reported by Cppcheck.
Line: 219
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SMP_DBG("x %16phN z %02x", x, z);
m[0] = z;
memcpy(m + 1, v, 32);
memcpy(m + 33, u, 32);
err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
if (err)
return err;
Reported by FlawFinder.
Line: 220
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m[0] = z;
memcpy(m + 1, v, 32);
memcpy(m + 33, u, 32);
err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
if (err)
return err;
Reported by FlawFinder.
Line: 258
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SMP_DBG("t %16phN", t);
memcpy(m, length, 2);
memcpy(m + 2, a2, 7);
memcpy(m + 9, a1, 7);
memcpy(m + 16, n2, 16);
memcpy(m + 32, n1, 16);
memcpy(m + 48, btle, 4);
Reported by FlawFinder.
Line: 259
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SMP_DBG("t %16phN", t);
memcpy(m, length, 2);
memcpy(m + 2, a2, 7);
memcpy(m + 9, a1, 7);
memcpy(m + 16, n2, 16);
memcpy(m + 32, n1, 16);
memcpy(m + 48, btle, 4);
Reported by FlawFinder.
Line: 260
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(m, length, 2);
memcpy(m + 2, a2, 7);
memcpy(m + 9, a1, 7);
memcpy(m + 16, n2, 16);
memcpy(m + 32, n1, 16);
memcpy(m + 48, btle, 4);
m[52] = 0; /* Counter */
Reported by FlawFinder.
Line: 261
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(m, length, 2);
memcpy(m + 2, a2, 7);
memcpy(m + 9, a1, 7);
memcpy(m + 16, n2, 16);
memcpy(m + 32, n1, 16);
memcpy(m + 48, btle, 4);
m[52] = 0; /* Counter */
Reported by FlawFinder.
drivers/s390/crypto/zcrypt_ccamisc.c
58 issues
Line: 247
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* fill request cprb struct */
preqcblk->cprb_len = sizeof(struct CPRBX);
preqcblk->cprb_ver_id = 0x02;
memcpy(preqcblk->func_id, "T2", 2);
preqcblk->rpl_msgbl = cprbplusparamblen;
if (paramblen) {
preqcblk->req_parmb =
((u8 __user *) preqcblk) + sizeof(struct CPRBX);
preqcblk->rpl_parmb =
Reported by FlawFinder.
Line: 310
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 rule_array_len;
struct lv1 {
u16 len;
char key_form[8];
char key_length[8];
char key_type1[8];
char key_type2[8];
} lv1;
struct lv2 {
Reported by FlawFinder.
Line: 311
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct lv1 {
u16 len;
char key_form[8];
char key_length[8];
char key_type1[8];
char key_type2[8];
} lv1;
struct lv2 {
u16 len;
Reported by FlawFinder.
Line: 312
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 len;
char key_form[8];
char key_length[8];
char key_type1[8];
char key_type2[8];
} lv1;
struct lv2 {
u16 len;
struct keyid {
Reported by FlawFinder.
Line: 313
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char key_form[8];
char key_length[8];
char key_type1[8];
char key_type2[8];
} lv1;
struct lv2 {
u16 len;
struct keyid {
u16 len;
Reported by FlawFinder.
Line: 349
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* fill request cprb param block with KG request */
preqparm = (struct kgreqparm __force *) preqcblk->req_parmb;
memcpy(preqparm->subfunc_code, "KG", 2);
preqparm->rule_array_len = sizeof(preqparm->rule_array_len);
preqparm->lv1.len = sizeof(struct lv1);
memcpy(preqparm->lv1.key_form, "OP ", 8);
switch (keybitsize) {
case PKEY_SIZE_AES_128:
Reported by FlawFinder.
Line: 352
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(preqparm->subfunc_code, "KG", 2);
preqparm->rule_array_len = sizeof(preqparm->rule_array_len);
preqparm->lv1.len = sizeof(struct lv1);
memcpy(preqparm->lv1.key_form, "OP ", 8);
switch (keybitsize) {
case PKEY_SIZE_AES_128:
case PKEY_KEYTYPE_AES_128: /* older ioctls used this */
keysize = 16;
memcpy(preqparm->lv1.key_length, "KEYLN16 ", 8);
Reported by FlawFinder.
