The following issues were found
tools/cgroup/iocost_coef_gen.py
51 issues
Line: 63
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html
def dir_to_dev(path):
# find the block device the current directory is on
devname = subprocess.run(f'findmnt -nvo SOURCE -T{path}',
stdout=subprocess.PIPE, shell=True).stdout
devname = os.path.basename(devname).decode('utf-8').strip()
# partition -> whole device
parents = glob.glob('/sys/block/*/' + devname)
if len(parents):
Reported by Bandit.
Line: 80
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html
return
info(f'Creating testfile {path}')
subprocess.check_call(f'rm -f {path}', shell=True)
subprocess.check_call(f'touch {path}', shell=True)
subprocess.call(f'chattr +C {path}', shell=True)
subprocess.check_call(
f'pv -s {size} -pr /dev/urandom {"-q" if args.quiet else ""} | '
f'dd of={path} count={size} '
Reported by Bandit.
Line: 81
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html
info(f'Creating testfile {path}')
subprocess.check_call(f'rm -f {path}', shell=True)
subprocess.check_call(f'touch {path}', shell=True)
subprocess.call(f'chattr +C {path}', shell=True)
subprocess.check_call(
f'pv -s {size} -pr /dev/urandom {"-q" if args.quiet else ""} | '
f'dd of={path} count={size} '
f'iflag=count_bytes,fullblock oflag=direct bs=16M status=none',
Reported by Bandit.
Line: 82
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html
info(f'Creating testfile {path}')
subprocess.check_call(f'rm -f {path}', shell=True)
subprocess.check_call(f'touch {path}', shell=True)
subprocess.call(f'chattr +C {path}', shell=True)
subprocess.check_call(
f'pv -s {size} -pr /dev/urandom {"-q" if args.quiet else ""} | '
f'dd of={path} count={size} '
f'iflag=count_bytes,fullblock oflag=direct bs=16M status=none',
shell=True)
Reported by Bandit.
Line: 87
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html
f'pv -s {size} -pr /dev/urandom {"-q" if args.quiet else ""} | '
f'dd of={path} count={size} '
f'iflag=count_bytes,fullblock oflag=direct bs=16M status=none',
shell=True)
def run_fio(testfile, duration, iotype, iodepth, blocksize, jobs):
global args
eta = 'never' if args.quiet else 'always'
Reported by Bandit.
Line: 101
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html
f'--time_based --numjobs={jobs}')
if args.verbose:
dbg(f'Running {cmd}')
subprocess.check_call(cmd, shell=True)
with open(outfile.name, 'r') as f:
d = json.loads(f.read())
return sum(j['read']['bw_bytes'] + j['write']['bw_bytes'] for j in d['jobs'])
def restore_elevator_nomerges():
Reported by Bandit.
Line: 62
Column: 15
# determine ('DEVNAME', 'MAJ:MIN') for @path
def dir_to_dev(path):
# find the block device the current directory is on
devname = subprocess.run(f'findmnt -nvo SOURCE -T{path}',
stdout=subprocess.PIPE, shell=True).stdout
devname = os.path.basename(devname).decode('utf-8').strip()
# partition -> whole device
parents = glob.glob('/sys/block/*/' + devname)
Reported by Pylint.
Line: 62
Column: 5
# determine ('DEVNAME', 'MAJ:MIN') for @path
def dir_to_dev(path):
# find the block device the current directory is on
devname = subprocess.run(f'findmnt -nvo SOURCE -T{path}',
stdout=subprocess.PIPE, shell=True).stdout
devname = os.path.basename(devname).decode('utf-8').strip()
# partition -> whole device
parents = glob.glob('/sys/block/*/' + devname)
Reported by Pylint.
Line: 70
Column: 5
parents = glob.glob('/sys/block/*/' + devname)
if len(parents):
devname = os.path.basename(os.path.dirname(parents[0]))
rdev = os.stat(f'/dev/{devname}').st_rdev
return (devname, f'{os.major(rdev)}:{os.minor(rdev)}')
def create_testfile(path, size):
global args
Reported by Pylint.
Line: 74
Column: 5
return (devname, f'{os.major(rdev)}:{os.minor(rdev)}')
def create_testfile(path, size):
global args
if os.path.isfile(path) and os.stat(path).st_size == size:
return
info(f'Creating testfile {path}')
Reported by Pylint.
drivers/scsi/bfa/bfa_fcs_lport.c
50 issues
Line: 1121
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
bfa_fcs_lport_set_symname(struct bfa_fcs_lport_s *port,
char *symname)
{
strcpy(port->port_cfg.sym_name.symname, symname);
if (bfa_sm_cmp_state(port, bfa_fcs_lport_sm_online))
bfa_fcs_lport_ns_util_send_rspn_id(
BFA_FCS_GET_NS_FROM_PORT(port), NULL);
}
Reported by FlawFinder.
