The following issues were found
drivers/net/ethernet/amazon/ena/ena_com.c
14 issues
Line: 252
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
reinit_completion(&comp_ctx->wait_event);
memcpy(&admin_queue->sq.entries[tail_masked], cmd, cmd_size_in_bytes);
admin_queue->curr_cmd_id = (admin_queue->curr_cmd_id + 1) &
queue_size_mask;
admin_queue->sq.tail++;
Reported by FlawFinder.
Line: 468
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
comp_ctx->comp_status = cqe->acq_common_descriptor.status;
if (comp_ctx->user_cqe)
memcpy(comp_ctx->user_cqe, (void *)cqe, comp_ctx->comp_size);
if (!admin_queue->polling)
complete(&comp_ctx->wait_event);
}
Reported by FlawFinder.
Line: 1970
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rc)
return rc;
memcpy(&get_feat_ctx->dev_attr, &get_resp.u.dev_attr,
sizeof(get_resp.u.dev_attr));
ena_dev->supported_features = get_resp.u.dev_attr.supported_features;
if (ena_dev->supported_features & BIT(ENA_ADMIN_MAX_QUEUES_EXT)) {
Reported by FlawFinder.
Line: 1986
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ENA_FEATURE_MAX_QUEUE_EXT_VER)
return -EINVAL;
memcpy(&get_feat_ctx->max_queue_ext, &get_resp.u.max_queue_ext,
sizeof(get_resp.u.max_queue_ext));
ena_dev->tx_max_header_size =
get_resp.u.max_queue_ext.max_queue_ext.max_tx_header_size;
} else {
rc = ena_com_get_feature(ena_dev, &get_resp,
Reported by FlawFinder.
Line: 1993
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
rc = ena_com_get_feature(ena_dev, &get_resp,
ENA_ADMIN_MAX_QUEUES_NUM, 0);
memcpy(&get_feat_ctx->max_queues, &get_resp.u.max_queue,
sizeof(get_resp.u.max_queue));
ena_dev->tx_max_header_size =
get_resp.u.max_queue.max_header_size;
if (rc)
Reported by FlawFinder.
Line: 2007
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rc)
return rc;
memcpy(&get_feat_ctx->aenq, &get_resp.u.aenq,
sizeof(get_resp.u.aenq));
rc = ena_com_get_feature(ena_dev, &get_resp,
ENA_ADMIN_STATELESS_OFFLOAD_CONFIG, 0);
if (rc)
Reported by FlawFinder.
Line: 2015
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rc)
return rc;
memcpy(&get_feat_ctx->offload, &get_resp.u.offload,
sizeof(get_resp.u.offload));
/* Driver hints isn't mandatory admin command. So in case the
* command isn't supported set driver hints to 0
*/
Reported by FlawFinder.
Line: 2024
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rc = ena_com_get_feature(ena_dev, &get_resp, ENA_ADMIN_HW_HINTS, 0);
if (!rc)
memcpy(&get_feat_ctx->hw_hints, &get_resp.u.hw_hints,
sizeof(get_resp.u.hw_hints));
else if (rc == -EOPNOTSUPP)
memset(&get_feat_ctx->hw_hints, 0x0,
sizeof(get_feat_ctx->hw_hints));
else
Reported by FlawFinder.
Line: 2034
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rc = ena_com_get_feature(ena_dev, &get_resp, ENA_ADMIN_LLQ, 0);
if (!rc)
memcpy(&get_feat_ctx->llq, &get_resp.u.llq,
sizeof(get_resp.u.llq));
else if (rc == -EOPNOTSUPP)
memset(&get_feat_ctx->llq, 0x0, sizeof(get_feat_ctx->llq));
else
return rc;
Reported by FlawFinder.
Line: 2229
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&ctx, 0x0, sizeof(ctx));
ret = ena_get_dev_stats(ena_dev, &ctx, ENA_ADMIN_GET_STATS_TYPE_ENI);
if (likely(ret == 0))
memcpy(stats, &ctx.get_resp.u.eni_stats,
sizeof(ctx.get_resp.u.eni_stats));
return ret;
}
Reported by FlawFinder.
drivers/scsi/mvsas/mv_sas.c
14 issues
Line: 392
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf_oaf[0] = (1 << 7) | (PROTOCOL_SMP << 4) | 0x01;
buf_oaf[1] = min(sas_port->linkrate, dev->linkrate) & 0xf;
*(u16 *)(buf_oaf + 2) = 0xFFFF; /* SAS SPEC */
memcpy(buf_oaf + 4, dev->sas_addr, SAS_ADDR_SIZE);
/* fill in PRD (scatter/gather) table, if any */
MVS_CHIP_DISP->make_prd(task->scatter, tei->n_elem, buf_prd);
return 0;
Reported by FlawFinder.
Line: 530
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (likely(!task->ata_task.device_control_reg_update))
task->ata_task.fis.flags |= 0x80; /* C=1: update ATA cmd reg */
/* fill in command FIS and ATAPI CDB */
memcpy(buf_cmd, &task->ata_task.fis, sizeof(struct host_to_dev_fis));
if (dev->sata_dev.class == ATA_DEV_ATAPI)
memcpy(buf_cmd + STP_ATAPI_CMD,
task->ata_task.atapi_packet, 16);
/* generate open address frame hdr (first 12 bytes) */
Reported by FlawFinder.