Line: 357
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case PKEY_SIZE_AES_128:
case PKEY_KEYTYPE_AES_128: /* older ioctls used this */
keysize = 16;
memcpy(preqparm->lv1.key_length, "KEYLN16 ", 8);
break;
case PKEY_SIZE_AES_192:
case PKEY_KEYTYPE_AES_192: /* older ioctls used this */
keysize = 24;
memcpy(preqparm->lv1.key_length, "KEYLN24 ", 8);
Reported by FlawFinder.
Line: 362
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case PKEY_SIZE_AES_192:
case PKEY_KEYTYPE_AES_192: /* older ioctls used this */
keysize = 24;
memcpy(preqparm->lv1.key_length, "KEYLN24 ", 8);
break;
case PKEY_SIZE_AES_256:
case PKEY_KEYTYPE_AES_256: /* older ioctls used this */
keysize = 32;
memcpy(preqparm->lv1.key_length, "KEYLN32 ", 8);
Reported by FlawFinder.
Line: 367
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case PKEY_SIZE_AES_256:
case PKEY_KEYTYPE_AES_256: /* older ioctls used this */
keysize = 32;
memcpy(preqparm->lv1.key_length, "KEYLN32 ", 8);
break;
default:
DEBUG_ERR("%s unknown/unsupported keybitsize %d\n",
__func__, keybitsize);
rc = -EINVAL;
Reported by FlawFinder.
drivers/scsi/myrs.h
58 issues
Line: 176
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char bus_width; /* Byte 6 */
unsigned char flash_code; /* Byte 7 */
unsigned char ports_present; /* Byte 8 */
unsigned char rsvd3[7]; /* Bytes 9-15 */
unsigned char bus_name[16]; /* Bytes 16-31 */
unsigned char ctlr_name[16]; /* Bytes 32-47 */
unsigned char rsvd4[16]; /* Bytes 48-63 */
/* Firmware Release Information */
unsigned char fw_major_version; /* Byte 64 */
Reported by FlawFinder.
Line: 177
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char flash_code; /* Byte 7 */
unsigned char ports_present; /* Byte 8 */
unsigned char rsvd3[7]; /* Bytes 9-15 */
unsigned char bus_name[16]; /* Bytes 16-31 */
unsigned char ctlr_name[16]; /* Bytes 32-47 */
unsigned char rsvd4[16]; /* Bytes 48-63 */
/* Firmware Release Information */
unsigned char fw_major_version; /* Byte 64 */
unsigned char fw_minor_version; /* Byte 65 */
Reported by FlawFinder.
Line: 178
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char ports_present; /* Byte 8 */
unsigned char rsvd3[7]; /* Bytes 9-15 */
unsigned char bus_name[16]; /* Bytes 16-31 */
unsigned char ctlr_name[16]; /* Bytes 32-47 */
unsigned char rsvd4[16]; /* Bytes 48-63 */
/* Firmware Release Information */
unsigned char fw_major_version; /* Byte 64 */
unsigned char fw_minor_version; /* Byte 65 */
unsigned char fw_turn_number; /* Byte 66 */
Reported by FlawFinder.
Line: 179
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char rsvd3[7]; /* Bytes 9-15 */
unsigned char bus_name[16]; /* Bytes 16-31 */
unsigned char ctlr_name[16]; /* Bytes 32-47 */
unsigned char rsvd4[16]; /* Bytes 48-63 */
/* Firmware Release Information */
unsigned char fw_major_version; /* Byte 64 */
unsigned char fw_minor_version; /* Byte 65 */
unsigned char fw_turn_number; /* Byte 66 */
unsigned char fw_build_number; /* Byte 67 */
Reported by FlawFinder.
Line: 191
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char fw_release_year_lo; /* Byte 71 */
/* Hardware Release Information */
unsigned char hw_rev; /* Byte 72 */
unsigned char rsvd5[3]; /* Bytes 73-75 */
unsigned char hw_release_day; /* Byte 76 */
unsigned char hw_release_month; /* Byte 77 */
unsigned char hw_release_year_hi; /* Byte 78 */
unsigned char hw_release_year_lo; /* Byte 79 */
/* Hardware Manufacturing Information */
Reported by FlawFinder.
Line: 209
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char max_ild_per_xld; /* Byte 89 */
unsigned short nvram_size_kb; /* Bytes 90-91 */
unsigned char max_xld; /* Byte 92 */
unsigned char rsvd8[3]; /* Bytes 93-95 */
/* Unique Information per Controller */
unsigned char serial_number[16]; /* Bytes 96-111 */
unsigned char rsvd9[16]; /* Bytes 112-127 */
/* Vendor Information */
unsigned char rsvd10[3]; /* Bytes 128-130 */
Reported by FlawFinder.