Line: 572
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bfa_trc(port->fcs, pyld_len);
if (pyld_len > len)
memcpy(((u8 *) bfa_fcxp_get_reqbuf(fcxp)) +
sizeof(struct fc_echo_s), (echo + 1),
(pyld_len - sizeof(struct fc_echo_s)));
bfa_fcxp_send(fcxp, bfa_rport, port->fabric->vf_id, port->lp_tag,
BFA_FALSE, FC_CLASS_3, pyld_len, &fchs, NULL, NULL,
Reported by FlawFinder.
Line: 657
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bfa_fcs_lport_online_actions(struct bfa_fcs_lport_s *port)
{
struct bfad_s *bfad = (struct bfad_s *)port->fcs->bfad;
char lpwwn_buf[BFA_STRING_32];
bfa_trc(port->fcs, port->fabric->oper_type);
__port_action[port->fabric->fab_type].init(port);
__port_action[port->fabric->fab_type].online(port);
Reported by FlawFinder.
Line: 679
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head *qe, *qen;
struct bfa_fcs_rport_s *rport;
struct bfad_s *bfad = (struct bfad_s *)port->fcs->bfad;
char lpwwn_buf[BFA_STRING_32];
bfa_trc(port->fcs, port->fabric->oper_type);
__port_action[port->fabric->fab_type].offline(port);
Reported by FlawFinder.
Line: 749
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bfa_fcs_lport_deleted(struct bfa_fcs_lport_s *port)
{
struct bfad_s *bfad = (struct bfad_s *)port->fcs->bfad;
char lpwwn_buf[BFA_STRING_32];
wwn2str(lpwwn_buf, bfa_fcs_lport_get_pwwn(port));
BFA_LOG(KERN_INFO, bfad, bfa_log_level,
"Logical port deleted: WWN = %s Role = %s\n",
lpwwn_buf, "Initiator");
Reported by FlawFinder.
Line: 1098
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct bfa_fcs_vport_s *vport = lport->vport;
struct bfad_s *bfad = (struct bfad_s *)lport->fcs->bfad;
char lpwwn_buf[BFA_STRING_32];
lport->port_cfg = *port_cfg;
lport->bfad_port = bfa_fcb_lport_new(lport->fcs->bfad, lport,
lport->port_cfg.roles,
Reported by FlawFinder.
Line: 1152
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bfa_sm_cmp_state(port->fabric,
bfa_fcs_fabric_sm_auth_failed);
port_attr->fabric_name = bfa_fcs_lport_get_fabric_name(port);
memcpy(port_attr->fabric_ip_addr,
bfa_fcs_lport_get_fabric_ipaddr(port),
BFA_FCS_FABRIC_IPADDR_SZ);
if (port->vport != NULL) {
port_attr->port_type = BFA_PORT_TYPE_VPORT;
Reported by FlawFinder.
Line: 1941
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
attr = (struct fdmi_attr_s *) curr_ptr;
attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_NODENAME);
templen = sizeof(wwn_t);
memcpy(attr->value, &bfa_fcs_lport_get_nwwn(port), templen);
curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
len += templen;
count++;
attr->len = cpu_to_be16(templen + sizeof(attr->type) +
sizeof(templen));
Reported by FlawFinder.
Line: 1954
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
attr = (struct fdmi_attr_s *) curr_ptr;
attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_MANUFACTURER);
templen = (u16) strlen(fcs_hba_attr->manufacturer);
memcpy(attr->value, fcs_hba_attr->manufacturer, templen);
templen = fc_roundup(templen, sizeof(u32));
curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
len += templen;
count++;
attr->len = cpu_to_be16(templen + sizeof(attr->type) +
Reported by FlawFinder.
Line: 1968
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
attr = (struct fdmi_attr_s *) curr_ptr;
attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_SERIALNUM);
templen = (u16) strlen(fcs_hba_attr->serial_num);
memcpy(attr->value, fcs_hba_attr->serial_num, templen);
templen = fc_roundup(templen, sizeof(u32));
curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
len += templen;
count++;
attr->len = cpu_to_be16(templen + sizeof(attr->type) +
Reported by FlawFinder.
tools/power/x86/intel-speed-select/isst-config.c
50 issues
Line: 87
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_start(args, format);
if (debug_flag)
vprintf(format, args);
va_end(args);
}
Reported by FlawFinder.
