The following issues were found
include/uapi/linux/blktrace_api.h
1 issues
Line: 137
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* User setup structure passed with BLKTRACESETUP
*/
struct blk_user_trace_setup {
char name[BLKTRACE_BDEV_SIZE]; /* output */
__u16 act_mask; /* input */
__u32 buf_size; /* input */
__u32 buf_nr; /* input */
__u64 start_lba;
__u64 end_lba;
Reported by FlawFinder.
mm/vmalloc.c
1 issues
Line: 3220
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (p) {
/* We can expect USER0 is not used -- see vread() */
void *map = kmap_atomic(p);
memcpy(buf, map + offset, length);
kunmap_atomic(map);
} else
memset(buf, 0, length);
addr += length;
Reported by FlawFinder.
include/uapi/linux/bcm933xx_hcs.h
1 issues
Line: 19
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 build_date;
__u32 filelen;
__u32 ldaddress;
char filename[64];
__u16 hcs;
__u16 her_znaet_chto;
__u32 crc;
};
Reported by FlawFinder.
net/netfilter/xt_helper.c
1 issues
Line: 50
Column: 5
CWE codes:
126
ret = !ret;
else
ret ^= !strncmp(helper->name, info->name,
strlen(helper->name));
return ret;
}
static int helper_mt_check(const struct xt_mtchk_param *par)
{
Reported by FlawFinder.
include/uapi/linux/bcache.h
1 issues
Line: 109
Column: 32
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return bkey_u64s(k) * sizeof(__u64);
}
#define bkey_copy(_dest, _src) memcpy(_dest, _src, bkey_bytes(_src))
static inline void bkey_copy_key(struct bkey *dest, const struct bkey *src)
{
SET_KEY_INODE(dest, KEY_INODE(src));
SET_KEY_OFFSET(dest, KEY_OFFSET(src));
Reported by FlawFinder.
net/6lowpan/ndisc.c
1 issues
Line: 131
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
read_lock_bh(&neigh->lock);
if (lowpan_802154_is_valid_src_short_addr(n->short_addr)) {
memcpy(ha_buf, &n->short_addr,
IEEE802154_SHORT_ADDR_LEN);
read_unlock_bh(&neigh->lock);
addr_space += __ndisc_opt_addr_space(IEEE802154_SHORT_ADDR_LEN, 0);
*ha = ha_buf;
} else {
Reported by FlawFinder.
net/6lowpan/nhc.c
1 issues
Line: 76
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
/* copy and mask afterwards the nhid value from skb */
memcpy(nhcid_skb_ptr_masked, nhcid_skb_ptr, nhc->idlen);
for (i = 0; i < nhc->idlen; i++)
nhcid_skb_ptr_masked[i] &= nhc->idmask[i];
result = memcmp(nhcid_skb_ptr_masked, nhc->id, nhc->idlen);
if (result < 0)
Reported by FlawFinder.
net/netfilter/xt_ipvs.c
1 issues
Line: 34
Column: 34
CWE codes:
732
/* borrowed from xt_conntrack */
static bool ipvs_mt_addrcmp(const union nf_inet_addr *kaddr,
const union nf_inet_addr *uaddr,
const union nf_inet_addr *umask,
unsigned int l3proto)
{
if (l3proto == NFPROTO_IPV4)
return ((kaddr->ip ^ uaddr->ip) & umask->ip) == 0;
#ifdef CONFIG_IP_VS_IPV6
Reported by FlawFinder.
net/netfilter/xt_limit.c
1 issues
Line: 168
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
.credit_cap = cm->credit_cap,
.cost = cm->cost,
};
memcpy(dst, &m, sizeof(m));
}
static int limit_mt_compat_to_user(void __user *dst, const void *src)
{
const struct xt_rateinfo *m = src;
Reported by FlawFinder.
include/uapi/linux/ax25.h
1 issues
Line: 47
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define AX25_NOUID_BLOCK 1
typedef struct {
char ax25_call[7]; /* 6 call + SSID (shifted ascii!) */
} ax25_address;
struct sockaddr_ax25 {
__kernel_sa_family_t sax25_family;
ax25_address sax25_call;
Reported by FlawFinder.