The following issues were found
drivers/hv/vmbus_drv.c
44 issues
Line: 173
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!hv_dev->channel)
return -ENODEV;
return sprintf(buf, "%d\n", hv_dev->channel->offermsg.child_relid);
}
static DEVICE_ATTR_RO(id);
static ssize_t state_show(struct device *dev, struct device_attribute *dev_attr,
char *buf)
Reported by FlawFinder.
Line: 184
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!hv_dev->channel)
return -ENODEV;
return sprintf(buf, "%d\n", hv_dev->channel->state);
}
static DEVICE_ATTR_RO(state);
static ssize_t monitor_id_show(struct device *dev,
struct device_attribute *dev_attr, char *buf)
Reported by FlawFinder.
Line: 195
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!hv_dev->channel)
return -ENODEV;
return sprintf(buf, "%d\n", hv_dev->channel->offermsg.monitorid);
}
static DEVICE_ATTR_RO(monitor_id);
static ssize_t class_id_show(struct device *dev,
struct device_attribute *dev_attr, char *buf)
Reported by FlawFinder.
Line: 206
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!hv_dev->channel)
return -ENODEV;
return sprintf(buf, "{%pUl}\n",
&hv_dev->channel->offermsg.offer.if_type);
}
static DEVICE_ATTR_RO(class_id);
static ssize_t device_id_show(struct device *dev,
Reported by FlawFinder.
Line: 218
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!hv_dev->channel)
return -ENODEV;
return sprintf(buf, "{%pUl}\n",
&hv_dev->channel->offermsg.offer.if_instance);
}
static DEVICE_ATTR_RO(device_id);
static ssize_t modalias_show(struct device *dev,
Reported by FlawFinder.
Line: 228
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct hv_device *hv_dev = device_to_hv_device(dev);
return sprintf(buf, "vmbus:%*phN\n", UUID_SIZE, &hv_dev->dev_type);
}
static DEVICE_ATTR_RO(modalias);
#ifdef CONFIG_NUMA
static ssize_t numa_node_show(struct device *dev,
Reported by FlawFinder.
Line: 241
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!hv_dev->channel)
return -ENODEV;
return sprintf(buf, "%d\n", cpu_to_node(hv_dev->channel->target_cpu));
}
static DEVICE_ATTR_RO(numa_node);
#endif
static ssize_t server_monitor_pending_show(struct device *dev,
Reported by FlawFinder.
Line: 254
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!hv_dev->channel)
return -ENODEV;
return sprintf(buf, "%d\n",
channel_pending(hv_dev->channel,
vmbus_connection.monitor_pages[0]));
}
static DEVICE_ATTR_RO(server_monitor_pending);
Reported by FlawFinder.
Line: 268
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!hv_dev->channel)
return -ENODEV;
return sprintf(buf, "%d\n",
channel_pending(hv_dev->channel,
vmbus_connection.monitor_pages[1]));
}
static DEVICE_ATTR_RO(client_monitor_pending);
Reported by FlawFinder.
Line: 282
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!hv_dev->channel)
return -ENODEV;
return sprintf(buf, "%d\n",
channel_latency(hv_dev->channel,
vmbus_connection.monitor_pages[0]));
}
static DEVICE_ATTR_RO(server_monitor_latency);
Reported by FlawFinder.
scripts/gdb/linux/cpus.py
44 issues
Line: 14
Column: 1
# This work is licensed under the terms of the GNU GPL version 2.
#
import gdb
from linux import tasks, utils
task_type = utils.CachedType("struct task_struct")
Reported by Pylint.
Line: 59
Column: 25
cpu_mask = {}
def cpu_mask_invalidate(event):
global cpu_mask
cpu_mask = {}
gdb.events.stop.disconnect(cpu_mask_invalidate)
if hasattr(gdb.events, 'new_objfile'):
gdb.events.new_objfile.disconnect(cpu_mask_invalidate)
Reported by Pylint.
Line: 60
Column: 5
def cpu_mask_invalidate(event):
global cpu_mask
cpu_mask = {}
gdb.events.stop.disconnect(cpu_mask_invalidate)
if hasattr(gdb.events, 'new_objfile'):
gdb.events.new_objfile.disconnect(cpu_mask_invalidate)
Reported by Pylint.
Line: 68
Column: 5
def cpu_list(mask_name):
global cpu_mask
mask = None
if mask_name in cpu_mask:
mask = cpu_mask[mask_name]
if mask is None:
mask = gdb.parse_and_eval(mask_name + ".bits")
Reported by Pylint.
