The following issues were found
net/sunrpc/auth_gss/gss_rpc_upcall.c
1 issues
Line: 323
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data->out_handle = rctxh.exported_context_token;
data->mech_oid.len = rctxh.mech.len;
if (rctxh.mech.data) {
memcpy(data->mech_oid.data, rctxh.mech.data,
data->mech_oid.len);
kfree(rctxh.mech.data);
}
client_name = rctxh.src_name.display_name;
target_name = rctxh.targ_name.display_name;
Reported by FlawFinder.
sound/firewire/fireface/ff-hwdep.c
1 issues
Line: 181
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
return err;
strcpy(hwdep->name, ff->card->driver);
hwdep->iface = SNDRV_HWDEP_IFACE_FW_FIREFACE;
hwdep->ops = hwdep_ops;
hwdep->private_data = ff;
hwdep->exclusive = true;
Reported by FlawFinder.
sound/firewire/fcp.c
1 issues
Line: 369
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
t->state = STATE_COMPLETE;
t->response_size = min_t(unsigned int, length,
t->response_size);
memcpy(t->response_buffer, data,
t->response_size);
}
wake_up(&t->wait);
}
}
Reported by FlawFinder.
security/selinux/include/avc_ss.h
1 issues
Line: 18
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Class/perm mapping support */
struct security_class_mapping {
const char *name;
const char *perms[sizeof(u32) * 8 + 1];
};
extern struct security_class_mapping secclass_map[];
#endif /* _SELINUX_AVC_SS_H_ */
Reported by FlawFinder.
sound/firewire/digi00x/digi00x-midi.c
1 issues
Line: 144
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
label = "%s control";
else
label = "%s MIDI";
snprintf(rmidi->name, sizeof(rmidi->name), label,
dg00x->card->shortname);
snd_rawmidi_set_ops(rmidi, SNDRV_RAWMIDI_STREAM_OUTPUT, &playback_ops);
snd_rawmidi_set_ops(rmidi, SNDRV_RAWMIDI_STREAM_INPUT, &capture_ops);
Reported by FlawFinder.
sound/firewire/digi00x/digi00x-hwdep.c
1 issues
Line: 191
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
return err;
strcpy(hwdep->name, "Digi00x");
hwdep->iface = SNDRV_HWDEP_IFACE_FW_DIGI00X;
hwdep->ops = ops;
hwdep->private_data = dg00x;
hwdep->exclusive = true;
Reported by FlawFinder.
net/sunrpc/auth_gss/gss_generic_token.c
1 issues
Line: 48
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* TWRITE_STR from gssapiP_generic.h */
#define TWRITE_STR(ptr, str, len) \
memcpy((ptr), (char *) (str), (len)); \
(ptr) += (len);
/* XXXX this code currently makes the assumption that a mech oid will
never be longer than 127 bytes. This assumption is not inherent in
the interfaces, so the code can be fixed if the OSI namespace
Reported by FlawFinder.
net/sunrpc/auth_gss/auth_gss_internal.h
1 issues
Line: 21
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const void *q = (const void *)((const char *)p + len);
if (unlikely(q > end || q < p))
return ERR_PTR(-EFAULT);
memcpy(res, p, len);
return q;
}
static inline const void *
simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest)
Reported by FlawFinder.
samples/bpf/tcp_rwnd_kern.c
1 issues
Line: 24
#define DEBUG 1
SEC("sockops")
int bpf_rwnd(struct bpf_sock_ops *skops)
{
int rv = -1;
int op;
Reported by Cppcheck.
net/sunrpc/auth.c
1 issues
Line: 84
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
unsigned int nbits;
nbits = *(unsigned int *)kp->arg;
return sprintf(buffer, "%u\n", 1U << nbits);
}
#define param_check_hashtbl_sz(name, p) __param_check(name, p, unsigned int);
static const struct kernel_param_ops param_ops_hashtbl_sz = {
Reported by FlawFinder.