The following issues were found
fs/overlayfs/overlayfs.h
1 issues
Line: 454
Column: 45
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
void ovl_cleanup_whiteouts(struct dentry *upper, struct list_head *list);
void ovl_cache_free(struct list_head *list);
void ovl_dir_cache_free(struct inode *inode);
int ovl_check_d_type_supported(struct path *realpath);
int ovl_workdir_cleanup(struct inode *dir, struct vfsmount *mnt,
struct dentry *dentry, int level);
int ovl_indexdir_cleanup(struct ovl_fs *ofs);
/*
Reported by FlawFinder.
fs/overlayfs/ovl_entry.h
1 issues
Line: 68
Column: 7
CWE codes:
377
struct ovl_config config;
/* creds of process who forced instantiation of super block */
const struct cred *creator_cred;
bool tmpfile;
bool noxattr;
/* Did we take the inuse lock? */
bool upperdir_locked;
bool workdir_locked;
bool share_whiteout;
Reported by FlawFinder.
fs/minix/minix.h
1 issues
Line: 99
Column: 19
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
#if defined(CONFIG_MINIX_FS_NATIVE_ENDIAN) && \
defined(CONFIG_MINIX_FS_BIG_ENDIAN_16BIT_INDEXED)
#error Minix file system byte order broken
#elif defined(CONFIG_MINIX_FS_NATIVE_ENDIAN)
/*
* big-endian 32 or 64 bit indexed bitmaps on big-endian system or
Reported by FlawFinder.
fs/locks.c
1 issues
Line: 2849
Column: 42
CWE codes:
126
seq_printf(f, "%lld: ", id);
if (repeat)
seq_printf(f, "%*s", repeat - 1 + (int)strlen(pfx), pfx);
if (IS_POSIX(fl)) {
if (fl->fl_flags & FL_ACCESS)
seq_puts(f, "ACCESS");
else if (IS_OFDLCK(fl))
Reported by FlawFinder.
fs/lockd/xdr4.c
1 issues
Line: 63
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!p)
return false;
fh->size = len;
memcpy(fh->data, p, len);
memset(fh->data + len, 0, sizeof(fh->data) - len);
return true;
}
Reported by FlawFinder.
fs/lockd/xdr.c
1 issues
Line: 65
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!p)
return false;
fh->size = NFS2_FHSIZE;
memcpy(fh->data, p, len);
memset(fh->data + NFS2_FHSIZE, 0, sizeof(fh->data) - NFS2_FHSIZE);
return true;
}
Reported by FlawFinder.
fs/lockd/svcshare.c
1 issues
Line: 50
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy owner handle */
ohdata = (u8 *) (share + 1);
memcpy(ohdata, oh->data, oh->len);
share->s_file = file;
share->s_host = host;
share->s_owner.data = ohdata;
share->s_owner.len = oh->len;
Reported by FlawFinder.
fs/proc/bootconfig.c
1 issues
Line: 29
CWE codes:
682
static int __init copy_xbc_key_value_list(char *dst, size_t size)
{
struct xbc_node *leaf, *vnode;
char *key, *end = dst + size;
const char *val;
char q;
int ret = 0;
key = kzalloc(XBC_KEYLEN_MAX, GFP_KERNEL);
Reported by Cppcheck.
include/linux/soc/qcom/apr.h
1 issues
Line: 87
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint16_t svc_id;
uint16_t domain_id;
uint32_t version;
char name[APR_NAME_SIZE];
const char *service_path;
spinlock_t lock;
struct list_head node;
};
Reported by FlawFinder.
fs/proc/fd.c
1 issues
Line: 247
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (fd = ctx->pos - 2;; fd++) {
struct file *f;
struct fd_data data;
char name[10 + 1];
unsigned int len;
f = task_lookup_next_fd_rcu(p, &fd);
ctx->pos = fd + 2LL;
if (!f)
Reported by FlawFinder.