Line: 135
Column: 27
def __init__(self):
super(LxCpus, self).__init__("lx-cpus", gdb.COMMAND_DATA)
def invoke(self, arg, from_tty):
gdb.write("Possible CPUs : {}\n".format(list(each_possible_cpu())))
gdb.write("Present CPUs : {}\n".format(list(each_present_cpu())))
gdb.write("Online CPUs : {}\n".format(list(each_online_cpu())))
gdb.write("Active CPUs : {}\n".format(list(each_active_cpu())))
Reported by Pylint.
Line: 135
Column: 22
def __init__(self):
super(LxCpus, self).__init__("lx-cpus", gdb.COMMAND_DATA)
def invoke(self, arg, from_tty):
gdb.write("Possible CPUs : {}\n".format(list(each_possible_cpu())))
gdb.write("Present CPUs : {}\n".format(list(each_present_cpu())))
gdb.write("Online CPUs : {}\n".format(list(each_online_cpu())))
gdb.write("Active CPUs : {}\n".format(list(each_active_cpu())))
Reported by Pylint.
Line: 1
Column: 1
#
# gdb helper commands and functions for Linux kernel debugging
#
# per-cpu tools
#
# Copyright (c) Siemens AG, 2011-2013
#
# Authors:
# Jan Kiszka <jan.kiszka@siemens.com>
Reported by Pylint.
Line: 25
Column: 1
MAX_CPUS = 4096
def get_current_cpu():
if utils.get_gdbserver_type() == utils.GDBSERVER_QEMU:
return gdb.selected_thread().num - 1
elif utils.get_gdbserver_type() == utils.GDBSERVER_KGDB:
tid = gdb.selected_thread().ptid[2]
if tid > (0x100000000 - MAX_CPUS - 2):
Reported by Pylint.
Line: 26
Column: 5
def get_current_cpu():
if utils.get_gdbserver_type() == utils.GDBSERVER_QEMU:
return gdb.selected_thread().num - 1
elif utils.get_gdbserver_type() == utils.GDBSERVER_KGDB:
tid = gdb.selected_thread().ptid[2]
if tid > (0x100000000 - MAX_CPUS - 2):
return 0x100000000 - tid - 2
Reported by Pylint.
Line: 30
Column: 9
return gdb.selected_thread().num - 1
elif utils.get_gdbserver_type() == utils.GDBSERVER_KGDB:
tid = gdb.selected_thread().ptid[2]
if tid > (0x100000000 - MAX_CPUS - 2):
return 0x100000000 - tid - 2
else:
return tasks.get_thread_info(tasks.get_task_by_pid(tid))['cpu']
else:
raise gdb.GdbError("Sorry, obtaining the current CPU is not yet "
Reported by Pylint.
net/bluetooth/mgmt.c
44 issues
Line: 1034
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
rp.current_settings = cpu_to_le32(get_current_settings(hdev));
memcpy(rp.dev_class, hdev->dev_class, 3);
memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
hci_dev_unlock(hdev);
Reported by FlawFinder.
Line: 1036
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(rp.dev_class, hdev->dev_class, 3);
memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
hci_dev_unlock(hdev);
return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
Reported by FlawFinder.
Line: 1037
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(rp.dev_class, hdev->dev_class, 3);
memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
hci_dev_unlock(hdev);
return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
sizeof(rp));
Reported by FlawFinder.
Line: 1072
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
void *data, u16 data_len)
{
char buf[512];
struct mgmt_rp_read_ext_info *rp = (void *)buf;
u16 eir_len;
bt_dev_dbg(hdev, "sock %p", sk);
Reported by FlawFinder.
Line: 1111
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
{
char buf[512];
struct mgmt_ev_ext_info_changed *ev = (void *)buf;
u16 eir_len;
memset(buf, 0, sizeof(buf));
Reported by FlawFinder.
Line: 2127
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto failed;
}
memcpy(uuid->uuid, cp->uuid, 16);
uuid->svc_hint = cp->svc_hint;
uuid->size = get_uuid_size(cp->uuid);
list_add_tail(&uuid->list, &hdev->uuids);
Reported by FlawFinder.
Line: 3722
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int read_controller_cap(struct sock *sk, struct hci_dev *hdev,
void *data, u16 data_len)
{
char buf[20];
struct mgmt_rp_read_controller_cap *rp = (void *)buf;
u16 cap_len = 0;
u8 flags = 0;
u8 tx_power_range[2];
Reported by FlawFinder.
Line: 3772
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* it from the controller
*/
if (hdev->commands[38] & 0x80) {
memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1);
memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1);
cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR,
tx_power_range, 2);
}
Reported by FlawFinder.
Line: 3773
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (hdev->commands[38] & 0x80) {
memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1);
memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1);
cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR,
tx_power_range, 2);
}
rp->cap_len = cpu_to_le16(cap_len);
Reported by FlawFinder.
