The following issues were found
drivers/net/wireguard/selftest/allowedips.c
10 issues
Line: 431
CWE codes:
758
u8 *split = (u8 *)&ip;
split[0] = a;
split[1] = b;
split[2] = c;
split[3] = d;
return &ip;
}
Reported by Cppcheck.
Line: 432
CWE codes:
758
split[0] = a;
split[1] = b;
split[2] = c;
split[3] = d;
return &ip;
}
static __init inline struct in6_addr *ip6(u32 a, u32 b, u32 c, u32 d)
Reported by Cppcheck.
Line: 433
CWE codes:
758
split[0] = a;
split[1] = b;
split[2] = c;
split[3] = d;
return &ip;
}
static __init inline struct in6_addr *ip6(u32 a, u32 b, u32 c, u32 d)
{
Reported by Cppcheck.
Line: 443
CWE codes:
758
__be32 *split = (__be32 *)&ip;
split[0] = cpu_to_be32(a);
split[1] = cpu_to_be32(b);
split[2] = cpu_to_be32(c);
split[3] = cpu_to_be32(d);
return &ip;
}
Reported by Cppcheck.
Line: 444
CWE codes:
758
split[0] = cpu_to_be32(a);
split[1] = cpu_to_be32(b);
split[2] = cpu_to_be32(c);
split[3] = cpu_to_be32(d);
return &ip;
}
static __init struct wg_peer *init_peer(void)
Reported by Cppcheck.
Line: 445
CWE codes:
758
split[0] = cpu_to_be32(a);
split[1] = cpu_to_be32(b);
split[2] = cpu_to_be32(c);
split[3] = cpu_to_be32(d);
return &ip;
}
static __init struct wg_peer *init_peer(void)
{
Reported by Cppcheck.
Line: 42
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (node->peer) {
hsiphash_key_t key = { { 0 } };
memcpy(&key, &node->peer, sizeof(node->peer));
color = hsiphash_1u32(0xdeadbeef, &key) % 200 << 16 |
hsiphash_1u32(0xbabecafe, &key) % 200 << 8 |
hsiphash_1u32(0xabad1dea, &key) % 200;
style = "bold";
}
Reported by FlawFinder.
Line: 301
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto free_locked;
}
for (j = 0; j < NUM_MUTATED_ROUTES; ++j) {
memcpy(mutated, ip, 4);
prandom_bytes(mutate_mask, 4);
mutate_amount = prandom_u32_max(32);
for (k = 0; k < mutate_amount / 8; ++k)
mutate_mask[k] = 0xff;
mutate_mask[k] = 0xff
Reported by FlawFinder.
Line: 345
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto free_locked;
}
for (j = 0; j < NUM_MUTATED_ROUTES; ++j) {
memcpy(mutated, ip, 16);
prandom_bytes(mutate_mask, 16);
mutate_amount = prandom_u32_max(128);
for (k = 0; k < mutate_amount / 8; ++k)
mutate_mask[k] = 0xff;
mutate_mask[k] = 0xff
Reported by FlawFinder.
Line: 602
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < 128; ++i) {
part = cpu_to_be64(~(1LLU << (i % 64)));
memset(&ip, 0xff, 16);
memcpy((u8 *)&ip + (i < 64) * 8, &part, 8);
wg_allowedips_insert_v6(&t, &ip, 128, a, &mutex);
}
wg_allowedips_free(&t, &mutex);
Reported by FlawFinder.
drivers/net/wireless/ath/ath9k/htc_drv_debug.c
10 issues
Line: 24
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath9k_htc_priv *priv = file->private_data;
struct ath9k_htc_target_int_stats cmd_rsp;
char buf[512];
unsigned int len = 0;
int ret = 0;
memset(&cmd_rsp, 0, sizeof(cmd_rsp));
Reported by FlawFinder.
Line: 82
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath9k_htc_priv *priv = file->private_data;
struct ath9k_htc_target_tx_stats cmd_rsp;
char buf[512];
unsigned int len = 0;
int ret = 0;
memset(&cmd_rsp, 0, sizeof(cmd_rsp));
Reported by FlawFinder.