Line: 184
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
int value;
va_start(args, fmt);
vsnprintf(path, sizeof(path), fmt, args);
va_end(args);
if (fatal) {
filep = fopen_or_exit(path, "r");
} else {
filep = fopen(path, "r");
Reported by FlawFinder.
Line: 1057
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
struct isst_pkg_ctdp ctdp; \
\
if (cmd_help) { \
fprintf(stderr, \
"Print %s [No command arguments are required]\n", \
help); \
exit(0); \
} \
local_str0 = str0; \
Reported by FlawFinder.
Line: 2566
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
option_index = start;
optind = start + 1;
while ((opt = getopt_long(argc, argv, "b:l:t:c:d:e:n:m:p:w:r:hoa",
long_options, &option_index)) != -1) {
switch (opt) {
case 'a':
auto_mode = 1;
break;
Reported by FlawFinder.
Line: 144
Column: 8
CWE codes:
362
char *line = NULL;
int ret = 1;
fp = fopen("/proc/cpuinfo", "r");
if (!fp)
err(-1, "cannot open /proc/cpuinfo\n");
while (getline(&line, &n, fp) > 0) {
if (strstr(line, "model name")) {
Reported by FlawFinder.
Line: 167
Column: 16
CWE codes:
362
/* Open a file, and exit on failure */
static FILE *fopen_or_exit(const char *path, const char *mode)
{
FILE *filep = fopen(path, mode);
if (!filep)
err(1, "%s: open failed", path);
return filep;
Reported by FlawFinder.
Line: 179
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int parse_int_file(int fatal, const char *fmt, ...)
{
va_list args;
char path[PATH_MAX];
FILE *filep;
int value;
va_start(args, fmt);
vsnprintf(path, sizeof(path), fmt, args);
Reported by FlawFinder.
Line: 189
Column: 11
CWE codes:
362
if (fatal) {
filep = fopen_or_exit(path, "r");
} else {
filep = fopen(path, "r");
if (!filep)
return -1;
}
if (fscanf(filep, "%d", &value) != 1)
err(1, "%s: failed to parse number from file", path);
Reported by FlawFinder.
Line: 225
Column: 7
CWE codes:
362
FILE *fp;
int ret;
fp = fopen(pathname, "rb");
if (!fp)
return -1;
ret = fseek(fp, cpu * sizeof(cpu_top), SEEK_SET);
if (ret)
Reported by FlawFinder.
Line: 256
Column: 7
CWE codes:
362
FILE *fp;
int i;
fp = fopen(pathname, "rb");
if (fp) {
/* Mapping already exists */
fclose(fp);
return;
}
Reported by FlawFinder.
tools/cgroup/memcg_slabinfo.py
50 issues
Line: 10
Column: 1
import argparse
import sys
from drgn.helpers.linux import list_for_each_entry, list_empty
from drgn.helpers.linux import for_each_page
from drgn.helpers.linux.cpumask import for_each_online_cpu
from drgn.helpers.linux.percpu import per_cpu_ptr
from drgn import container_of, FaultError, Object
Reported by Pylint.
Line: 11
Column: 1
import sys
from drgn.helpers.linux import list_for_each_entry, list_empty
from drgn.helpers.linux import for_each_page
from drgn.helpers.linux.cpumask import for_each_online_cpu
from drgn.helpers.linux.percpu import per_cpu_ptr
from drgn import container_of, FaultError, Object
Reported by Pylint.
Line: 12
Column: 1
from drgn.helpers.linux import list_for_each_entry, list_empty
from drgn.helpers.linux import for_each_page
from drgn.helpers.linux.cpumask import for_each_online_cpu
from drgn.helpers.linux.percpu import per_cpu_ptr
from drgn import container_of, FaultError, Object
DESC = """
Reported by Pylint.
Line: 13
Column: 1
from drgn.helpers.linux import list_for_each_entry, list_empty
from drgn.helpers.linux import for_each_page
from drgn.helpers.linux.cpumask import for_each_online_cpu
from drgn.helpers.linux.percpu import per_cpu_ptr
from drgn import container_of, FaultError, Object
DESC = """
This is a drgn script to provide slab statistics for memory cgroups.
Reported by Pylint.
Line: 14
Column: 1
from drgn.helpers.linux import for_each_page
from drgn.helpers.linux.cpumask import for_each_online_cpu
from drgn.helpers.linux.percpu import per_cpu_ptr
from drgn import container_of, FaultError, Object
DESC = """
This is a drgn script to provide slab statistics for memory cgroups.