Line: 3809
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev,
void *data, u16 data_len)
{
char buf[62]; /* Enough space for 3 features */
struct mgmt_rp_read_exp_features_info *rp = (void *)buf;
u16 idx = 0;
u32 flags;
bt_dev_dbg(hdev, "sock %p", sk);
Reported by FlawFinder.
drivers/net/wireless/marvell/mwifiex/debugfs.c
44 issues
Line: 101
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mwifiex_get_ver_ext(priv, 0);
p += sprintf(p, "driver_name = " "\"mwifiex\"\n");
p += sprintf(p, "driver_version = %s", fmt);
p += sprintf(p, "\nverext = %s", priv->version_str);
p += sprintf(p, "\ninterface_name=\"%s\"\n", netdev->name);
if (info.bss_mode >= ARRAY_SIZE(bss_modes))
p += sprintf(p, "bss_mode=\"%d\"\n", info.bss_mode);
Reported by FlawFinder.
Line: 102
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p += sprintf(p, "driver_name = " "\"mwifiex\"\n");
p += sprintf(p, "driver_version = %s", fmt);
p += sprintf(p, "\nverext = %s", priv->version_str);
p += sprintf(p, "\ninterface_name=\"%s\"\n", netdev->name);
if (info.bss_mode >= ARRAY_SIZE(bss_modes))
p += sprintf(p, "bss_mode=\"%d\"\n", info.bss_mode);
else
Reported by FlawFinder.
Line: 103
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p += sprintf(p, "driver_name = " "\"mwifiex\"\n");
p += sprintf(p, "driver_version = %s", fmt);
p += sprintf(p, "\nverext = %s", priv->version_str);
p += sprintf(p, "\ninterface_name=\"%s\"\n", netdev->name);
if (info.bss_mode >= ARRAY_SIZE(bss_modes))
p += sprintf(p, "bss_mode=\"%d\"\n", info.bss_mode);
else
p += sprintf(p, "bss_mode=\"%s\"\n", bss_modes[info.bss_mode]);
Reported by FlawFinder.
Line: 108
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (info.bss_mode >= ARRAY_SIZE(bss_modes))
p += sprintf(p, "bss_mode=\"%d\"\n", info.bss_mode);
else
p += sprintf(p, "bss_mode=\"%s\"\n", bss_modes[info.bss_mode]);
p += sprintf(p, "media_state=\"%s\"\n",
(!priv->media_connected ? "Disconnected" : "Connected"));
p += sprintf(p, "mac_address=\"%pM\"\n", netdev->dev_addr);
Reported by FlawFinder.
Line: 110
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
p += sprintf(p, "bss_mode=\"%s\"\n", bss_modes[info.bss_mode]);
p += sprintf(p, "media_state=\"%s\"\n",
(!priv->media_connected ? "Disconnected" : "Connected"));
p += sprintf(p, "mac_address=\"%pM\"\n", netdev->dev_addr);
if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) {
p += sprintf(p, "multicast_count=\"%d\"\n",
Reported by FlawFinder.
Line: 121
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
info.ssid.ssid);
p += sprintf(p, "bssid=\"%pM\"\n", info.bssid);
p += sprintf(p, "channel=\"%d\"\n", (int) info.bss_chan);
p += sprintf(p, "country_code = \"%s\"\n", info.country_code);
p += sprintf(p, "region_code=\"0x%x\"\n",
priv->adapter->region_code);
netdev_for_each_mc_addr(ha, netdev)
p += sprintf(p, "multicast_address[%d]=\"%pM\"\n",
Reported by FlawFinder.
Line: 138
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p += sprintf(p, "num_rx_pkts_dropped = %lu\n", priv->stats.rx_dropped);
p += sprintf(p, "num_tx_pkts_err = %lu\n", priv->stats.tx_errors);
p += sprintf(p, "num_rx_pkts_err = %lu\n", priv->stats.rx_errors);
p += sprintf(p, "carrier %s\n", ((netif_carrier_ok(priv->netdev))
? "on" : "off"));
p += sprintf(p, "tx queue");
for (i = 0; i < netdev->num_tx_queues; i++) {
txq = netdev_get_tx_queue(netdev, i);
p += sprintf(p, " %d:%s", i, netif_tx_queue_stopped(txq) ?
Reported by FlawFinder.
Line: 143
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p += sprintf(p, "tx queue");
for (i = 0; i < netdev->num_tx_queues; i++) {
txq = netdev_get_tx_queue(netdev, i);
p += sprintf(p, " %d:%s", i, netif_tx_queue_stopped(txq) ?
"stopped" : "started");
}
p += sprintf(p, "\n");
ret = simple_read_from_buffer(ubuf, count, ppos, (char *) page,
Reported by FlawFinder.