Line: 152
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath9k_htc_priv *priv = file->private_data;
struct ath9k_htc_target_rx_stats cmd_rsp;
char buf[512];
unsigned int len = 0;
int ret = 0;
memset(&cmd_rsp, 0, sizeof(cmd_rsp));
Reported by FlawFinder.
Line: 197
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath9k_htc_priv *priv = file->private_data;
char buf[512];
unsigned int len = 0;
len += scnprintf(buf + len, sizeof(buf) - len,
"%20s : %10u\n", "Buffers queued",
priv->debug.tx_stats.buf_queued);
Reported by FlawFinder.
Line: 293
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath9k_htc_priv *priv = file->private_data;
char buf[512];
unsigned int len;
spin_lock_bh(&priv->tx.tx_lock);
len = scnprintf(buf, sizeof(buf),
"TX slot bitmap : %*pb\n"
Reported by FlawFinder.
Line: 317
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath9k_htc_priv *priv = file->private_data;
char buf[512];
unsigned int len = 0;
len += scnprintf(buf + len, sizeof(buf) - len, "%20s : %10u\n",
"Mgmt endpoint", skb_queue_len(&priv->tx.mgmt_ep_queue));
Reported by FlawFinder.
Line: 365
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath9k_htc_priv *priv = file->private_data;
struct ath_common *common = ath9k_hw_common(priv->ah);
char buf[32];
unsigned int len;
len = sprintf(buf, "0x%08x\n", common->debug_mask);
return simple_read_from_buffer(user_buf, count, ppos, buf, len);
}
Reported by FlawFinder.
Line: 368
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char buf[32];
unsigned int len;
len = sprintf(buf, "0x%08x\n", common->debug_mask);
return simple_read_from_buffer(user_buf, count, ppos, buf, len);
}
static ssize_t write_file_debug(struct file *file, const char __user *user_buf,
size_t count, loff_t *ppos)
Reported by FlawFinder.
Line: 378
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ath9k_htc_priv *priv = file->private_data;
struct ath_common *common = ath9k_hw_common(priv->ah);
unsigned long mask;
char buf[32];
ssize_t len;
len = min(count, sizeof(buf) - 1);
if (copy_from_user(buf, user_buf, len))
return -EFAULT;
Reported by FlawFinder.
Line: 431
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u32 sset, u8 *data)
{
if (sset == ETH_SS_STATS)
memcpy(data, *ath9k_htc_gstrings_stats,
sizeof(ath9k_htc_gstrings_stats));
}
int ath9k_htc_get_et_sset_count(struct ieee80211_hw *hw,
struct ieee80211_vif *vif, int sset)
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/spectrum_ptp.c
10 issues
Line: 107
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
mlxsw_sp1_ptp_phc_adjfreq(struct mlxsw_sp_ptp_clock *clock, int freq_adj)
{
struct mlxsw_core *mlxsw_core = clock->core;
char mtutc_pl[MLXSW_REG_MTUTC_LEN];
mlxsw_reg_mtutc_pack(mtutc_pl, MLXSW_REG_MTUTC_OPERATION_ADJUST_FREQ,
freq_adj, 0);
return mlxsw_reg_write(mlxsw_core, MLXSW_REG(mtutc), mtutc_pl);
}
Reported by FlawFinder.
Line: 129
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mlxsw_core *mlxsw_core = clock->core;
u64 next_sec, next_sec_in_nsec, cycles;
char mtutc_pl[MLXSW_REG_MTUTC_LEN];
char mtpps_pl[MLXSW_REG_MTPPS_LEN];
int err;
next_sec = div_u64(nsec, NSEC_PER_SEC) + 1;
next_sec_in_nsec = next_sec * NSEC_PER_SEC;
Reported by FlawFinder.