It supports cgroup v2 and v1 and can emulate memory.kmem.slabinfo
Reported by Pylint.
Line: 36
Column: 24
sys.exit(1)
def find_memcg_ids(css=prog['root_mem_cgroup'].css, prefix=''):
if not list_empty(css.children.address_of_()):
for css in list_for_each_entry('struct cgroup_subsys_state',
css.children.address_of_(),
'sibling'):
name = prefix + '/' + css.cgroup.kn.name.string_().decode('utf-8')
Reported by Pylint.
Line: 129
Column: 23
def detect_kernel_config():
cfg = {}
cfg['nr_nodes'] = prog['nr_online_nodes'].value_()
if prog.type('struct kmem_cache').members[1].name == 'flags':
cfg['allocator'] = 'SLUB'
elif prog.type('struct kmem_cache').members[1].name == 'batchcount':
cfg['allocator'] = 'SLAB'
Reported by Pylint.
Line: 131
Column: 8
cfg['nr_nodes'] = prog['nr_online_nodes'].value_()
if prog.type('struct kmem_cache').members[1].name == 'flags':
cfg['allocator'] = 'SLUB'
elif prog.type('struct kmem_cache').members[1].name == 'batchcount':
cfg['allocator'] = 'SLAB'
else:
err('Can\'t determine the slab allocator')
Reported by Pylint.
Line: 133
Column: 10
if prog.type('struct kmem_cache').members[1].name == 'flags':
cfg['allocator'] = 'SLUB'
elif prog.type('struct kmem_cache').members[1].name == 'batchcount':
cfg['allocator'] = 'SLAB'
else:
err('Can\'t determine the slab allocator')
cfg['shared_slab_pages'] = False
Reported by Pylint.
Line: 140
Column: 12
cfg['shared_slab_pages'] = False
try:
if prog.type('struct obj_cgroup'):
cfg['shared_slab_pages'] = True
except:
pass
return cfg
Reported by Pylint.
drivers/atm/fore200e.c
49 issues
Line: 2400
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char buf[48];
int err;
sprintf(buf, "%s%s", fore200e->bus->proc_name, FW_EXT);
if ((err = request_firmware(&firmware, buf, fore200e->dev)) < 0) {
printk(FORE200E "problem loading firmware image %s\n", fore200e->bus->model_name);
return err;
}
Reported by FlawFinder.
Line: 2720
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (fore200e_getstats(fore200e) < 0)
return -EIO;
len = sprintf(page,"\n"
" device:\n"
" internal name:\t\t%s\n", fore200e->name);
/* print bus-specific information */
if (fore200e->bus->proc_read)
Reported by FlawFinder.
Line: 2728
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (fore200e->bus->proc_read)
len += fore200e->bus->proc_read(fore200e, page + len);
len += sprintf(page + len,
" interrupt line:\t\t%s\n"
" physical base address:\t0x%p\n"
" virtual base address:\t0x%p\n"
" factory address (ESI):\t%pM\n"
" board serial number:\t\t%d\n\n",
Reported by FlawFinder.
Line: 2805
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
default: oc3_index = 3;
}
return sprintf(page,
" firmware release:\t\t%d.%d.%d\n"
" monitor release:\t\t%d.%d\n"
" media type:\t\t\t%s\n"
" OC-3 revision:\t\t0x%x\n"
" OC-3 mode:\t\t\t%s",
Reported by FlawFinder.
Line: 2949
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
fore200e->tx_sat);
if (!left--)
return sprintf(page,"\n"
" receive carrier:\t\t\t%s\n",
fore200e->stats->aux.receive_carrier ? "ON" : "OFF!");
if (!left--) {
return sprintf(page,"\n"
Reported by FlawFinder.
Line: 152
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char*
fore200e_irq_itoa(int irq)
{
static char str[8];
sprintf(str, "%d", irq);
return str;
}
Reported by FlawFinder.
Line: 153
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
fore200e_irq_itoa(int irq)
{
static char str[8];
sprintf(str, "%d", irq);
return str;
}
/* allocate and align a chunk of memory intended to hold the data behing exchanged
Reported by FlawFinder.
Line: 607
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct pci_dev *pci_dev = to_pci_dev(fore200e->dev);
return sprintf(page, " PCI bus/slot/function:\t%d/%d/%d\n",
pci_dev->bus->number, PCI_SLOT(pci_dev->devfn), PCI_FUNC(pci_dev->devfn));
}
static const struct fore200e_bus fore200e_pci_ops = {
.model_name = "PCA-200E",
Reported by FlawFinder.