Line: 532
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* fill in command FIS and ATAPI CDB */
memcpy(buf_cmd, &task->ata_task.fis, sizeof(struct host_to_dev_fis));
if (dev->sata_dev.class == ATA_DEV_ATAPI)
memcpy(buf_cmd + STP_ATAPI_CMD,
task->ata_task.atapi_packet, 16);
/* generate open address frame hdr (first 12 bytes) */
/* initiator, STP, ftype 1h */
buf_oaf[0] = (1 << 7) | (PROTOCOL_STP << 4) | 0x1;
Reported by FlawFinder.
Line: 540
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf_oaf[0] = (1 << 7) | (PROTOCOL_STP << 4) | 0x1;
buf_oaf[1] = min(sas_port->linkrate, dev->linkrate) & 0xf;
*(u16 *)(buf_oaf + 2) = cpu_to_be16(mvi_dev->device_id + 1);
memcpy(buf_oaf + 4, dev->sas_addr, SAS_ADDR_SIZE);
/* fill in PRD (scatter/gather) table, if any */
MVS_CHIP_DISP->make_prd(task->scatter, tei->n_elem, buf_prd);
if (task->data_dir == DMA_FROM_DEVICE)
Reported by FlawFinder.
Line: 648
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf_oaf[0] = (1 << 7) | (PROTOCOL_SSP << 4) | 0x1;
buf_oaf[1] = min(sas_port->linkrate, dev->linkrate) & 0xf;
*(u16 *)(buf_oaf + 2) = cpu_to_be16(mvi_dev->device_id + 1);
memcpy(buf_oaf + 4, dev->sas_addr, SAS_ADDR_SIZE);
/* fill in SSP frame header (Command Table.SSP frame header) */
ssp_hdr = (struct ssp_frame_hdr *)buf_cmd;
if (is_tmf)
Reported by FlawFinder.
Line: 658
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
ssp_hdr->frame_type = SSP_COMMAND;
memcpy(ssp_hdr->hashed_dest_addr, dev->hashed_sas_addr,
HASHED_SAS_ADDR_SIZE);
memcpy(ssp_hdr->hashed_src_addr,
dev->hashed_sas_addr, HASHED_SAS_ADDR_SIZE);
ssp_hdr->tag = cpu_to_be16(tag);
Reported by FlawFinder.
Line: 660
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ssp_hdr->hashed_dest_addr, dev->hashed_sas_addr,
HASHED_SAS_ADDR_SIZE);
memcpy(ssp_hdr->hashed_src_addr,
dev->hashed_sas_addr, HASHED_SAS_ADDR_SIZE);
ssp_hdr->tag = cpu_to_be16(tag);
/* fill in IU for TASK and Command Frame */
buf_cmd += sizeof(*ssp_hdr);
Reported by FlawFinder.
Line: 666
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* fill in IU for TASK and Command Frame */
buf_cmd += sizeof(*ssp_hdr);
memcpy(buf_cmd, &task->ssp_task.LUN, 8);
if (ssp_hdr->frame_type != SSP_TASK) {
buf_cmd[9] = fburst | task->ssp_task.task_attr |
(task->ssp_task.task_prio << 3);
memcpy(buf_cmd + 12, task->ssp_task.cmd->cmnd,
Reported by FlawFinder.
Line: 671
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ssp_hdr->frame_type != SSP_TASK) {
buf_cmd[9] = fburst | task->ssp_task.task_attr |
(task->ssp_task.task_prio << 3);
memcpy(buf_cmd + 12, task->ssp_task.cmd->cmnd,
task->ssp_task.cmd->cmd_len);
} else{
buf_cmd[10] = tmf->tmf;
switch (tmf->tmf) {
case TMF_ABORT_TASK:
Reported by FlawFinder.
Line: 1058
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
phy->frame_rcvd_size =
sizeof(struct sas_identify_frame);
}
memcpy(sas_phy->attached_sas_addr,
&phy->att_dev_sas_addr, SAS_ADDR_SIZE);
if (MVS_CHIP_DISP->phy_work_around)
MVS_CHIP_DISP->phy_work_around(mvi, i);
}
Reported by FlawFinder.
drivers/crypto/talitos.c
14 issues
Line: 905
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ctx->keylen)
dma_unmap_single(dev, ctx->dma_key, ctx->keylen, DMA_TO_DEVICE);
memcpy(ctx->key, keys.authkey, keys.authkeylen);
memcpy(&ctx->key[keys.authkeylen], keys.enckey, keys.enckeylen);
ctx->keylen = keys.authkeylen + keys.enckeylen;
ctx->enckeylen = keys.enckeylen;
ctx->authkeylen = keys.authkeylen;
Reported by FlawFinder.
Line: 906
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dma_unmap_single(dev, ctx->dma_key, ctx->keylen, DMA_TO_DEVICE);
memcpy(ctx->key, keys.authkey, keys.authkeylen);
memcpy(&ctx->key[keys.authkeylen], keys.enckey, keys.enckeylen);
ctx->keylen = keys.authkeylen + keys.enckeylen;
ctx->enckeylen = keys.enckeylen;
ctx->authkeylen = keys.authkeylen;
ctx->dma_key = dma_map_single(dev, ctx->key, ctx->keylen,
Reported by FlawFinder.