Line: 83
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct netdev_hw_addr *ha;
struct netdev_queue *txq;
unsigned long page = get_zeroed_page(GFP_KERNEL);
char *p = (char *) page, fmt[64];
struct mwifiex_bss_info info;
ssize_t ret;
int i = 0;
if (!p)
Reported by FlawFinder.
Line: 100
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mwifiex_get_ver_ext(priv, 0);
p += sprintf(p, "driver_name = " "\"mwifiex\"\n");
p += sprintf(p, "driver_version = %s", fmt);
p += sprintf(p, "\nverext = %s", priv->version_str);
p += sprintf(p, "\ninterface_name=\"%s\"\n", netdev->name);
if (info.bss_mode >= ARRAY_SIZE(bss_modes))
Reported by FlawFinder.
drivers/staging/rtl8192e/rtllib_wx.c
44 issues
Line: 76
Column: 4
CWE codes:
134
Suggestion:
Make format string constant
iwe.cmd = SIOCGIWNAME;
for (i = 0; i < ARRAY_SIZE(rtllib_modes); i++) {
if (network->mode&(1<<i)) {
sprintf(pname, rtllib_modes[i].mode_string,
rtllib_modes[i].mode_size);
pname += rtllib_modes[i].mode_size;
}
}
*pname = '\0';
Reported by FlawFinder.
Line: 294
Column: 31
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
.flags = 0
};
int i, key, key_provided, len;
struct lib80211_crypt_data **crypt;
key = erq->flags & IW_ENCODE_INDEX;
if (key) {
if (key > NUM_WEP_KEYS)
return -EINVAL;
Reported by FlawFinder.
Line: 309
Column: 28
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
netdev_dbg(ieee->dev, "Key: %d [%s]\n", key, key_provided ?
"provided" : "default");
crypt = &ieee->crypt_info.crypt[key];
if (erq->flags & IW_ENCODE_DISABLED) {
if (key_provided && *crypt) {
netdev_dbg(ieee->dev,
"Disabling encryption on key %d.\n", key);
lib80211_crypt_delayed_deinit(&ieee->crypt_info, crypt);
Reported by FlawFinder.
Line: 311
Column: 24
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
"provided" : "default");
crypt = &ieee->crypt_info.crypt[key];
if (erq->flags & IW_ENCODE_DISABLED) {
if (key_provided && *crypt) {
netdev_dbg(ieee->dev,
"Disabling encryption on key %d.\n", key);
lib80211_crypt_delayed_deinit(&ieee->crypt_info, crypt);
} else
netdev_dbg(ieee->dev, "Disabling encryption.\n");
Reported by FlawFinder.
Line: 314
Column: 53
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (key_provided && *crypt) {
netdev_dbg(ieee->dev,
"Disabling encryption on key %d.\n", key);
lib80211_crypt_delayed_deinit(&ieee->crypt_info, crypt);
} else
netdev_dbg(ieee->dev, "Disabling encryption.\n");
/* Check all the keys to see if any are still configured,
* and if no key index was provided, de-init them all
Reported by FlawFinder.
Line: 322
Column: 25
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
* and if no key index was provided, de-init them all
*/
for (i = 0; i < NUM_WEP_KEYS; i++) {
if (ieee->crypt_info.crypt[i]) {
if (key_provided)
break;
lib80211_crypt_delayed_deinit(&ieee->crypt_info,
&ieee->crypt_info.crypt[i]);
}
Reported by FlawFinder.
Line: 326
Column: 32
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (key_provided)
break;
lib80211_crypt_delayed_deinit(&ieee->crypt_info,
&ieee->crypt_info.crypt[i]);
}
}
if (i == NUM_WEP_KEYS) {
sec.enabled = 0;
Reported by FlawFinder.
Line: 342
Column: 7
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
sec.enabled = 1;
sec.flags |= SEC_ENABLED;
if (*crypt && (*crypt)->ops &&
strcmp((*crypt)->ops->name, "R-WEP") != 0) {
/* changing to use WEP; deinit previously used algorithm
* on this key
*/
lib80211_crypt_delayed_deinit(&ieee->crypt_info, crypt);
Reported by FlawFinder.
Line: 342
Column: 18
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
sec.enabled = 1;
sec.flags |= SEC_ENABLED;
if (*crypt && (*crypt)->ops &&
strcmp((*crypt)->ops->name, "R-WEP") != 0) {
/* changing to use WEP; deinit previously used algorithm
* on this key
*/
lib80211_crypt_delayed_deinit(&ieee->crypt_info, crypt);
Reported by FlawFinder.