Line: 130
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core *mlxsw_core = clock->core;
u64 next_sec, next_sec_in_nsec, cycles;
char mtutc_pl[MLXSW_REG_MTUTC_LEN];
char mtpps_pl[MLXSW_REG_MTPPS_LEN];
int err;
next_sec = div_u64(nsec, NSEC_PER_SEC) + 1;
next_sec_in_nsec = next_sec * NSEC_PER_SEC;
Reported by FlawFinder.
Line: 696
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum mlxsw_reg_mtptpt_trap_id trap_id,
u16 message_type)
{
char mtptpt_pl[MLXSW_REG_MTPTPT_LEN];
mlxsw_reg_mtptptp_pack(mtptpt_pl, trap_id, message_type);
return mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(mtptpt), mtptpt_pl);
}
Reported by FlawFinder.
Line: 705
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mlxsw_sp1_ptp_set_fifo_clr_on_trap(struct mlxsw_sp *mlxsw_sp,
bool clr)
{
char mogcr_pl[MLXSW_REG_MOGCR_LEN] = {0};
int err;
err = mlxsw_reg_query(mlxsw_sp->core, MLXSW_REG(mogcr), mogcr_pl);
if (err)
return err;
Reported by FlawFinder.
Line: 720
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mlxsw_sp1_ptp_mtpppc_set(struct mlxsw_sp *mlxsw_sp,
u16 ing_types, u16 egr_types)
{
char mtpppc_pl[MLXSW_REG_MTPPPC_LEN];
mlxsw_reg_mtpppc_pack(mtpppc_pl, ing_types, egr_types);
return mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(mtpppc), mtpppc_pl);
}
Reported by FlawFinder.
Line: 791
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mlxsw_sp1_ptp_shaper_params_set(struct mlxsw_sp *mlxsw_sp)
{
const struct mlxsw_sp1_ptp_shaper_params *params;
char qpsc_pl[MLXSW_REG_QPSC_LEN];
int i, err;
for (i = 0; i < MLXSW_SP1_PTP_SHAPER_PARAMS_LEN; i++) {
params = &mlxsw_sp1_ptp_shaper_params[i];
mlxsw_reg_qpsc_pack(qpsc_pl, params->port_speed,
Reported by FlawFinder.
Line: 1000
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
mlxsw_sp1_ptp_port_shaper_set(struct mlxsw_sp_port *mlxsw_sp_port, bool enable)
{
struct mlxsw_sp *mlxsw_sp = mlxsw_sp_port->mlxsw_sp;
char qeec_pl[MLXSW_REG_QEEC_LEN];
mlxsw_reg_qeec_ptps_pack(qeec_pl, mlxsw_sp_port->local_port, enable);
return mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(qeec), qeec_pl);
}
Reported by FlawFinder.
Line: 1096
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
struct mlxsw_sp_ptp_port_stat {
char str[ETH_GSTRING_LEN];
ptrdiff_t offset;
};
#define MLXSW_SP_PTP_PORT_STAT(NAME, FIELD) \
{ \
Reported by FlawFinder.
Line: 1129
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
for (i = 0; i < MLXSW_SP_PTP_PORT_STATS_LEN; i++) {
memcpy(*p, mlxsw_sp_ptp_port_stats[i].str,
ETH_GSTRING_LEN);
*p += ETH_GSTRING_LEN;
}
}
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/en_fs_ethtool.c
10 issues
Line: 137
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__be32 ip4src_v, __be32 ip4dst_m, __be32 ip4dst_v)
{
if (ip4src_m) {
memcpy(MLX5E_FTE_ADDR_OF(headers_v, src_ipv4_src_ipv6.ipv4_layout.ipv4),
&ip4src_v, sizeof(ip4src_v));
memcpy(MLX5E_FTE_ADDR_OF(headers_c, src_ipv4_src_ipv6.ipv4_layout.ipv4),
&ip4src_m, sizeof(ip4src_m));
}
if (ip4dst_m) {
Reported by FlawFinder.