Line: 721
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
prop = of_get_property(op->dev.of_node, "madaddrlo2", &len);
if (!prop)
return -ENODEV;
memcpy(&prom->mac_addr[4], prop, 4);
prop = of_get_property(op->dev.of_node, "madaddrhi4", &len);
if (!prop)
return -ENODEV;
memcpy(&prom->mac_addr[2], prop, 4);
Reported by FlawFinder.
Line: 726
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
prop = of_get_property(op->dev.of_node, "madaddrhi4", &len);
if (!prop)
return -ENODEV;
memcpy(&prom->mac_addr[2], prop, 4);
prom->serial_number = of_getintprop_default(op->dev.of_node,
"serialnumber", 0);
prom->hw_revision = of_getintprop_default(op->dev.of_node,
"promversion", 0);
Reported by FlawFinder.
tools/perf/util/pmu.c
49 issues
Line: 558
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
snprintf(path, PATH_MAX,
"%s" EVENT_SOURCE_DEVICE_PATH "%s/type", sysfs, name);
if (access(path, R_OK) < 0)
return -1;
file = fopen(path, "r");
if (!file)
return -EINVAL;
Reported by FlawFinder.
Line: 583
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!sysfs)
return;
snprintf(path, PATH_MAX,
"%s" EVENT_SOURCE_DEVICE_PATH, sysfs);
dir = opendir(path);
if (!dir)
return;
Reported by FlawFinder.
Line: 637
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
return NULL;
for (template = templates; *template; template++) {
snprintf(path, PATH_MAX, *template, sysfs, name);
cpus = __pmu_cpumask(path);
if (cpus)
return cpus;
}
Reported by FlawFinder.
Line: 655
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
return false;
sysfs = sysfs__mountpoint();
snprintf(path, PATH_MAX, CPUS_TEMPLATE_UNCORE, sysfs, name);
return file_available(path);
}
static char *pmu_id(const char *name)
{
Reported by FlawFinder.
Line: 664
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
char path[PATH_MAX], *str;
size_t len;
snprintf(path, PATH_MAX, SYS_TEMPLATE_ID, name);
if (sysfs__read_str(path, &str, &len) < 0)
return NULL;
str[len - 1] = 0; /* remove line feed */
Reported by FlawFinder.
Line: 1790
Column: 9
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
va_start(args, fmt);
file = perf_pmu__open_file(pmu, name);
if (file) {
ret = vfscanf(file, fmt, args);
fclose(file);
}
va_end(args);
return ret;
}
Reported by FlawFinder.
Line: 698
Column: 10
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
char *cpuid;
static bool printed;
cpuid = getenv("PERF_CPUID");
if (cpuid)
cpuid = strdup(cpuid);
if (!cpuid)
cpuid = get_cpuid_str(pmu);
if (!cpuid)
Reported by FlawFinder.
Line: 62
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return -EINVAL;
while (!ret && (evt_ent = readdir(format_dir))) {
char path[PATH_MAX];
char *name = evt_ent->d_name;
FILE *file;
if (!strcmp(name, ".") || !strcmp(name, ".."))
continue;
Reported by FlawFinder.
Line: 72
Column: 10
CWE codes:
362
snprintf(path, PATH_MAX, "%s/%s", dir, name);
ret = -EINVAL;
file = fopen(path, "r");
if (!file)
break;
perf_pmu_in = file;
ret = perf_pmu_parse(head, name);
Reported by FlawFinder.
Line: 92
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int pmu_format(const char *name, struct list_head *format)
{
char path[PATH_MAX];
const char *sysfs = sysfs__mountpoint();
if (!sysfs)
return -1;
Reported by FlawFinder.
drivers/staging/rtl8192u/ieee80211/ieee80211_wx.c
48 issues
Line: 75
Column: 4
CWE codes:
134
Suggestion:
Make format string constant
iwe.cmd = SIOCGIWNAME;
for (i = 0; i < ARRAY_SIZE(ieee80211_modes); i++) {
if (network->mode & BIT(i)) {
sprintf(pname, ieee80211_modes[i].mode_string, ieee80211_modes[i].mode_size);
pname += ieee80211_modes[i].mode_size;
}
}
*pname = '\0';
snprintf(iwe.u.name, IFNAMSIZ, "IEEE802.11%s", proto_name);
Reported by FlawFinder.