Line: 343
Column: 15
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
sec.flags |= SEC_ENABLED;
if (*crypt && (*crypt)->ops &&
strcmp((*crypt)->ops->name, "R-WEP") != 0) {
/* changing to use WEP; deinit previously used algorithm
* on this key
*/
lib80211_crypt_delayed_deinit(&ieee->crypt_info, crypt);
}
Reported by FlawFinder.
tools/testing/selftests/landlock/fs_test.c
44 issues
Line: 401
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
TEST_F_FORK(layout1, file_access_rights)
{
__u64 access;
int err;
struct landlock_path_beneath_attr path_beneath = {};
struct landlock_ruleset_attr ruleset_attr = {
.handled_access_fs = ACCESS_ALL,
};
Reported by FlawFinder.
Line: 415
Column: 42
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
/* Tests access rights for files. */
path_beneath.parent_fd = open(file1_s1d2, O_PATH | O_CLOEXEC);
ASSERT_LE(0, path_beneath.parent_fd);
for (access = 1; access <= ACCESS_LAST; access <<= 1) {
path_beneath.allowed_access = access;
err = landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH,
&path_beneath, 0);
if ((access | ACCESS_FILE) == ACCESS_FILE) {
ASSERT_EQ(0, err);
Reported by FlawFinder.
Line: 415
Column: 19
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
/* Tests access rights for files. */
path_beneath.parent_fd = open(file1_s1d2, O_PATH | O_CLOEXEC);
ASSERT_LE(0, path_beneath.parent_fd);
for (access = 1; access <= ACCESS_LAST; access <<= 1) {
path_beneath.allowed_access = access;
err = landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH,
&path_beneath, 0);
if ((access | ACCESS_FILE) == ACCESS_FILE) {
ASSERT_EQ(0, err);
Reported by FlawFinder.
Line: 416
Column: 33
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
path_beneath.parent_fd = open(file1_s1d2, O_PATH | O_CLOEXEC);
ASSERT_LE(0, path_beneath.parent_fd);
for (access = 1; access <= ACCESS_LAST; access <<= 1) {
path_beneath.allowed_access = access;
err = landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH,
&path_beneath, 0);
if ((access | ACCESS_FILE) == ACCESS_FILE) {
ASSERT_EQ(0, err);
} else {
Reported by FlawFinder.
Line: 419
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
path_beneath.allowed_access = access;
err = landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH,
&path_beneath, 0);
if ((access | ACCESS_FILE) == ACCESS_FILE) {
ASSERT_EQ(0, err);
} else {
ASSERT_EQ(-1, err);
ASSERT_EQ(EINVAL, errno);
}
Reported by FlawFinder.
Line: 452
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct rule {
const char *path;
__u64 access;
};
#define ACCESS_RO ( \
LANDLOCK_ACCESS_FS_READ_FILE | \
LANDLOCK_ACCESS_FS_READ_DIR)
Reported by FlawFinder.
Line: 485
Column: 52
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
for (i = 0; rules[i].path; i++) {
add_path_beneath(_metadata, ruleset_fd, rules[i].access,
rules[i].path);
}
return ruleset_fd;
}
Reported by FlawFinder.
Line: 511
Column: 60
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{}
};
struct landlock_path_beneath_attr path_beneath;
const int ruleset_fd = create_ruleset(_metadata, rules[0].access |
LANDLOCK_ACCESS_FS_READ_DIR, rules);
ASSERT_LE(0, ruleset_fd);
ASSERT_EQ(0, test_open("/proc/self/ns/mnt", O_RDONLY));
Reported by FlawFinder.
Line: 1554
Column: 60
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
},
{}
};
const int ruleset_fd = create_ruleset(_metadata, rules[0].access,
rules);
ASSERT_LE(0, ruleset_fd);
copy_binary(_metadata, file1_s1d1);
copy_binary(_metadata, file1_s1d2);
Reported by FlawFinder.
Line: 1587
Column: 60
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
},
{}
};
const int ruleset_fd = create_ruleset(_metadata, rules[0].access,
rules);
ASSERT_LE(0, ruleset_fd);
ASSERT_EQ(0, unlink(file1_s1d1));
Reported by FlawFinder.
scripts/gdb/linux/device.py
43 issues
Line: 5
Column: 1
#
# Copyright (c) NXP 2019
import gdb
from linux.utils import CachedType
from linux.utils import container_of
from linux.lists import list_for_each_entry
Reported by Pylint.
Line: 103
Column: 27
def __init__(self):
super(LxDeviceListBus, self).__init__('lx-device-list-bus', gdb.COMMAND_DATA)
def invoke(self, arg, from_tty):
if not arg:
for bus in for_each_bus():
gdb.write('bus {}:\t{}\n'.format(bus['name'].string(), bus))
for dev in bus_for_each_device(bus):
_show_device(dev, level=1)
Reported by Pylint.
Line: 123
Column: 27
def __init__(self):
super(LxDeviceListClass, self).__init__('lx-device-list-class', gdb.COMMAND_DATA)
def invoke(self, arg, from_tty):
if not arg:
for cls in for_each_class():
gdb.write("class {}:\t{}\n".format(cls['name'].string(), cls))
for dev in class_for_each_device(cls):
_show_device(dev, level=1)
Reported by Pylint.
