The following issues were found
net/bridge/br_netfilter_hooks.c
1 issues
Line: 136
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define NF_BRIDGE_MAX_MAC_HEADER_LENGTH (PPPOE_SES_HLEN + ETH_HLEN)
struct brnf_frag_data {
char mac[NF_BRIDGE_MAX_MAC_HEADER_LENGTH];
u8 encap_size;
u8 size;
u16 vlan_tci;
__be16 vlan_proto;
};
Reported by FlawFinder.
net/bridge/br_netlink_tunnel.c
1 issues
Line: 294
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (tinfo_curr->flags & BRIDGE_VLAN_INFO_RANGE_BEGIN) {
if (tinfo_last->flags & BRIDGE_VLAN_INFO_RANGE_BEGIN)
return -EINVAL;
memcpy(tinfo_last, tinfo_curr, sizeof(struct vtunnel_info));
} else if (tinfo_curr->flags & BRIDGE_VLAN_INFO_RANGE_END) {
struct net_bridge_vlan *v_start = NULL, *v_end = NULL;
int t, v;
if (!(tinfo_last->flags & BRIDGE_VLAN_INFO_RANGE_BEGIN))
Reported by FlawFinder.
include/trace/events/qla.h
1 issues
Line: 29
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
),
TP_fast_assign(
__assign_str(buf, buf);
vsnprintf(__get_str(msg), QLA_MSG_MAX, vaf->fmt, *vaf->va);
),
TP_printk("%s %s", __get_str(buf), __get_str(msg))
);
Reported by FlawFinder.
include/trace/events/printk.h
1 issues
Line: 28
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((len > 0) && (text[len-1] == '\n'))
len -= 1;
memcpy(__get_str(msg), text, len);
__get_str(msg)[len] = 0;
),
TP_printk("%s", __get_str(msg))
);
Reported by FlawFinder.
include/trace/events/osnoise.h
1 issues
Line: 23
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
),
TP_fast_assign(
memcpy(__entry->comm, t->comm, TASK_COMM_LEN);
__entry->pid = t->pid;
__entry->start = start;
__entry->duration = duration;
),
Reported by FlawFinder.
include/trace/events/oom.h
1 issues
Line: 24
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
TP_fast_assign(
__entry->pid = task->pid;
memcpy(__entry->comm, task->comm, TASK_COMM_LEN);
__entry->oom_score_adj = task->signal->oom_score_adj;
),
TP_printk("pid=%d comm=%s oom_score_adj=%hd",
__entry->pid, __entry->comm, __entry->oom_score_adj)
Reported by FlawFinder.
net/bridge/netfilter/ebt_among.c
1 issues
Line: 30
Column: 29
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct ebt_mac_wormhash_tuple *p;
int start, limit, i;
uint32_t cmp[2] = { 0, 0 };
int key = ((const unsigned char *)mac)[5];
ether_addr_copy(((char *) cmp) + 2, mac);
start = wh->table[key];
limit = wh->table[key + 1];
if (ip) {
Reported by FlawFinder.
net/bridge/netfilter/ebt_arp.c
1 issues
Line: 70
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (info->bitmask & (EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC)) {
const unsigned char *mp;
unsigned char _mac[ETH_ALEN];
if (ah->ar_hln != ETH_ALEN || ah->ar_hrd != htons(ARPHRD_ETHER))
return false;
if (info->bitmask & EBT_ARP_SRC_MAC) {
mp = skb_header_pointer(skb, sizeof(struct arphdr),
Reported by FlawFinder.
net/bridge/netfilter/ebt_arpreply.c
1 issues
Line: 28
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct arphdr *ap;
struct arphdr _ah;
const unsigned char *shp;
unsigned char _sha[ETH_ALEN];
ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah);
if (ap == NULL)
return EBT_DROP;
Reported by FlawFinder.
include/trace/events/iscsi.h
1 issues
Line: 34
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
TP_fast_assign(
__assign_str(dname, dev_name(dev));
vsnprintf(__get_str(msg), ISCSI_MSG_MAX, vaf->fmt, *vaf->va);
),
TP_printk("%s: %s",__get_str(dname), __get_str(msg)
)
);
Reported by FlawFinder.