The following issues were found
net/netfilter/xt_statistic.c
1 issues
Line: 37
Column: 46
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
switch (info->mode) {
case XT_STATISTIC_MODE_RANDOM:
if ((prandom_u32() & 0x7FFFFFFF) < info->u.random.probability)
ret = !ret;
break;
case XT_STATISTIC_MODE_NTH:
do {
oval = atomic_read(&info->master->count);
Reported by FlawFinder.
net/atm/ioctl.c
1 issues
Line: 208
CWE codes:
908
if (get_user(number, &sioc->number))
return -EFAULT;
}
error = atm_dev_ioctl(cmd, buf, len, number, compat);
}
done:
return error;
}
Reported by Cppcheck.
include/uapi/linux/atalk.h
1 issues
Line: 36
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__kernel_sa_family_t sat_family;
__u8 sat_port;
struct atalk_addr sat_addr;
char sat_zero[8];
};
struct atalk_netrange {
__u8 nr_phase;
__be16 nr_firstnet;
Reported by FlawFinder.
include/uapi/linux/android/binderfs.h
1 issues
Line: 24
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*
*/
struct binderfs_device {
char name[BINDERFS_MAX_NAME + 1];
__u32 major;
__u32 minor;
};
/**
Reported by FlawFinder.
include/uapi/drm/via_drm.h
1 issues
Line: 200
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Therefore this somewhat strange construct.
*/
char XvMCLockArea[VIA_MAX_CACHELINE_SIZE * (VIA_NR_XVMC_LOCKS + 1)];
unsigned int XvMCDisplaying[VIA_NR_XVMC_PORTS];
unsigned int XvMCSubPicOn[VIA_NR_XVMC_PORTS];
unsigned int XvMCCtxNoGrabbed; /* Last context to hold decoder */
Reported by FlawFinder.
net/netfilter/xt_tcpudp.c
1 issues
Line: 105
Column: 20
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
!!(tcpinfo->invflags & XT_TCP_INV_DSTPT)))
return false;
if (!NF_INVF(tcpinfo, XT_TCP_INV_FLAGS,
(((unsigned char *)th)[13] & tcpinfo->flg_mask) == tcpinfo->flg_cmp))
return false;
if (tcpinfo->option) {
if (th->doff * 4 < sizeof(_tcph)) {
par->hotdrop = true;
return false;
Reported by FlawFinder.
net/atm/svc.c
1 issues
Line: 427
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct sockaddr_atmsvc *addr;
addr = (struct sockaddr_atmsvc *) sockaddr;
memcpy(addr, peer ? &ATM_SD(sock)->remote : &ATM_SD(sock)->local,
sizeof(struct sockaddr_atmsvc));
return sizeof(struct sockaddr_atmsvc);
}
int svc_change_qos(struct atm_vcc *vcc, struct atm_qos *qos)
Reported by FlawFinder.
net/ax25/ax25_in.c
1 issues
Line: 393
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ax25->digipeat = NULL;
} else {
/* Reverse the source SABM's path */
memcpy(ax25->digipeat, &reverse_dp, sizeof(ax25_digi));
}
if ((*skb->data & ~AX25_PF) == AX25_SABME) {
ax25->modulus = AX25_EMODULUS;
ax25->window = ax25_dev->values[AX25_VALUES_EWINDOW];
Reported by FlawFinder.
net/netlabel/netlabel_domainhash.c
1 issues
Line: 114
Column: 32
CWE codes:
126
/* This is taken (with slight modification) from
* security/selinux/ss/symtab.c:symhash() */
for (iter = 0, val = 0, len = strlen(key); iter < len; iter++)
val = (val << 4 | (val >> (8 * sizeof(u32) - 4))) ^ key[iter];
return val & (netlbl_domhsh_rcu_deref(netlbl_domhsh)->size - 1);
}
static bool netlbl_family_match(u16 f1, u16 f2)
Reported by FlawFinder.
net/ax25/ax25_route.c
1 issues
Line: 283
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int ax25_rt_seq_show(struct seq_file *seq, void *v)
{
char buf[11];
if (v == SEQ_START_TOKEN)
seq_puts(seq, "callsign dev mode digipeaters\n");
else {
struct ax25_route *ax25_rt = v;
Reported by FlawFinder.