Line: 141
Column: 27
def __init__(self):
super(LxDeviceListTree, self).__init__('lx-device-list-tree', gdb.COMMAND_DATA)
def invoke(self, arg, from_tty):
if not arg:
raise gdb.GdbError('Please provide pointer to struct device')
dev = gdb.parse_and_eval(arg)
if dev.type != device_type.get_type().pointer():
raise gdb.GdbError('Please provide pointer to struct device')
Reported by Pylint.
Line: 1
Column: 1
# SPDX-License-Identifier: GPL-2.0
#
# Copyright (c) NXP 2019
import gdb
from linux.utils import CachedType
from linux.utils import container_of
from linux.lists import list_for_each_entry
Reported by Pylint.
Line: 23
Column: 1
class_type = CachedType('struct class')
def dev_name(dev):
dev_init_name = dev['init_name']
if dev_init_name:
return dev_init_name.string()
return dev['kobj']['name'].string()
Reported by Pylint.
Line: 30
Column: 1
return dev['kobj']['name'].string()
def kset_for_each_object(kset):
return list_for_each_entry(kset['list'],
kobject_type.get_type().pointer(), "entry")
def for_each_bus():
Reported by Pylint.
Line: 35
Column: 1
kobject_type.get_type().pointer(), "entry")
def for_each_bus():
for kobj in kset_for_each_object(gdb.parse_and_eval('bus_kset')):
subsys = container_of(kobj, kset_type.get_type().pointer(), 'kobj')
subsys_priv = container_of(subsys, subsys_private_type.get_type().pointer(), 'subsys')
yield subsys_priv['bus']
Reported by Pylint.
Line: 42
Column: 1
yield subsys_priv['bus']
def for_each_class():
for kobj in kset_for_each_object(gdb.parse_and_eval('class_kset')):
subsys = container_of(kobj, kset_type.get_type().pointer(), 'kobj')
subsys_priv = container_of(subsys, subsys_private_type.get_type().pointer(), 'subsys')
yield subsys_priv['class']
Reported by Pylint.
Line: 49
Column: 1
yield subsys_priv['class']
def get_bus_by_name(name):
for item in for_each_bus():
if item['name'].string() == name:
return item
raise gdb.GdbError("Can't find bus type {!r}".format(name))
Reported by Pylint.
net/wireless/scan.c
43 issues
Line: 292
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* set new ssid */
tmp_new = cfg80211_find_ie(WLAN_EID_SSID, sub_copy, subie_len);
if (tmp_new) {
memcpy(pos, tmp_new, tmp_new[1] + 2);
pos += (tmp_new[1] + 2);
}
/* get non inheritance list if exists */
non_inherit_elem =
Reported by FlawFinder.
Line: 326
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* ie in old ie but not in subelement */
if (cfg80211_is_element_inherited(old_elem,
non_inherit_elem)) {
memcpy(pos, tmp_old, tmp_old[1] + 2);
pos += tmp_old[1] + 2;
}
} else {
/* ie in transmitting ie also in subelement,
* copy from subelement and flag the ie in subelement
Reported by FlawFinder.
Line: 342
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* same vendor ie, copy from
* subelement
*/
memcpy(pos, tmp, tmp[1] + 2);
pos += tmp[1] + 2;
tmp[0] = WLAN_EID_SSID;
} else {
memcpy(pos, tmp_old, tmp_old[1] + 2);
pos += tmp_old[1] + 2;
Reported by FlawFinder.
Line: 346
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pos += tmp[1] + 2;
tmp[0] = WLAN_EID_SSID;
} else {
memcpy(pos, tmp_old, tmp_old[1] + 2);
pos += tmp_old[1] + 2;
}
} else {
/* copy ie from subelement into new ie */
memcpy(pos, tmp, tmp[1] + 2);
Reported by FlawFinder.
Line: 351
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
} else {
/* copy ie from subelement into new ie */
memcpy(pos, tmp, tmp[1] + 2);
pos += tmp[1] + 2;
tmp[0] = WLAN_EID_SSID;
}
}
Reported by FlawFinder.
Line: 370
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (tmp_new + tmp_new[1] + 2 - sub_copy <= subie_len) {
if (!(tmp_new[0] == WLAN_EID_NON_TX_BSSID_CAP ||
tmp_new[0] == WLAN_EID_SSID)) {
memcpy(pos, tmp_new, tmp_new[1] + 2);
pos += tmp_new[1] + 2;
}
if (tmp_new + tmp_new[1] + 2 - sub_copy == subie_len)
break;
tmp_new += tmp_new[1] + 2;
Reported by FlawFinder.