Line: 211
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char max_xld; /* Byte 92 */
unsigned char rsvd8[3]; /* Bytes 93-95 */
/* Unique Information per Controller */
unsigned char serial_number[16]; /* Bytes 96-111 */
unsigned char rsvd9[16]; /* Bytes 112-127 */
/* Vendor Information */
unsigned char rsvd10[3]; /* Bytes 128-130 */
unsigned char oem_code; /* Byte 131 */
unsigned char vendor[16]; /* Bytes 132-147 */
Reported by FlawFinder.
Line: 212
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char rsvd8[3]; /* Bytes 93-95 */
/* Unique Information per Controller */
unsigned char serial_number[16]; /* Bytes 96-111 */
unsigned char rsvd9[16]; /* Bytes 112-127 */
/* Vendor Information */
unsigned char rsvd10[3]; /* Bytes 128-130 */
unsigned char oem_code; /* Byte 131 */
unsigned char vendor[16]; /* Bytes 132-147 */
/* Other Physical/Controller/Operation Information */
Reported by FlawFinder.
Line: 214
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char serial_number[16]; /* Bytes 96-111 */
unsigned char rsvd9[16]; /* Bytes 112-127 */
/* Vendor Information */
unsigned char rsvd10[3]; /* Bytes 128-130 */
unsigned char oem_code; /* Byte 131 */
unsigned char vendor[16]; /* Bytes 132-147 */
/* Other Physical/Controller/Operation Information */
unsigned char bbu_present:1; /* Byte 148 Bit 0 */
unsigned char cluster_mode:1; /* Byte 148 Bit 1 */
Reported by FlawFinder.
Line: 216
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Vendor Information */
unsigned char rsvd10[3]; /* Bytes 128-130 */
unsigned char oem_code; /* Byte 131 */
unsigned char vendor[16]; /* Bytes 132-147 */
/* Other Physical/Controller/Operation Information */
unsigned char bbu_present:1; /* Byte 148 Bit 0 */
unsigned char cluster_mode:1; /* Byte 148 Bit 1 */
unsigned char rsvd11:6; /* Byte 148 Bits 2-7 */
unsigned char rsvd12[3]; /* Bytes 149-151 */
Reported by FlawFinder.
include/uapi/linux/coff.h
58 issues
Line: 61
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/********************** FILE HEADER **********************/
struct COFF_filehdr {
char f_magic[2]; /* magic number */
char f_nscns[2]; /* number of sections */
char f_timdat[4]; /* time & date stamp */
char f_symptr[4]; /* file pointer to symtab */
char f_nsyms[4]; /* number of symtab entries */
char f_opthdr[2]; /* sizeof(optional hdr) */
Reported by FlawFinder.
Line: 62
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct COFF_filehdr {
char f_magic[2]; /* magic number */
char f_nscns[2]; /* number of sections */
char f_timdat[4]; /* time & date stamp */
char f_symptr[4]; /* file pointer to symtab */
char f_nsyms[4]; /* number of symtab entries */
char f_opthdr[2]; /* sizeof(optional hdr) */
char f_flags[2]; /* flags */
Reported by FlawFinder.
Line: 63
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct COFF_filehdr {
char f_magic[2]; /* magic number */
char f_nscns[2]; /* number of sections */
char f_timdat[4]; /* time & date stamp */
char f_symptr[4]; /* file pointer to symtab */
char f_nsyms[4]; /* number of symtab entries */
char f_opthdr[2]; /* sizeof(optional hdr) */
char f_flags[2]; /* flags */
};
Reported by FlawFinder.
Line: 64
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char f_magic[2]; /* magic number */
char f_nscns[2]; /* number of sections */
char f_timdat[4]; /* time & date stamp */
char f_symptr[4]; /* file pointer to symtab */
char f_nsyms[4]; /* number of symtab entries */
char f_opthdr[2]; /* sizeof(optional hdr) */
char f_flags[2]; /* flags */
};
Reported by FlawFinder.
Line: 65
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char f_nscns[2]; /* number of sections */
char f_timdat[4]; /* time & date stamp */
char f_symptr[4]; /* file pointer to symtab */
char f_nsyms[4]; /* number of symtab entries */
char f_opthdr[2]; /* sizeof(optional hdr) */
char f_flags[2]; /* flags */
};
/*
Reported by FlawFinder.