Line: 139
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ip4src_m) {
memcpy(MLX5E_FTE_ADDR_OF(headers_v, src_ipv4_src_ipv6.ipv4_layout.ipv4),
&ip4src_v, sizeof(ip4src_v));
memcpy(MLX5E_FTE_ADDR_OF(headers_c, src_ipv4_src_ipv6.ipv4_layout.ipv4),
&ip4src_m, sizeof(ip4src_m));
}
if (ip4dst_m) {
memcpy(MLX5E_FTE_ADDR_OF(headers_v, dst_ipv4_dst_ipv6.ipv4_layout.ipv4),
&ip4dst_v, sizeof(ip4dst_v));
Reported by FlawFinder.
Line: 143
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
&ip4src_m, sizeof(ip4src_m));
}
if (ip4dst_m) {
memcpy(MLX5E_FTE_ADDR_OF(headers_v, dst_ipv4_dst_ipv6.ipv4_layout.ipv4),
&ip4dst_v, sizeof(ip4dst_v));
memcpy(MLX5E_FTE_ADDR_OF(headers_c, dst_ipv4_dst_ipv6.ipv4_layout.ipv4),
&ip4dst_m, sizeof(ip4dst_m));
}
Reported by FlawFinder.
Line: 145
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ip4dst_m) {
memcpy(MLX5E_FTE_ADDR_OF(headers_v, dst_ipv4_dst_ipv6.ipv4_layout.ipv4),
&ip4dst_v, sizeof(ip4dst_v));
memcpy(MLX5E_FTE_ADDR_OF(headers_c, dst_ipv4_dst_ipv6.ipv4_layout.ipv4),
&ip4dst_m, sizeof(ip4dst_m));
}
MLX5E_FTE_SET(headers_c, ethertype, 0xffff);
MLX5E_FTE_SET(headers_v, ethertype, ETH_P_IP);
Reported by FlawFinder.
Line: 160
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 ip6_sz = MLX5_FLD_SZ_BYTES(ipv6_layout, ipv6);
if (!ipv6_addr_any((struct in6_addr *)ip6src_m)) {
memcpy(MLX5E_FTE_ADDR_OF(headers_v, src_ipv4_src_ipv6.ipv6_layout.ipv6),
ip6src_v, ip6_sz);
memcpy(MLX5E_FTE_ADDR_OF(headers_c, src_ipv4_src_ipv6.ipv6_layout.ipv6),
ip6src_m, ip6_sz);
}
if (!ipv6_addr_any((struct in6_addr *)ip6dst_m)) {
Reported by FlawFinder.
Line: 162
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!ipv6_addr_any((struct in6_addr *)ip6src_m)) {
memcpy(MLX5E_FTE_ADDR_OF(headers_v, src_ipv4_src_ipv6.ipv6_layout.ipv6),
ip6src_v, ip6_sz);
memcpy(MLX5E_FTE_ADDR_OF(headers_c, src_ipv4_src_ipv6.ipv6_layout.ipv6),
ip6src_m, ip6_sz);
}
if (!ipv6_addr_any((struct in6_addr *)ip6dst_m)) {
memcpy(MLX5E_FTE_ADDR_OF(headers_v, dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
ip6dst_v, ip6_sz);
Reported by FlawFinder.
Line: 166
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ip6src_m, ip6_sz);
}
if (!ipv6_addr_any((struct in6_addr *)ip6dst_m)) {
memcpy(MLX5E_FTE_ADDR_OF(headers_v, dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
ip6dst_v, ip6_sz);
memcpy(MLX5E_FTE_ADDR_OF(headers_c, dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
ip6dst_m, ip6_sz);
}
Reported by FlawFinder.
Line: 168
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!ipv6_addr_any((struct in6_addr *)ip6dst_m)) {
memcpy(MLX5E_FTE_ADDR_OF(headers_v, dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
ip6dst_v, ip6_sz);
memcpy(MLX5E_FTE_ADDR_OF(headers_c, dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
ip6dst_m, ip6_sz);
}
MLX5E_FTE_SET(headers_c, ethertype, 0xffff);
MLX5E_FTE_SET(headers_v, ethertype, ETH_P_IPV6);
Reported by FlawFinder.