Line: 281
Column: 32
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
.flags = 0
};
int i, key, key_provided, len;
struct ieee80211_crypt_data **crypt;
IEEE80211_DEBUG_WX("SET_ENCODE\n");
key = erq->flags & IW_ENCODE_INDEX;
if (key) {
Reported by FlawFinder.
Line: 298
Column: 17
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
IEEE80211_DEBUG_WX("Key: %d [%s]\n", key, key_provided ?
"provided" : "default");
crypt = &ieee->crypt[key];
if (erq->flags & IW_ENCODE_DISABLED) {
if (key_provided && *crypt) {
IEEE80211_DEBUG_WX("Disabling encryption on key %d.\n",
key);
Reported by FlawFinder.
Line: 301
Column: 24
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
crypt = &ieee->crypt[key];
if (erq->flags & IW_ENCODE_DISABLED) {
if (key_provided && *crypt) {
IEEE80211_DEBUG_WX("Disabling encryption on key %d.\n",
key);
ieee80211_crypt_delayed_deinit(ieee, crypt);
} else
IEEE80211_DEBUG_WX("Disabling encryption.\n");
Reported by FlawFinder.
Line: 304
Column: 41
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (key_provided && *crypt) {
IEEE80211_DEBUG_WX("Disabling encryption on key %d.\n",
key);
ieee80211_crypt_delayed_deinit(ieee, crypt);
} else
IEEE80211_DEBUG_WX("Disabling encryption.\n");
/* Check all the keys to see if any are still configured,
* and if no key index was provided, de-init them all */
Reported by FlawFinder.
Line: 311
Column: 14
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
/* Check all the keys to see if any are still configured,
* and if no key index was provided, de-init them all */
for (i = 0; i < WEP_KEYS; i++) {
if (ieee->crypt[i]) {
if (key_provided)
break;
ieee80211_crypt_delayed_deinit(
ieee, &ieee->crypt[i]);
}
Reported by FlawFinder.
Line: 315
Column: 19
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (key_provided)
break;
ieee80211_crypt_delayed_deinit(
ieee, &ieee->crypt[i]);
}
}
if (i == WEP_KEYS) {
sec.enabled = 0;
Reported by FlawFinder.
Line: 333
Column: 7
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
sec.enabled = 1;
sec.flags |= SEC_ENABLED;
if (*crypt && (*crypt)->ops &&
strcmp((*crypt)->ops->name, "WEP") != 0) {
/* changing to use WEP; deinit previously used algorithm
* on this key */
ieee80211_crypt_delayed_deinit(ieee, crypt);
}
Reported by FlawFinder.
Line: 333
Column: 18
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
sec.enabled = 1;
sec.flags |= SEC_ENABLED;
if (*crypt && (*crypt)->ops &&
strcmp((*crypt)->ops->name, "WEP") != 0) {
/* changing to use WEP; deinit previously used algorithm
* on this key */
ieee80211_crypt_delayed_deinit(ieee, crypt);
}
Reported by FlawFinder.
Line: 334
Column: 15
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
sec.flags |= SEC_ENABLED;
if (*crypt && (*crypt)->ops &&
strcmp((*crypt)->ops->name, "WEP") != 0) {
/* changing to use WEP; deinit previously used algorithm
* on this key */
ieee80211_crypt_delayed_deinit(ieee, crypt);
}
Reported by FlawFinder.
drivers/net/wireless/intersil/hostap/hostap_ap.c
48 issues
Line: 123
Column: 11
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
remove_proc_entry(name, ap->proc);
}
if (sta->crypt) {
sta->crypt->ops->deinit(sta->crypt->priv);
kfree(sta->crypt);
sta->crypt = NULL;
}
Reported by FlawFinder.
Line: 125
Column: 14
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (sta->crypt) {
sta->crypt->ops->deinit(sta->crypt->priv);
kfree(sta->crypt);
sta->crypt = NULL;
}
skb_queue_purge(&sta->tx_buf);
Reported by FlawFinder.
Line: 877
Column: 10
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
flush_work(&ap->wds_oper_queue);
if (ap->crypt)
ap->crypt->deinit(ap->crypt_priv);
ap->crypt = ap->crypt_priv = NULL;
#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
list_for_each_entry_safe(sta, n, &ap->sta_list, list) {
Reported by FlawFinder.
Line: 1042
Column: 11
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
sta->tx_rate, sta->tx_count[0], sta->tx_count[1],
sta->tx_count[2], sta->tx_count[3], sta->rx_count[0],
sta->rx_count[1], sta->rx_count[2], sta->rx_count[3]);
if (sta->crypt && sta->crypt->ops && sta->crypt->ops->print_stats)
sta->crypt->ops->print_stats(m, sta->crypt->priv);
#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
if (sta->ap) {
if (sta->u.ap.channel >= 0)
seq_printf(m, "channel=%d\n", sta->u.ap.channel);
Reported by FlawFinder.