Line: 539
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* skip the TBTT offset */
pos++;
memcpy(entry->bssid, pos, ETH_ALEN);
pos += ETH_ALEN;
if (length == IEEE80211_TBTT_INFO_OFFSET_BSSID_SSSID_BSS_PARAM) {
memcpy(&entry->short_ssid, pos,
sizeof(entry->short_ssid));
Reported by FlawFinder.
Line: 573
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* cfg80211_parse_colocated_ap(), before calling this
* function.
*/
memcpy(&entry->ssid, &ssid_elem->data,
ssid_elem->datalen);
entry->ssid_len = ssid_elem->datalen;
}
return 0;
}
Reported by FlawFinder.
Line: 830
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
cfg80211_scan_req_add_chan(request, chan, true);
memcpy(scan_6ghz_params->bssid, ap->bssid, ETH_ALEN);
scan_6ghz_params->short_ssid = ap->short_ssid;
scan_6ghz_params->short_ssid_valid = ap->short_ssid_valid;
scan_6ghz_params->unsolicited_probe = ap->unsolicited_probe;
/*
Reported by FlawFinder.
Line: 861
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
request->ssids = (void *)&request->channels[request->n_channels];
request->n_ssids = rdev_req->n_ssids;
memcpy(request->ssids, rdev_req->ssids, sizeof(*request->ssids) *
request->n_ssids);
/*
* If this scan follows a previous scan, save the scan start
* info from the first part of the scan
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/spectrum.c
43 issues
Line: 99
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char mlxsw_sp2_driver_name[] = "mlxsw_spectrum2";
static const char mlxsw_sp3_driver_name[] = "mlxsw_spectrum3";
static const unsigned char mlxsw_sp1_mac_mask[ETH_ALEN] = {
0xff, 0xff, 0xff, 0xff, 0xfc, 0x00
};
static const unsigned char mlxsw_sp2_mac_mask[ETH_ALEN] = {
0xff, 0xff, 0xff, 0xff, 0xf0, 0x00
};
Reported by FlawFinder.
Line: 102
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const unsigned char mlxsw_sp1_mac_mask[ETH_ALEN] = {
0xff, 0xff, 0xff, 0xff, 0xfc, 0x00
};
static const unsigned char mlxsw_sp2_mac_mask[ETH_ALEN] = {
0xff, 0xff, 0xff, 0xff, 0xf0, 0x00
};
/* tx_hdr_version
* Tx header version.
Reported by FlawFinder.
Line: 178
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int counter_index, u64 *packets,
u64 *bytes)
{
char mgpc_pl[MLXSW_REG_MGPC_LEN];
int err;
mlxsw_reg_mgpc_pack(mgpc_pl, counter_index, MLXSW_REG_MGPC_OPCODE_NOP,
MLXSW_REG_FLOW_COUNTER_SET_TYPE_PACKETS_BYTES);
err = mlxsw_reg_query(mlxsw_sp->core, MLXSW_REG(mgpc), mgpc_pl);
Reported by FlawFinder.
Line: 196
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mlxsw_sp_flow_counter_clear(struct mlxsw_sp *mlxsw_sp,
unsigned int counter_index)
{
char mgpc_pl[MLXSW_REG_MGPC_LEN];
mlxsw_reg_mgpc_pack(mgpc_pl, counter_index, MLXSW_REG_MGPC_OPCODE_CLEAR,
MLXSW_REG_FLOW_COUNTER_SET_TYPE_PACKETS_BYTES);
return mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(mgpc), mgpc_pl);
}
Reported by FlawFinder.
Line: 283
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mlxsw_sp_base_mac_get(struct mlxsw_sp *mlxsw_sp)
{
char spad_pl[MLXSW_REG_SPAD_LEN] = {0};
int err;
err = mlxsw_reg_query(mlxsw_sp->core, MLXSW_REG(spad), spad_pl);
if (err)
return err;
Reported by FlawFinder.
Line: 297
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool is_up)
{
struct mlxsw_sp *mlxsw_sp = mlxsw_sp_port->mlxsw_sp;
char paos_pl[MLXSW_REG_PAOS_LEN];
mlxsw_reg_paos_pack(paos_pl, mlxsw_sp_port->local_port,
is_up ? MLXSW_PORT_ADMIN_STATUS_UP :
MLXSW_PORT_ADMIN_STATUS_DOWN);
return mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(paos), paos_pl);
Reported by FlawFinder.
Line: 309
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char *addr)
{
struct mlxsw_sp *mlxsw_sp = mlxsw_sp_port->mlxsw_sp;
char ppad_pl[MLXSW_REG_PPAD_LEN];
mlxsw_reg_ppad_pack(ppad_pl, true, mlxsw_sp_port->local_port);
mlxsw_reg_ppad_mac_memcpy_to(ppad_pl, addr);
return mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(ppad), ppad_pl);
}
Reported by FlawFinder.