Line: 319
Column: 44
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void
set_dmac(void *headers_c, void *headers_v,
unsigned char m_dest[ETH_ALEN], unsigned char v_dest[ETH_ALEN])
{
ether_addr_copy(MLX5E_FTE_ADDR_OF(headers_c, dmac_47_16), m_dest);
ether_addr_copy(MLX5E_FTE_ADDR_OF(headers_v, dmac_47_16), v_dest);
}
Reported by FlawFinder.
Line: 319
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void
set_dmac(void *headers_c, void *headers_v,
unsigned char m_dest[ETH_ALEN], unsigned char v_dest[ETH_ALEN])
{
ether_addr_copy(MLX5E_FTE_ADDR_OF(headers_c, dmac_47_16), m_dest);
ether_addr_copy(MLX5E_FTE_ADDR_OF(headers_v, dmac_47_16), v_dest);
}
Reported by FlawFinder.
drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c
10 issues
Line: 909
Column: 8
CWE codes:
120
20
s32 ixgbe_mii_bus_init(struct ixgbe_hw *hw)
{
s32 (*write)(struct mii_bus *bus, int addr, int regnum, u16 val);
s32 (*read)(struct mii_bus *bus, int addr, int regnum);
struct ixgbe_adapter *adapter = hw->back;
struct pci_dev *pdev = adapter->pdev;
struct device *dev = &adapter->netdev->dev;
struct mii_bus *bus;
Reported by FlawFinder.
Line: 941
Column: 14
CWE codes:
120
20
if (!bus)
return -ENOMEM;
bus->read = read;
bus->write = write;
/* Use the position of the device in the PCI hierarchy as the id */
snprintf(bus->id, MII_BUS_ID_SIZE, "%s-mdio-%s", ixgbe_driver_name,
pci_name(pdev));
Reported by FlawFinder.
Line: 1311
Column: 27
CWE codes:
120
20
if (ret_val)
return ret_val;
ret_val = hw->eeprom.ops.read(hw, data_offset, &block_crc);
data_offset++;
while (!end_data) {
/*
* Read control word from PHY init contents offset
*/
Reported by FlawFinder.
Line: 1317
Column: 28
CWE codes:
120
20
/*
* Read control word from PHY init contents offset
*/
ret_val = hw->eeprom.ops.read(hw, data_offset, &eword);
if (ret_val)
goto err_eeprom;
control = (eword & IXGBE_CONTROL_MASK_NL) >>
IXGBE_CONTROL_SHIFT_NL;
edata = eword & IXGBE_DATA_MASK_NL;
Reported by FlawFinder.
Line: 1332
Column: 29
CWE codes:
120
20
case IXGBE_DATA_NL:
hw_dbg(hw, "DATA:\n");
data_offset++;
ret_val = hw->eeprom.ops.read(hw, data_offset++,
&phy_offset);
if (ret_val)
goto err_eeprom;
for (i = 0; i < edata; i++) {
ret_val = hw->eeprom.ops.read(hw, data_offset,
Reported by FlawFinder.
Line: 1337
Column: 30
CWE codes:
120
20
if (ret_val)
goto err_eeprom;
for (i = 0; i < edata; i++) {
ret_val = hw->eeprom.ops.read(hw, data_offset,
&eword);
if (ret_val)
goto err_eeprom;
hw->phy.ops.write_reg(hw, phy_offset,
MDIO_MMD_PMAPMD, eword);
Reported by FlawFinder.
Line: 1883
Column: 21
CWE codes:
120
20
sfp_type = ixgbe_sfp_type_srlr_core1;
/* Read offset to PHY init contents */
if (hw->eeprom.ops.read(hw, IXGBE_PHY_INIT_OFFSET_NL, list_offset)) {
hw_err(hw, "eeprom read at %d failed\n",
IXGBE_PHY_INIT_OFFSET_NL);
return IXGBE_ERR_SFP_NO_INIT_SEQ_PRESENT;
}
Reported by FlawFinder.