Line: 945
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ctx->keylen)
dma_unmap_single(dev, ctx->dma_key, ctx->keylen, DMA_TO_DEVICE);
memcpy(ctx->key, keys.authkey, keys.authkeylen);
memcpy(&ctx->key[keys.authkeylen], keys.enckey, keys.enckeylen);
ctx->keylen = keys.authkeylen + keys.enckeylen;
ctx->enckeylen = keys.enckeylen;
ctx->authkeylen = keys.authkeylen;
Reported by FlawFinder.
Line: 946
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dma_unmap_single(dev, ctx->dma_key, ctx->keylen, DMA_TO_DEVICE);
memcpy(ctx->key, keys.authkey, keys.authkeylen);
memcpy(&ctx->key[keys.authkeylen], keys.enckey, keys.enckeylen);
ctx->keylen = keys.authkeylen + keys.enckeylen;
ctx->enckeylen = keys.enckeylen;
ctx->authkeylen = keys.authkeylen;
ctx->dma_key = dma_map_single(dev, ctx->key, ctx->keylen,
Reported by FlawFinder.
Line: 1400
Column: 8
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!edesc)
return ERR_PTR(-ENOMEM);
if (ivsize) {
iv = memcpy(((u8 *)edesc) + alloc_len - ivsize, iv, ivsize);
iv_dma = dma_map_single(dev, iv, ivsize, DMA_TO_DEVICE);
}
memset(&edesc->desc, 0, sizeof(edesc->desc));
edesc->src_nents = src_nents;
Reported by FlawFinder.
Line: 1500
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ctx->keylen)
dma_unmap_single(dev, ctx->dma_key, ctx->keylen, DMA_TO_DEVICE);
memcpy(&ctx->key, key, keylen);
ctx->keylen = keylen;
ctx->dma_key = dma_map_single(dev, ctx->key, keylen, DMA_TO_DEVICE);
return 0;
Reported by FlawFinder.
Line: 1559
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
edesc = container_of(desc, struct talitos_edesc, desc);
common_nonsnoop_unmap(dev, edesc, areq);
memcpy(areq->iv, ctx->iv, ivsize);
kfree(edesc);
areq->base.complete(&areq->base, err);
}
Reported by FlawFinder.
Line: 1717
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
desc->ptr[5].ptr != desc2->ptr[5].ptr)
unmap_single_talitos_ptr(dev, &desc2->ptr[5], DMA_FROM_DEVICE);
if (req_ctx->last)
memcpy(areq->result, req_ctx->hw_context,
crypto_ahash_digestsize(tfm));
if (req_ctx->psrc)
talitos_sg_unmap(dev, edesc, req_ctx->psrc, NULL, 0, 0);
Reported by FlawFinder.
Line: 2144
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
DMA_FROM_DEVICE);
dma_unmap_single(dev, dma, req_ctx->hw_context_size, DMA_FROM_DEVICE);
memcpy(export->hw_context, req_ctx->hw_context,
req_ctx->hw_context_size);
memcpy(export->buf, req_ctx->buf[req_ctx->buf_idx], req_ctx->nbuf);
export->swinit = req_ctx->swinit;
export->first = req_ctx->first;
export->last = req_ctx->last;
Reported by FlawFinder.
Line: 2146
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(export->hw_context, req_ctx->hw_context,
req_ctx->hw_context_size);
memcpy(export->buf, req_ctx->buf[req_ctx->buf_idx], req_ctx->nbuf);
export->swinit = req_ctx->swinit;
export->first = req_ctx->first;
export->last = req_ctx->last;
export->to_hash_later = req_ctx->to_hash_later;
export->nbuf = req_ctx->nbuf;
Reported by FlawFinder.
drivers/net/fddi/skfp/skfddi.c
14 issues
Line: 434
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
read_address(smc, NULL);
pr_debug("HW-Addr: %pMF\n", smc->hw.fddi_canon_addr.a);
memcpy(dev->dev_addr, smc->hw.fddi_canon_addr.a, ETH_ALEN);
smt_reset_defaults(smc, 0);
return 0;
Reported by FlawFinder.
Line: 501
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* address.
*/
read_address(smc, NULL);
memcpy(dev->dev_addr, smc->hw.fddi_canon_addr.a, ETH_ALEN);
init_smt(smc, NULL);
smt_online(smc, 1);
STI_FBI();
Reported by FlawFinder.
Line: 683
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Fill the bp->stats structure with the SMT MIB object values */
memcpy(bp->stats.smt_station_id, &bp->cmd_rsp_virt->smt_mib_get.smt_station_id, sizeof(bp->cmd_rsp_virt->smt_mib_get.smt_station_id));
bp->stats.smt_op_version_id = bp->cmd_rsp_virt->smt_mib_get.smt_op_version_id;
bp->stats.smt_hi_version_id = bp->cmd_rsp_virt->smt_mib_get.smt_hi_version_id;
bp->stats.smt_lo_version_id = bp->cmd_rsp_virt->smt_mib_get.smt_lo_version_id;
memcpy(bp->stats.smt_user_data, &bp->cmd_rsp_virt->smt_mib_get.smt_user_data, sizeof(bp->cmd_rsp_virt->smt_mib_get.smt_user_data));
bp->stats.smt_mib_version_id = bp->cmd_rsp_virt->smt_mib_get.smt_mib_version_id;
Reported by FlawFinder.