Line: 1212
Column: 10
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
{
ap->crypt = lib80211_get_crypto_ops("WEP");
if (ap->crypt) {
if (ap->crypt->init) {
ap->crypt_priv = ap->crypt->init(0);
if (ap->crypt_priv == NULL)
ap->crypt = NULL;
else {
Reported by FlawFinder.
Line: 1296
Column: 30
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
__le16 *pos;
u16 resp = WLAN_STATUS_SUCCESS;
struct sta_info *sta = NULL;
struct lib80211_crypt_data *crypt;
char *txt = "";
len = skb->len - IEEE80211_MGMT_HDR_LEN;
hdrlen = hostap_80211_get_hdrlen(hdr->frame_control);
Reported by FlawFinder.
Line: 1315
Column: 18
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
atomic_inc(&sta->users);
spin_unlock_bh(&local->ap->sta_table_lock);
if (sta && sta->crypt)
crypt = sta->crypt;
else {
int idx = 0;
if (skb->len >= hdrlen + 3)
idx = skb->data[hdrlen + 3] >> 6;
Reported by FlawFinder.
Line: 1316
Column: 16
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
spin_unlock_bh(&local->ap->sta_table_lock);
if (sta && sta->crypt)
crypt = sta->crypt;
else {
int idx = 0;
if (skb->len >= hdrlen + 3)
idx = skb->data[hdrlen + 3] >> 6;
crypt = local->crypt_info.crypt[idx];
Reported by FlawFinder.
Line: 1321
Column: 29
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
int idx = 0;
if (skb->len >= hdrlen + 3)
idx = skb->data[hdrlen + 3] >> 6;
crypt = local->crypt_info.crypt[idx];
}
pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
auth_alg = __le16_to_cpu(*pos);
pos++;
Reported by FlawFinder.
Line: 1342
Column: 7
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (((local->auth_algs & PRISM2_AUTH_OPEN) &&
auth_alg == WLAN_AUTH_OPEN) ||
((local->auth_algs & PRISM2_AUTH_SHARED_KEY) &&
crypt && auth_alg == WLAN_AUTH_SHARED_KEY)) {
} else {
txt = "unsupported algorithm";
resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
goto fail;
}
Reported by FlawFinder.
tools/iio/iio_utils.c
48 issues
Line: 613
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto error_close_dir;
}
ret = sprintf(filename, "%s%s%d/name", iio_dir,
type, number);
if (ret < 0) {
free(filename);
goto error_close_dir;
}
Reported by FlawFinder.
Line: 628
Column: 9
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
free(filename);
errno = 0;
if (fscanf(namefp, "%s", thisname) != 1) {
ret = errno ? -errno : -ENODATA;
goto error_close_dir;
}
if (fclose(namefp)) {
Reported by FlawFinder.
Line: 670
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!temp)
return -ENOMEM;
ret = sprintf(temp, "%s/%s", basedir, filename);
if (ret < 0)
goto error_free;
sysfsfp = fopen(temp, "w");
if (!sysfsfp) {
Reported by FlawFinder.
Line: 768
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -ENOMEM;
}
ret = sprintf(temp, "%s/%s", basedir, filename);
if (ret < 0)
goto error_free;
sysfsfp = fopen(temp, "w");
if (!sysfsfp) {
Reported by FlawFinder.
Line: 800
Column: 7
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto error_free;
}
if (fscanf(sysfsfp, "%s", temp) != 1) {
ret = errno ? -errno : -ENODATA;
if (fclose(sysfsfp))
perror("_write_sysfs_string(): Failed to close dir");
goto error_free;
Reported by FlawFinder.
Line: 875
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -ENOMEM;
}
ret = sprintf(temp, "%s/%s", basedir, filename);
if (ret < 0)
goto error_free;
sysfsfp = fopen(temp, "r");
if (!sysfsfp) {
Reported by FlawFinder.
Line: 922
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -ENOMEM;
}
ret = sprintf(temp, "%s/%s", basedir, filename);
if (ret < 0)
goto error_free;
sysfsfp = fopen(temp, "r");
if (!sysfsfp) {
Reported by FlawFinder.
Line: 969
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -ENOMEM;
}
ret = sprintf(temp, "%s/%s", basedir, filename);
if (ret < 0)
goto error_free;
sysfsfp = fopen(temp, "r");
if (!sysfsfp) {
Reported by FlawFinder.