Line: 329
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mlxsw_sp_port_max_mtu_get(struct mlxsw_sp_port *mlxsw_sp_port, int *p_max_mtu)
{
struct mlxsw_sp *mlxsw_sp = mlxsw_sp_port->mlxsw_sp;
char pmtu_pl[MLXSW_REG_PMTU_LEN];
int err;
mlxsw_reg_pmtu_pack(pmtu_pl, mlxsw_sp_port->local_port, 0);
err = mlxsw_reg_query(mlxsw_sp->core, MLXSW_REG(pmtu), pmtu_pl);
if (err)
Reported by FlawFinder.
Line: 344
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mlxsw_sp_port_mtu_set(struct mlxsw_sp_port *mlxsw_sp_port, u16 mtu)
{
struct mlxsw_sp *mlxsw_sp = mlxsw_sp_port->mlxsw_sp;
char pmtu_pl[MLXSW_REG_PMTU_LEN];
mtu += MLXSW_TXHDR_LEN + ETH_HLEN;
if (mtu > mlxsw_sp_port->max_mtu)
return -EINVAL;
Reported by FlawFinder.
Line: 357
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mlxsw_sp_port_swid_set(struct mlxsw_sp_port *mlxsw_sp_port, u8 swid)
{
struct mlxsw_sp *mlxsw_sp = mlxsw_sp_port->mlxsw_sp;
char pspa_pl[MLXSW_REG_PSPA_LEN];
mlxsw_reg_pspa_pack(pspa_pl, swid, mlxsw_sp_port->local_port);
return mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(pspa), pspa_pl);
}
Reported by FlawFinder.
fs/nfsd/nfs4xdr.c
43 issues
Line: 4018
Column: 93
CWE codes:
362
20
Suggestion:
Reconsider approach
}
static __be32
nfsd4_encode_readlink(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readlink *readlink)
{
int maxcount;
__be32 wire_count;
int zero = 0;
struct xdr_stream *xdr = resp->xdr;
Reported by FlawFinder.
Line: 776
Column: 28
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static __be32
nfsd4_decode_access(struct nfsd4_compoundargs *argp,
struct nfsd4_access *access)
{
if (xdr_stream_decode_u32(argp->xdr, &access->ac_req_access) < 0)
return nfserr_bad_xdr;
return nfs_ok;
}
Reported by FlawFinder.
Line: 3582
Column: 89
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
static __be32
nfsd4_encode_access(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_access *access)
{
struct xdr_stream *xdr = resp->xdr;
__be32 *p;
p = xdr_reserve_space(xdr, 8);
Reported by FlawFinder.
Line: 145
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!p)
return NULL;
memcpy(p, buf, len);
p[len] = '\0';
return p;
}
static void *
Reported by FlawFinder.
Line: 165
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tmp = svcxdr_tmpalloc(argp, len);
if (!tmp)
return NULL;
memcpy(tmp, p, len);
return tmp;
}
/*
* NFSv4 basic data type decoders
Reported by FlawFinder.
Line: 555
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = xdr_inline_decode(argp->xdr, sizeof(__be64));
if (!p)
return nfserr_bad_xdr;
memcpy(clientid, p, sizeof(*clientid));
return nfs_ok;
}
static __be32
nfsd4_decode_state_owner4(struct nfsd4_compoundargs *argp,
Reported by FlawFinder.
Line: 581
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = xdr_inline_decode(argp->xdr, NFS4_DEVICEID4_SIZE);
if (!p)
return nfserr_bad_xdr;
memcpy(devid, p, sizeof(*devid));
return nfs_ok;
}
static __be32
nfsd4_decode_layoutupdate4(struct nfsd4_compoundargs *argp,
Reported by FlawFinder.
Line: 968
Column: 77
CWE codes:
362
}
static __be32
nfsd4_decode_createhow4(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
{
__be32 status;
if (xdr_stream_decode_u32(argp->xdr, &open->op_createmode) < 0)
return nfserr_bad_xdr;
Reported by FlawFinder.
Line: 1010
Column: 76
CWE codes:
362
}
static __be32
nfsd4_decode_openflag4(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
{
__be32 status;
if (xdr_stream_decode_u32(argp->xdr, &open->op_create) < 0)
return nfserr_bad_xdr;
Reported by FlawFinder.
Line: 1020
Column: 42
CWE codes:
362
case NFS4_OPEN_NOCREATE:
break;
case NFS4_OPEN_CREATE:
status = nfsd4_decode_createhow4(argp, open);
if (status)
return status;
break;
default:
return nfserr_bad_xdr;
Reported by FlawFinder.