Line: 687
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bp->stats.smt_op_version_id = bp->cmd_rsp_virt->smt_mib_get.smt_op_version_id;
bp->stats.smt_hi_version_id = bp->cmd_rsp_virt->smt_mib_get.smt_hi_version_id;
bp->stats.smt_lo_version_id = bp->cmd_rsp_virt->smt_mib_get.smt_lo_version_id;
memcpy(bp->stats.smt_user_data, &bp->cmd_rsp_virt->smt_mib_get.smt_user_data, sizeof(bp->cmd_rsp_virt->smt_mib_get.smt_user_data));
bp->stats.smt_mib_version_id = bp->cmd_rsp_virt->smt_mib_get.smt_mib_version_id;
bp->stats.smt_mac_cts = bp->cmd_rsp_virt->smt_mib_get.smt_mac_ct;
bp->stats.smt_non_master_cts = bp->cmd_rsp_virt->smt_mib_get.smt_non_master_ct;
bp->stats.smt_master_cts = bp->cmd_rsp_virt->smt_mib_get.smt_master_ct;
bp->stats.smt_available_paths = bp->cmd_rsp_virt->smt_mib_get.smt_available_paths;
Reported by FlawFinder.
Line: 712
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bp->stats.mac_tvx_capability = bp->cmd_rsp_virt->smt_mib_get.mac_tvx_capability;
bp->stats.mac_available_paths = bp->cmd_rsp_virt->smt_mib_get.mac_available_paths;
bp->stats.mac_current_path = bp->cmd_rsp_virt->smt_mib_get.mac_current_path;
memcpy(bp->stats.mac_upstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_upstream_nbr, FDDI_K_ALEN);
memcpy(bp->stats.mac_downstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_downstream_nbr, FDDI_K_ALEN);
memcpy(bp->stats.mac_old_upstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_old_upstream_nbr, FDDI_K_ALEN);
memcpy(bp->stats.mac_old_downstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_old_downstream_nbr, FDDI_K_ALEN);
bp->stats.mac_dup_address_test = bp->cmd_rsp_virt->smt_mib_get.mac_dup_address_test;
bp->stats.mac_requested_paths = bp->cmd_rsp_virt->smt_mib_get.mac_requested_paths;
Reported by FlawFinder.
Line: 713
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bp->stats.mac_available_paths = bp->cmd_rsp_virt->smt_mib_get.mac_available_paths;
bp->stats.mac_current_path = bp->cmd_rsp_virt->smt_mib_get.mac_current_path;
memcpy(bp->stats.mac_upstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_upstream_nbr, FDDI_K_ALEN);
memcpy(bp->stats.mac_downstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_downstream_nbr, FDDI_K_ALEN);
memcpy(bp->stats.mac_old_upstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_old_upstream_nbr, FDDI_K_ALEN);
memcpy(bp->stats.mac_old_downstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_old_downstream_nbr, FDDI_K_ALEN);
bp->stats.mac_dup_address_test = bp->cmd_rsp_virt->smt_mib_get.mac_dup_address_test;
bp->stats.mac_requested_paths = bp->cmd_rsp_virt->smt_mib_get.mac_requested_paths;
bp->stats.mac_downstream_port_type = bp->cmd_rsp_virt->smt_mib_get.mac_downstream_port_type;
Reported by FlawFinder.
Line: 714
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bp->stats.mac_current_path = bp->cmd_rsp_virt->smt_mib_get.mac_current_path;
memcpy(bp->stats.mac_upstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_upstream_nbr, FDDI_K_ALEN);
memcpy(bp->stats.mac_downstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_downstream_nbr, FDDI_K_ALEN);
memcpy(bp->stats.mac_old_upstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_old_upstream_nbr, FDDI_K_ALEN);
memcpy(bp->stats.mac_old_downstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_old_downstream_nbr, FDDI_K_ALEN);
bp->stats.mac_dup_address_test = bp->cmd_rsp_virt->smt_mib_get.mac_dup_address_test;
bp->stats.mac_requested_paths = bp->cmd_rsp_virt->smt_mib_get.mac_requested_paths;
bp->stats.mac_downstream_port_type = bp->cmd_rsp_virt->smt_mib_get.mac_downstream_port_type;
memcpy(bp->stats.mac_smt_address, &bp->cmd_rsp_virt->smt_mib_get.mac_smt_address, FDDI_K_ALEN);
Reported by FlawFinder.
Line: 715
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(bp->stats.mac_upstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_upstream_nbr, FDDI_K_ALEN);
memcpy(bp->stats.mac_downstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_downstream_nbr, FDDI_K_ALEN);
memcpy(bp->stats.mac_old_upstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_old_upstream_nbr, FDDI_K_ALEN);
memcpy(bp->stats.mac_old_downstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_old_downstream_nbr, FDDI_K_ALEN);
bp->stats.mac_dup_address_test = bp->cmd_rsp_virt->smt_mib_get.mac_dup_address_test;
bp->stats.mac_requested_paths = bp->cmd_rsp_virt->smt_mib_get.mac_requested_paths;
bp->stats.mac_downstream_port_type = bp->cmd_rsp_virt->smt_mib_get.mac_downstream_port_type;
memcpy(bp->stats.mac_smt_address, &bp->cmd_rsp_virt->smt_mib_get.mac_smt_address, FDDI_K_ALEN);
bp->stats.mac_t_req = bp->cmd_rsp_virt->smt_mib_get.mac_t_req;
Reported by FlawFinder.