Line: 66
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char f_timdat[4]; /* time & date stamp */
char f_symptr[4]; /* file pointer to symtab */
char f_nsyms[4]; /* number of symtab entries */
char f_opthdr[2]; /* sizeof(optional hdr) */
char f_flags[2]; /* flags */
};
/*
* Bits for f_flags:
Reported by FlawFinder.
Line: 67
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char f_symptr[4]; /* file pointer to symtab */
char f_nsyms[4]; /* number of symtab entries */
char f_opthdr[2]; /* sizeof(optional hdr) */
char f_flags[2]; /* flags */
};
/*
* Bits for f_flags:
*
Reported by FlawFinder.
Line: 135
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct
{
char magic[2]; /* type of file */
char vstamp[2]; /* version stamp */
char tsize[4]; /* text size in bytes, padded to FW bdry */
char dsize[4]; /* initialized data " " */
char bsize[4]; /* uninitialized data " " */
char entry[4]; /* entry pt. */
Reported by FlawFinder.
Line: 136
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct
{
char magic[2]; /* type of file */
char vstamp[2]; /* version stamp */
char tsize[4]; /* text size in bytes, padded to FW bdry */
char dsize[4]; /* initialized data " " */
char bsize[4]; /* uninitialized data " " */
char entry[4]; /* entry pt. */
char text_start[4]; /* base of text used for this file */
Reported by FlawFinder.
Line: 137
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char magic[2]; /* type of file */
char vstamp[2]; /* version stamp */
char tsize[4]; /* text size in bytes, padded to FW bdry */
char dsize[4]; /* initialized data " " */
char bsize[4]; /* uninitialized data " " */
char entry[4]; /* entry pt. */
char text_start[4]; /* base of text used for this file */
char data_start[4]; /* base of data used for this file */
Reported by FlawFinder.
tools/testing/selftests/resctrl/resctrlfs.c
58 issues
Line: 67
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
ret = find_resctrl_mount(mountpoint);
if (ret)
strcpy(mountpoint, RESCTRL_PATH);
if (!ret && mum_resctrlfs && umount(mountpoint))
ksft_print_msg("Fail: unmounting \"%s\"\n", mountpoint);
if (!ret && !mum_resctrlfs)
Reported by FlawFinder.
Line: 110
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
FILE *fp;
if (is_amd)
sprintf(phys_pkg_path, "%s%d/cache/index3/id",
PHYS_ID_PATH, cpu_no);
else
sprintf(phys_pkg_path, "%s%d/topology/physical_package_id",
PHYS_ID_PATH, cpu_no);
Reported by FlawFinder.
Line: 113
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(phys_pkg_path, "%s%d/cache/index3/id",
PHYS_ID_PATH, cpu_no);
else
sprintf(phys_pkg_path, "%s%d/topology/physical_package_id",
PHYS_ID_PATH, cpu_no);
fp = fopen(phys_pkg_path, "r");
if (!fp) {
perror("Failed to open physical_package_id");
Reported by FlawFinder.
Line: 164
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
return -1;
}
if (fscanf(fp, "%s", cache_str) <= 0) {
perror("Could not get cache_size");
fclose(fp);
return -1;
}
Reported by FlawFinder.
Line: 213
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!cbm_mask)
return -1;
sprintf(cbm_mask_path, "%s/%s/cbm_mask", CBM_MASK_PATH, cache_type);
fp = fopen(cbm_mask_path, "r");
if (!fp) {
perror("Failed to open cache level");
Reported by FlawFinder.
Line: 221
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
return -1;
}
if (fscanf(fp, "%s", cbm_mask) <= 0) {
perror("Could not get max cbm_mask");
fclose(fp);
return -1;
}
Reported by FlawFinder.
Line: 244
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int sibling_cpu_no = -1;
FILE *fp;
sprintf(core_siblings_path, "%s%d/topology/core_siblings_list",
CORE_SIBLINGS_PATH, cpu_no);
fp = fopen(core_siblings_path, "r");
if (!fp) {
perror("Failed to open core siblings path");
Reported by FlawFinder.
Line: 253
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
return -1;
}
if (fscanf(fp, "%s", cpu_list_str) <= 0) {
perror("Could not get core_siblings list");
fclose(fp);
return -1;
}
Reported by FlawFinder.