Line: 1899
Column: 21
CWE codes:
120
20
* Find the matching SFP ID in the EEPROM
* and program the init sequence
*/
if (hw->eeprom.ops.read(hw, *list_offset, &sfp_id))
goto err_phy;
while (sfp_id != IXGBE_PHY_INIT_END_NL) {
if (sfp_id == sfp_type) {
(*list_offset)++;
Reported by FlawFinder.
Line: 1905
Column: 23
CWE codes:
120
20
while (sfp_id != IXGBE_PHY_INIT_END_NL) {
if (sfp_id == sfp_type) {
(*list_offset)++;
if (hw->eeprom.ops.read(hw, *list_offset, data_offset))
goto err_phy;
if ((!*data_offset) || (*data_offset == 0xFFFF)) {
hw_dbg(hw, "SFP+ module not supported\n");
return IXGBE_ERR_SFP_NOT_SUPPORTED;
} else {
Reported by FlawFinder.
drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
10 issues
Line: 160
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bufp = buf;
cnt_le = cpu_to_le32(cnt);
memcpy(bufp, &cnt_le, sizeof(cnt_le));
bufp += sizeof(cnt_le);
netdev_for_each_mc_addr(ha, ndev) {
if (!cnt)
break;
Reported by FlawFinder.
Line: 166
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
netdev_for_each_mc_addr(ha, ndev) {
if (!cnt)
break;
memcpy(bufp, ha->addr, ETH_ALEN);
bufp += ETH_ALEN;
cnt--;
}
err = brcmf_fil_iovar_data_set(ifp, "mcast_list", buf, buflen);
Reported by FlawFinder.
Line: 246
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bphy_err(drvr, "Setting cur_etheraddr failed, %d\n", err);
} else {
brcmf_dbg(TRACE, "updated to %pM\n", sa->sa_data);
memcpy(ifp->mac_addr, sa->sa_data, ETH_ALEN);
memcpy(ifp->ndev->dev_addr, ifp->mac_addr, ETH_ALEN);
}
return err;
}
Reported by FlawFinder.
Line: 247
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
brcmf_dbg(TRACE, "updated to %pM\n", sa->sa_data);
memcpy(ifp->mac_addr, sa->sa_data, ETH_ALEN);
memcpy(ifp->ndev->dev_addr, ifp->mac_addr, ETH_ALEN);
}
return err;
}
static void brcmf_netdev_set_multicast_list(struct net_device *ndev)
Reported by FlawFinder.
Line: 571
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct brcmf_if *ifp = netdev_priv(ndev);
struct brcmf_pub *drvr = ifp->drvr;
char drev[BRCMU_DOTREV_LEN] = "n/a";
if (drvr->revinfo.result == 0)
brcmu_dotrev_str(drvr->revinfo.driverrev, drev);
strlcpy(info->driver, KBUILD_MODNAME, sizeof(info->driver));
strlcpy(info->version, drev, sizeof(info->version));
Reported by FlawFinder.
Line: 658
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ndev->ethtool_ops = &brcmf_ethtool_ops;
/* set the mac address & netns */
memcpy(ndev->dev_addr, ifp->mac_addr, ETH_ALEN);
dev_net_set(ndev, wiphy_net(cfg_to_wiphy(drvr->config)));
INIT_WORK(&ifp->multicast_work, _brcmf_set_multicast_list);
INIT_WORK(&ifp->ndoffload_work, _brcmf_update_ndtable);
Reported by FlawFinder.
Line: 833
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ndev->netdev_ops = &brcmf_netdev_ops_p2p;
/* set the mac address */
memcpy(ndev->dev_addr, ifp->mac_addr, ETH_ALEN);
if (register_netdev(ndev) != 0) {
bphy_err(drvr, "couldn't register the p2p net device\n");
goto fail;
}
Reported by FlawFinder.
Line: 908
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock_init(&ifp->netif_stop_lock);
if (mac_addr != NULL)
memcpy(ifp->mac_addr, mac_addr, ETH_ALEN);
brcmf_dbg(TRACE, " ==== pid:%x, if:%s (%pM) created ===\n",
current->pid, name, ifp->mac_addr);
return ifp;
Reported by FlawFinder.