Line: 719
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bp->stats.mac_dup_address_test = bp->cmd_rsp_virt->smt_mib_get.mac_dup_address_test;
bp->stats.mac_requested_paths = bp->cmd_rsp_virt->smt_mib_get.mac_requested_paths;
bp->stats.mac_downstream_port_type = bp->cmd_rsp_virt->smt_mib_get.mac_downstream_port_type;
memcpy(bp->stats.mac_smt_address, &bp->cmd_rsp_virt->smt_mib_get.mac_smt_address, FDDI_K_ALEN);
bp->stats.mac_t_req = bp->cmd_rsp_virt->smt_mib_get.mac_t_req;
bp->stats.mac_t_neg = bp->cmd_rsp_virt->smt_mib_get.mac_t_neg;
bp->stats.mac_t_max = bp->cmd_rsp_virt->smt_mib_get.mac_t_max;
bp->stats.mac_tvx_value = bp->cmd_rsp_virt->smt_mib_get.mac_tvx_value;
bp->stats.mac_frame_error_threshold = bp->cmd_rsp_virt->smt_mib_get.mac_frame_error_threshold;
Reported by FlawFinder.
Line: 736
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bp->stats.path_tvx_lower_bound = bp->cmd_rsp_virt->smt_mib_get.path_tvx_lower_bound;
bp->stats.path_t_max_lower_bound = bp->cmd_rsp_virt->smt_mib_get.path_t_max_lower_bound;
bp->stats.path_max_t_req = bp->cmd_rsp_virt->smt_mib_get.path_max_t_req;
memcpy(bp->stats.path_configuration, &bp->cmd_rsp_virt->smt_mib_get.path_configuration, sizeof(bp->cmd_rsp_virt->smt_mib_get.path_configuration));
bp->stats.port_my_type[0] = bp->cmd_rsp_virt->smt_mib_get.port_my_type[0];
bp->stats.port_my_type[1] = bp->cmd_rsp_virt->smt_mib_get.port_my_type[1];
bp->stats.port_neighbor_type[0] = bp->cmd_rsp_virt->smt_mib_get.port_neighbor_type[0];
bp->stats.port_neighbor_type[1] = bp->cmd_rsp_virt->smt_mib_get.port_neighbor_type[1];
bp->stats.port_connection_policies[0] = bp->cmd_rsp_virt->smt_mib_get.port_connection_policies[0];
Reported by FlawFinder.
arch/arm64/crypto/ghash-ce-glue.c
14 issues
Line: 130
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (partial) {
int p = GHASH_BLOCK_SIZE - partial;
memcpy(ctx->buf + partial, src, p);
src += p;
len -= p;
}
blocks = len / GHASH_BLOCK_SIZE;
Reported by FlawFinder.
Line: 151
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} while (unlikely(blocks > 0));
}
if (len)
memcpy(ctx->buf + partial, src, len);
return 0;
}
static int ghash_final(struct shash_desc *desc, u8 *dst)
{
Reported by FlawFinder.
Line: 195
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
/* needed for the fallback */
memcpy(&key->k, inkey, GHASH_BLOCK_SIZE);
ghash_reflect(key->h[0], &key->k);
return 0;
}
Reported by FlawFinder.
Line: 244
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
aes_encrypt(&ctx->aes_key, key, (u8[AES_BLOCK_SIZE]){});
/* needed for the fallback */
memcpy(&ctx->ghash_key.k, key, GHASH_BLOCK_SIZE);
ghash_reflect(ctx->ghash_key.h[0], &ctx->ghash_key.k);
h = ctx->ghash_key.k;
gf128mul_lle(&h, &ctx->ghash_key.k);
Reported by FlawFinder.
Line: 280
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (*buf_count > 0) {
int buf_added = min(count, GHASH_BLOCK_SIZE - *buf_count);
memcpy(&buf[*buf_count], src, buf_added);
*buf_count += buf_added;
src += buf_added;
count -= buf_added;
}
Reported by FlawFinder.
Line: 300
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (count > 0) {
memcpy(buf, src, count);
*buf_count = count;
}
}
static void gcm_calculate_auth_mac(struct aead_request *req, u64 dg[])
Reported by FlawFinder.
Line: 360
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (req->assoclen)
gcm_calculate_auth_mac(req, dg);
memcpy(iv, req->iv, GCM_IV_SIZE);
put_unaligned_be32(2, iv + GCM_IV_SIZE);
err = skcipher_walk_aead_encrypt(&walk, req, false);
if (likely(crypto_simd_usable())) {
Reported by FlawFinder.
Line: 374
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tag = (u8 *)&lengths;
if (unlikely(nbytes > 0 && nbytes < AES_BLOCK_SIZE)) {
src = dst = memcpy(buf + sizeof(buf) - nbytes,
src, nbytes);
} else if (nbytes < walk.total) {
nbytes &= ~(AES_BLOCK_SIZE - 1);
tag = NULL;
}
Reported by FlawFinder.
