The following issues were found
include/uapi/linux/netfilter_ipv4/ipt_LOG.h
1 issues
Line: 17
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ipt_log_info {
unsigned char level;
unsigned char logflags;
char prefix[30];
};
#endif /*_IPT_LOG_H*/
Reported by FlawFinder.
include/uapi/linux/netfilter_bridge/ebt_nflog.h
1 issues
Line: 21
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u16 threshold;
__u16 flags;
__u16 pad;
char prefix[EBT_NFLOG_PREFIX_SIZE];
};
#endif /* __LINUX_BRIDGE_EBT_NFLOG_H */
Reported by FlawFinder.
include/uapi/linux/netfilter_bridge/ebt_nat.h
1 issues
Line: 9
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define NAT_ARP_BIT (0x00000010)
struct ebt_nat_info {
unsigned char mac[ETH_ALEN];
/* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
int target;
};
#define EBT_SNAT_TARGET "snat"
#define EBT_DNAT_TARGET "dnat"
Reported by FlawFinder.
include/uapi/linux/netfilter_bridge/ebt_arpreply.h
1 issues
Line: 8
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/if_ether.h>
struct ebt_arpreply_info {
unsigned char mac[ETH_ALEN];
int target;
};
#define EBT_ARPREPLY_TARGET "arpreply"
#endif
Reported by FlawFinder.
kernel/trace/trace_functions.c
1 issues
Line: 823
Column: 7
CWE codes:
126
number = strsep(¶m, ":");
if (!strlen(number))
goto out_reg;
/*
* We use the callback data field (which is a pointer)
* as our counter.
Reported by FlawFinder.
include/uapi/linux/netfilter/xt_statistic.h
1 issues
Line: 27
Column: 5
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
union {
struct {
__u32 probability;
} random;
struct {
__u32 every;
__u32 packet;
__u32 count; /* unused */
} nth;
Reported by FlawFinder.
include/uapi/linux/netfilter/xt_sctp.h
1 issues
Line: 66
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset((chunkmap), ~0U, sizeof(chunkmap))
#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \
memcpy((destmap), (srcmap), sizeof(srcmap))
#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \
__sctp_chunkmap_is_clear((chunkmap), ARRAY_SIZE(chunkmap))
static inline _Bool
__sctp_chunkmap_is_clear(const __u32 *chunkmap, unsigned int n)
Reported by FlawFinder.
include/uapi/linux/netfilter/xt_mac.h
1 issues
Line: 8
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/if_ether.h>
struct xt_mac_info {
unsigned char srcaddr[ETH_ALEN];
int invert;
};
#endif /*_XT_MAC_H*/
Reported by FlawFinder.
include/uapi/linux/netfilter/xt_helper.h
1 issues
Line: 7
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct xt_helper_info {
int invert;
char name[30];
};
#endif /* _XT_HELPER_H */
Reported by FlawFinder.
include/uapi/linux/netfilter/xt_comment.h
1 issues
Line: 8
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define XT_MAX_COMMENT_LEN 256
struct xt_comment_info {
char comment[XT_MAX_COMMENT_LEN];
};
#endif /* XT_COMMENT_H */
Reported by FlawFinder.