Line: 330
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
malloc_and_init_memory = atoi(benchmark_cmd[2]);
memflush = atoi(benchmark_cmd[3]);
operation = atoi(benchmark_cmd[4]);
sprintf(resctrl_val, "%s", benchmark_cmd[5]);
if (strncmp(resctrl_val, CMT_STR, sizeof(CMT_STR)))
buffer_span = span * MB;
else
buffer_span = span;
Reported by FlawFinder.
Line: 342
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
fprintf(stderr, "Error in running fill buffer\n");
} else {
/* Execute specified benchmark */
ret = execvp(benchmark_cmd[0], benchmark_cmd);
if (ret)
perror("wrong\n");
}
fclose(stdout);
Reported by FlawFinder.
arch/x86/kvm/x86.c
58 issues
Line: 794
Column: 12
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
*/
int kvm_read_guest_page_mmu(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu,
gfn_t ngfn, void *data, int offset, int len,
u32 access)
{
struct x86_exception exception;
gfn_t real_gfn;
gpa_t ngpa;
Reported by FlawFinder.
Line: 801
Column: 44
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
gpa_t ngpa;
ngpa = gfn_to_gpa(ngfn);
real_gfn = mmu->translate_gpa(vcpu, ngpa, access, &exception);
if (real_gfn == UNMAPPED_GVA)
return -EFAULT;
real_gfn = gpa_to_gfn(real_gfn);
Reported by FlawFinder.
Line: 6321
Column: 66
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static_call(kvm_x86_get_segment)(vcpu, var, seg);
}
gpa_t translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa, u32 access,
struct x86_exception *exception)
{
gpa_t t_gpa;
BUG_ON(!mmu_is_nested(vcpu));
Reported by FlawFinder.
Line: 6329
Column: 2
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
BUG_ON(!mmu_is_nested(vcpu));
/* NPT walks are always user-walks */
access |= PFERR_USER_MASK;
t_gpa = vcpu->arch.mmu->gva_to_gpa(vcpu, gpa, access, exception);
return t_gpa;
}
Reported by FlawFinder.
Line: 6330
Column: 49
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
/* NPT walks are always user-walks */
access |= PFERR_USER_MASK;
t_gpa = vcpu->arch.mmu->gva_to_gpa(vcpu, gpa, access, exception);
return t_gpa;
}
gpa_t kvm_mmu_gva_to_gpa_read(struct kvm_vcpu *vcpu, gva_t gva,
Reported by FlawFinder.
Line: 6339
Column: 52
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct x86_exception *exception)
{
u32 access = (static_call(kvm_x86_get_cpl)(vcpu) == 3) ? PFERR_USER_MASK : 0;
return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
}
EXPORT_SYMBOL_GPL(kvm_mmu_gva_to_gpa_read);
gpa_t kvm_mmu_gva_to_gpa_fetch(struct kvm_vcpu *vcpu, gva_t gva,
struct x86_exception *exception)
Reported by FlawFinder.
Line: 6347
Column: 2
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct x86_exception *exception)
{
u32 access = (static_call(kvm_x86_get_cpl)(vcpu) == 3) ? PFERR_USER_MASK : 0;
access |= PFERR_FETCH_MASK;
return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
}
gpa_t kvm_mmu_gva_to_gpa_write(struct kvm_vcpu *vcpu, gva_t gva,
struct x86_exception *exception)
Reported by FlawFinder.
Line: 6348
Column: 52
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
u32 access = (static_call(kvm_x86_get_cpl)(vcpu) == 3) ? PFERR_USER_MASK : 0;
access |= PFERR_FETCH_MASK;
return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
}
gpa_t kvm_mmu_gva_to_gpa_write(struct kvm_vcpu *vcpu, gva_t gva,
struct x86_exception *exception)
{
Reported by FlawFinder.
Line: 6355
Column: 2
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct x86_exception *exception)
{
u32 access = (static_call(kvm_x86_get_cpl)(vcpu) == 3) ? PFERR_USER_MASK : 0;
access |= PFERR_WRITE_MASK;
return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
}
EXPORT_SYMBOL_GPL(kvm_mmu_gva_to_gpa_write);
/* uses this to access any guest's mapped memory without checking CPL */
Reported by FlawFinder.
Line: 6356
Column: 52
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
u32 access = (static_call(kvm_x86_get_cpl)(vcpu) == 3) ? PFERR_USER_MASK : 0;
access |= PFERR_WRITE_MASK;
return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
}
EXPORT_SYMBOL_GPL(kvm_mmu_gva_to_gpa_write);
/* uses this to access any guest's mapped memory without checking CPL */
gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva,
Reported by FlawFinder.