Line: 391
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
if (unlikely(nbytes > 0 && nbytes < AES_BLOCK_SIZE))
memcpy(walk.dst.virt.addr,
buf + sizeof(buf) - nbytes, nbytes);
err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
} while (walk.nbytes);
} else {
Reported by FlawFinder.
Line: 426
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
crypto_xor_cpy(walk.dst.virt.addr, walk.src.virt.addr,
buf, walk.nbytes);
memcpy(buf, walk.dst.virt.addr, walk.nbytes);
memset(buf + walk.nbytes, 0, sizeof(buf) - walk.nbytes);
}
tag = (u8 *)&lengths;
ghash_do_update(1, dg, tag, &ctx->ghash_key,
Reported by FlawFinder.
arch/powerpc/platforms/pseries/vio.c
14 issues
Line: 1551
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t name_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%s\n", to_vio_dev(dev)->name);
}
static DEVICE_ATTR_RO(name);
static ssize_t devspec_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 1582
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return strlen(buf);
}
return sprintf(buf, "vio:T%sS%s\n", vio_dev->type, cp);
}
static DEVICE_ATTR_RO(modalias);
static struct attribute *vio_dev_attrs[] = {
&dev_attr_name.attr,
Reported by FlawFinder.
Line: 941
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, \
char *buf) \
{ \
return sprintf(buf, "%lu\n", to_vio_dev(dev)->cmo.name); \
}
static ssize_t cmo_allocs_failed_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 948
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf)
{
struct vio_dev *viodev = to_vio_dev(dev);
return sprintf(buf, "%d\n", atomic_read(&viodev->cmo.allocs_failed));
}
static ssize_t cmo_allocs_failed_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 1009
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
#define viobus_cmo_rd_attr(name) \
static ssize_t cmo_bus_##name##_show(struct bus_type *bt, char *buf) \
{ \
return sprintf(buf, "%lu\n", vio_cmo.name); \
} \
static struct bus_attribute bus_attr_cmo_bus_##name = \
__ATTR(cmo_##name, S_IRUGO, cmo_bus_##name##_show, NULL)
#define viobus_cmo_pool_rd_attr(name, var) \
Reported by FlawFinder.
Line: 1018
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t \
cmo_##name##_##var##_show(struct bus_type *bt, char *buf) \
{ \
return sprintf(buf, "%lu\n", vio_cmo.name.var); \
} \
static BUS_ATTR_RO(cmo_##name##_##var)
viobus_cmo_rd_attr(entitled);
viobus_cmo_rd_attr(spare);
Reported by FlawFinder.
Line: 1033
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t cmo_high_show(struct bus_type *bt, char *buf)
{
return sprintf(buf, "%lu\n", vio_cmo.high);
}
static ssize_t cmo_high_store(struct bus_type *bt, const char *buf,
size_t count)
{
Reported by FlawFinder.
Line: 1560
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct device_node *of_node = dev->of_node;
return sprintf(buf, "%pOF\n", of_node);
}
static DEVICE_ATTR_RO(devspec);
static ssize_t modalias_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 1676
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct vio_dev *vio_find_node(struct device_node *vnode)
{
char kobj_name[20];
struct device_node *vnode_parent;
vnode_parent = of_get_parent(vnode);
if (!vnode_parent)
return NULL;
Reported by FlawFinder.
Line: 1219
Column: 38
CWE codes:
126
const struct vio_device_id *ids, const struct vio_dev *dev)
{
while (ids->type[0] != '\0') {
if ((strncmp(dev->type, ids->type, strlen(ids->type)) == 0) &&
of_device_is_compatible(dev->dev.of_node,
ids->compat))
return ids;
ids++;
}
Reported by FlawFinder.
security/keys/request_key.c
14 issues
Line: 122
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct cred *cred = current_cred();
key_serial_t prkey, sskey;
struct key *key = rka->target_key, *keyring, *session, *user_session;
char *argv[9], *envp[3], uid_str[12], gid_str[12];
char key_str[12], keyring_str[3][12];
char desc[20];
int ret, i;
kenter("{%d},{%d},%s", key->serial, authkey->serial, rka->op);
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
key_serial_t prkey, sskey;
struct key *key = rka->target_key, *keyring, *session, *user_session;
char *argv[9], *envp[3], uid_str[12], gid_str[12];
char key_str[12], keyring_str[3][12];
char desc[20];
int ret, i;
kenter("{%d},{%d},%s", key->serial, authkey->serial, rka->op);
Reported by FlawFinder.
Line: 124
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct key *key = rka->target_key, *keyring, *session, *user_session;
char *argv[9], *envp[3], uid_str[12], gid_str[12];
char key_str[12], keyring_str[3][12];
char desc[20];
int ret, i;
kenter("{%d},{%d},%s", key->serial, authkey->serial, rka->op);
ret = look_up_user_keyrings(NULL, &user_session);
Reported by FlawFinder.
Line: 134
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto error_us;
/* allocate a new session keyring */
sprintf(desc, "_req.%u", key->serial);
cred = get_current_cred();
keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
KEY_ALLOC_QUOTA_OVERRUN, NULL, NULL);
Reported by FlawFinder.
Line: 152
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto error_link;
/* record the UID and GID */
sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid));
sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid));
/* we say which key is under construction */
sprintf(key_str, "%d", key->serial);
Reported by FlawFinder.