Line: 980
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
}
errno = 0;
if (fscanf(sysfsfp, "%s\n", str) != 1) {
ret = errno ? -errno : -ENODATA;
if (fclose(sysfsfp))
perror("read_sysfs_string(): Failed to close dir");
goto error_free;
Reported by FlawFinder.
Line: 132
Column: 14
CWE codes:
362
goto error_closedir;
}
sysfsfp = fopen(filename, "r");
if (!sysfsfp) {
ret = -errno;
fprintf(stderr, "failed to open %s\n",
filename);
goto error_free_filename;
Reported by FlawFinder.
drivers/acpi/sysfs.c
48 issues
Line: 96
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int result = 0;
int i;
result = sprintf(buffer, "%-25s\tHex SET\n", "Description");
for (i = 0; i < ARRAY_SIZE(acpi_debug_layers); i++) {
result += sprintf(buffer + result, "%-25s\t0x%08lX [%c]\n",
acpi_debug_layers[i].name,
acpi_debug_layers[i].value,
Reported by FlawFinder.
Line: 99
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
result = sprintf(buffer, "%-25s\tHex SET\n", "Description");
for (i = 0; i < ARRAY_SIZE(acpi_debug_layers); i++) {
result += sprintf(buffer + result, "%-25s\t0x%08lX [%c]\n",
acpi_debug_layers[i].name,
acpi_debug_layers[i].value,
(acpi_dbg_layer & acpi_debug_layers[i].value)
? '*' : ' ');
}
Reported by FlawFinder.
Line: 106
Column: 6
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
? '*' : ' ');
}
result +=
sprintf(buffer + result, "%-25s\t0x%08X [%c]\n", "ACPI_ALL_DRIVERS",
ACPI_ALL_DRIVERS,
(acpi_dbg_layer & ACPI_ALL_DRIVERS) ==
ACPI_ALL_DRIVERS ? '*' : (acpi_dbg_layer & ACPI_ALL_DRIVERS)
== 0 ? ' ' : '-');
result +=
Reported by FlawFinder.
Line: 124
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int result = 0;
int i;
result = sprintf(buffer, "%-25s\tHex SET\n", "Description");
for (i = 0; i < ARRAY_SIZE(acpi_debug_levels); i++) {
result += sprintf(buffer + result, "%-25s\t0x%08lX [%c]\n",
acpi_debug_levels[i].name,
acpi_debug_levels[i].value,
Reported by FlawFinder.
Line: 127
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
result = sprintf(buffer, "%-25s\tHex SET\n", "Description");
for (i = 0; i < ARRAY_SIZE(acpi_debug_levels); i++) {
result += sprintf(buffer + result, "%-25s\t0x%08lX [%c]\n",
acpi_debug_levels[i].name,
acpi_debug_levels[i].value,
(acpi_dbg_level & acpi_debug_levels[i].value)
? '*' : ' ');
}
Reported by FlawFinder.
Line: 183
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* This is a hack. We can't kmalloc in early boot. */
if (is_abs_path)
strcpy(trace_method_name, val);
else {
trace_method_name[0] = '\\';
strcpy(trace_method_name+1, val);
}
Reported by FlawFinder.
Line: 186
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(trace_method_name, val);
else {
trace_method_name[0] = '\\';
strcpy(trace_method_name+1, val);
}
/* Restore the original tracer state */
(void)acpi_debug_trace(trace_method_name,
acpi_gbl_trace_dbg_level,
Reported by FlawFinder.
Line: 370
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
(table_header->signature, 2, &header))) {
snprintf(instance_str, sizeof(instance_str), "%u",
table_attr->instance);
strcat(table_attr->filename, instance_str);
}
table_attr->attr.size = table_header->length;
table_attr->attr.read = acpi_table_show;
table_attr->attr.attr.name = table_attr->filename;
Reported by FlawFinder.
Line: 112
Column: 6
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ACPI_ALL_DRIVERS ? '*' : (acpi_dbg_layer & ACPI_ALL_DRIVERS)
== 0 ? ' ' : '-');
result +=
sprintf(buffer + result,
"--\ndebug_layer = 0x%08X ( * = enabled)\n",
acpi_dbg_layer);
return result;
}
Reported by FlawFinder.
Line: 134
Column: 6
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
? '*' : ' ');
}
result +=
sprintf(buffer + result, "--\ndebug_level = 0x%08X (* = enabled)\n",
acpi_dbg_level);
return result;
}
Reported by FlawFinder.