Line: 153
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* record the UID and GID */
sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid));
sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid));
/* we say which key is under construction */
sprintf(key_str, "%d", key->serial);
/* we specify the process's default keyrings */
Reported by FlawFinder.
Line: 156
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid));
/* we say which key is under construction */
sprintf(key_str, "%d", key->serial);
/* we specify the process's default keyrings */
sprintf(keyring_str[0], "%d",
cred->thread_keyring ? cred->thread_keyring->serial : 0);
Reported by FlawFinder.
Line: 159
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(key_str, "%d", key->serial);
/* we specify the process's default keyrings */
sprintf(keyring_str[0], "%d",
cred->thread_keyring ? cred->thread_keyring->serial : 0);
prkey = 0;
if (cred->process_keyring)
prkey = cred->process_keyring->serial;
Reported by FlawFinder.
Line: 165
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
prkey = 0;
if (cred->process_keyring)
prkey = cred->process_keyring->serial;
sprintf(keyring_str[1], "%d", prkey);
session = cred->session_keyring;
if (!session)
session = user_session;
sskey = session->serial;
Reported by FlawFinder.
Line: 172
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
session = user_session;
sskey = session->serial;
sprintf(keyring_str[2], "%d", sskey);
/* set up a minimal environment */
i = 0;
envp[i++] = "HOME=/";
envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
Reported by FlawFinder.
drivers/mtd/tests/torturetest.c
14 issues
Line: 73
Column: 43
CWE codes:
120
20
static int pgsize;
static ktime_t start, finish;
static void report_corrupt(unsigned char *read, unsigned char *written);
static inline void start_timing(void)
{
start = ktime_get();
}
Reported by FlawFinder.
Line: 92
Column: 9
CWE codes:
120
20
static inline int check_eraseblock(int ebnum, unsigned char *buf)
{
int err, retries = 0;
size_t read;
loff_t addr = (loff_t)ebnum * mtd->erasesize;
size_t len = mtd->erasesize;
if (pgcnt) {
addr = (loff_t)(ebnum + 1) * mtd->erasesize - pgcnt * pgsize;
Reported by FlawFinder.
Line: 102
Column: 34
CWE codes:
120
20
}
retry:
err = mtd_read(mtd, addr, len, &read, check_buf);
if (mtd_is_bitflip(err))
pr_err("single bit flip occurred at EB %d "
"MTD reported that it was fixed.\n", ebnum);
else if (err) {
pr_err("error %d while reading EB %d, "
Reported by FlawFinder.
Line: 108
Column: 36
CWE codes:
120
20
"MTD reported that it was fixed.\n", ebnum);
else if (err) {
pr_err("error %d while reading EB %d, "
"read %zd\n", err, ebnum, read);
return err;
}
if (read != len) {
pr_err("failed to read %zd bytes from EB %d, "
Reported by FlawFinder.
Line: 112
Column: 6
CWE codes:
120
20
return err;
}
if (read != len) {
pr_err("failed to read %zd bytes from EB %d, "
"read only %zd, but no error reported\n",
len, ebnum, read);
return -EIO;
}
Reported by FlawFinder.
Line: 115
Column: 22
CWE codes:
120
20
if (read != len) {
pr_err("failed to read %zd bytes from EB %d, "
"read only %zd, but no error reported\n",
len, ebnum, read);
return -EIO;
}
if (memcmp(buf, check_buf, len)) {
pr_err("read wrong data from EB %d\n", ebnum);
Reported by FlawFinder.
Line: 364
Column: 39
CWE codes:
120
20
static int countdiffs(unsigned char *buf, unsigned char *check_buf,
unsigned offset, unsigned len, unsigned *bytesp,
unsigned *bitsp);
static void print_bufs(unsigned char *read, unsigned char *written, int start,
int len);
/*
* Report the detailed information about how the read EB differs from what was
* written.
Reported by FlawFinder.
Line: 371
Column: 43
CWE codes:
120
20
* Report the detailed information about how the read EB differs from what was
* written.
*/
static void report_corrupt(unsigned char *read, unsigned char *written)
{
int i;
int bytes, bits, pages, first;
int offset, len;
size_t check_len = mtd->erasesize;
Reported by FlawFinder.
Line: 383
Column: 27
CWE codes:
120
20
bytes = bits = pages = 0;
for (i = 0; i < check_len; i += pgsize)
if (countdiffs(written, read, i, pgsize, &bytes,
&bits) >= 0)
pages++;
pr_info("verify fails on %d pages, %d bytes/%d bits\n",
pages, bytes, bits);
Reported by FlawFinder.
Line: 395
Column: 31
CWE codes:
120
20
for (i = 0; i < check_len; i += pgsize) {
cond_resched();
bytes = bits = 0;
first = countdiffs(written, read, i, pgsize, &bytes,
&bits);
if (first < 0)
continue;
printk("-------------------------------------------------------"
Reported by FlawFinder.
drivers/crypto/n2_core.c
14 issues
Line: 1545
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p->irq = dev->archdata.irqs[index];
sprintf(p->irq_name, "%s-%d", irq_name, index);
return request_irq(p->irq, handler, 0, p->irq_name, p);
}
static struct kmem_cache *queue_cache[2];
Reported by FlawFinder.
Line: 65
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long devino;
char irq_name[32];
unsigned int irq;
struct list_head list;
};
Reported by FlawFinder.
Line: 298
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct crypto_shash *child_shash;
int hash_key_len;
unsigned char hash_key[N2_HASH_KEY_MAX];
};
struct n2_hash_req_ctx {
union {
struct md5_state md5;
Reported by FlawFinder.
Line: 483
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return err;
keylen = ds;
} else if (keylen <= N2_HASH_KEY_MAX)
memcpy(ctx->hash_key, key, keylen);
ctx->hash_key_len = keylen;
return err;
}
Reported by FlawFinder.
Line: 601
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_unlock_irqrestore(&qp->lock, flags);
if (!err)
memcpy(req->result, hash_loc, result_size);
out:
put_cpu();
return err;
}
Reported by FlawFinder.
Line: 616
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ds = n2alg->digest_size;
if (unlikely(req->nbytes == 0)) {
memcpy(req->result, n2alg->hash_zero, ds);
return 0;
}
memcpy(&rctx->u, n2alg->hash_init, n2alg->hw_op_hashsz);
return n2_do_async_digest(req, n2alg->auth_type,
Reported by FlawFinder.
Line: 619
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(req->result, n2alg->hash_zero, ds);
return 0;
}
memcpy(&rctx->u, n2alg->hash_init, n2alg->hw_op_hashsz);
return n2_do_async_digest(req, n2alg->auth_type,
n2alg->hw_op_hashsz, ds,
&rctx->u, 0UL, 0);
}
Reported by FlawFinder.
Line: 649
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return crypto_ahash_digest(&rctx->fallback_req);
}
memcpy(&rctx->u, n2alg->derived.hash_init,
n2alg->derived.hw_op_hashsz);
return n2_do_async_digest(req, n2alg->derived.hmac_type,
n2alg->derived.hw_op_hashsz, ds,
&rctx->u,
Reported by FlawFinder.
Line: 750
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
ctx->key_len = keylen;
memcpy(ctx->key.aes, key, keylen);
return 0;
}
static int n2_des_setkey(struct crypto_skcipher *skcipher, const u8 *key,
unsigned int keylen)
Reported by FlawFinder.
Line: 769
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ctx->enc_type = n2alg->enc_type;
ctx->key_len = keylen;
memcpy(ctx->key.des, key, keylen);
return 0;
}
static int n2_3des_setkey(struct crypto_skcipher *skcipher, const u8 *key,
unsigned int keylen)
Reported by FlawFinder.
security/apparmor/apparmorfs.c
14 issues
Line: 535
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t size, loff_t *ppos)
{
struct aa_revision *rev = file->private_data;
char buffer[32];
long last_read;
int avail;
mutex_lock_nested(&rev->ns->lock, rev->ns->level);
last_read = rev->last_read;
Reported by FlawFinder.
Line: 552
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_lock_nested(&rev->ns->lock, rev->ns->level);
}
avail = sprintf(buffer, "%ld\n", rev->ns->revision);
if (*ppos + size > avail) {
rev->last_read = rev->ns->revision;
*ppos = 0;
}
mutex_unlock(&rev->ns->lock);
Reported by FlawFinder.
Line: 714
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL; /* not enough space */
}
outle32 = __cpu_to_le32(data->size);
memcpy(out, &outle32, sizeof(outle32));
out += sizeof(outle32);
memcpy(out, data->data, data->size);
out += data->size;
blocks++;
}
Reported by FlawFinder.
Line: 716
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
outle32 = __cpu_to_le32(data->size);
memcpy(out, &outle32, sizeof(outle32));
out += sizeof(outle32);
memcpy(out, data->data, data->size);
out += data->size;
blocks++;
}
}
aa_put_label(label);
Reported by FlawFinder.
Line: 724
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
aa_put_label(label);
outle32 = __cpu_to_le32(out - buf - sizeof(bytes));
memcpy(buf, &outle32, sizeof(outle32));
outle32 = __cpu_to_le32(blocks);
memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32));
return out - buf;
}
Reported by FlawFinder.
Line: 726
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
outle32 = __cpu_to_le32(out - buf - sizeof(bytes));
memcpy(buf, &outle32, sizeof(outle32));
outle32 = __cpu_to_le32(blocks);
memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32));
return out - buf;
}
/**
Reported by FlawFinder.
Line: 1304
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (aa_g_rawdata_compression_level == 0) {
if (dlen < slen)
return -EINVAL;
memcpy(dst, src, slen);
return 0;
}
memset(&strm, 0, sizeof(strm));
Reported by FlawFinder.
Line: 1584
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return ERR_PTR(-ENOMEM);
for (; depth > 0; depth--) {
strcpy(s, "../../");
s += 6;
size -= 6;
}
error = snprintf(s, size, "raw_data/%s/%s", dirname, fname);
Reported by FlawFinder.
Line: 1699
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
mangle_name(profile->base.name, profile->dirname);
sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
}
dent = aafs_create_dir(profile->dirname, parent);
if (IS_ERR(dent))
goto fail;
Reported by FlawFinder.
Line: 2562
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int policy_readlink(struct dentry *dentry, char __user *buffer,
int buflen)
{
char name[32];
int res;
res = snprintf(name, sizeof(name), "%s:[%lu]", AAFS_NAME,
d_inode(dentry)->i_ino);
if (res > 0 && res < sizeof(name))
Reported by FlawFinder.