Line: 1142
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct brcmf_bus *bus_if = dev_get_drvdata(s->private);
struct brcmf_rev_info *ri = &bus_if->drvr->revinfo;
char drev[BRCMU_DOTREV_LEN];
char brev[BRCMU_BOARDREV_LEN];
seq_printf(s, "vendorid: 0x%04x\n", ri->vendorid);
seq_printf(s, "deviceid: 0x%04x\n", ri->deviceid);
seq_printf(s, "radiorev: %s\n", brcmu_dotrev_str(ri->radiorev, drev));
Reported by FlawFinder.
Line: 1143
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct brcmf_bus *bus_if = dev_get_drvdata(s->private);
struct brcmf_rev_info *ri = &bus_if->drvr->revinfo;
char drev[BRCMU_DOTREV_LEN];
char brev[BRCMU_BOARDREV_LEN];
seq_printf(s, "vendorid: 0x%04x\n", ri->vendorid);
seq_printf(s, "deviceid: 0x%04x\n", ri->deviceid);
seq_printf(s, "radiorev: %s\n", brcmu_dotrev_str(ri->radiorev, drev));
seq_printf(s, "chip: %s\n", ri->chipname);
Reported by FlawFinder.
drivers/net/fddi/skfp/pmf.c
10 issues
Line: 67
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u_short p_num ; /* parameter code */
u_char p_access ; /* access rights */
u_short p_offset ; /* offset in mib */
char p_swap[3] ; /* format string */
} p_tab[] = {
/* StationIdGrp */
{ SMT_P100A,AC_GROUP } ,
{ SMT_P100B,AC_G, MOFFSS(fddiSMTStationId), "8" } ,
{ SMT_P100D,AC_G, MOFFSS(fddiSMTOpVersionId), "S" } ,
Reported by FlawFinder.
Line: 853
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mib_p->fddiPORTAvailablePaths ;
sp->p4053_currentpath =
mib_p->fddiPORTCurrentPath ;
memcpy( (char *) &sp->p4053_requestedpaths,
(char *) mib_p->fddiPORTRequestedPaths,4) ;
sp->p4053_mytype =
mib_p->fddiPORTMy_Type ;
sp->p4053_neighbortype =
mib_p->fddiPORTNeighborType ;
Reported by FlawFinder.
Line: 989
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto len_error ;
to[0] = 0 ;
to[1] = 0 ;
memcpy((char *) to+2,(char *) from,6) ;
to += 8 ;
from += 8 ;
len -= 8 ;
break ;
case '8' :
Reported by FlawFinder.
Line: 997
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case '8' :
if (len < 8)
goto len_error ;
memcpy((char *) to,(char *) from,8) ;
to += 8 ;
from += 8 ;
len -= 8 ;
break ;
case 'D' :
Reported by FlawFinder.
Line: 1005
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case 'D' :
if (len < 32)
goto len_error ;
memcpy((char *) to,(char *) from,32) ;
to += 32 ;
from += 32 ;
len -= 32 ;
break ;
case 'P' : /* timestamp is NOT swapped */
Reported by FlawFinder.
Line: 1237
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len < 8)
goto len_error ;
if (set)
memcpy(to,from+2,6) ;
to += 8 ;
from += 8 ;
len -= 8 ;
break ;
case '4' :
Reported by FlawFinder.
Line: 1246
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len < 4)
goto len_error ;
if (set)
memcpy(to,from,4) ;
to += 4 ;
from += 4 ;
len -= 4 ;
break ;
case '8' :
Reported by FlawFinder.
Line: 1255
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len < 8)
goto len_error ;
if (set)
memcpy(to,from,8) ;
to += 8 ;
from += 8 ;
len -= 8 ;
break ;
case 'D' :
Reported by FlawFinder.
Line: 1264
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len < 32)
goto len_error ;
if (set)
memcpy(to,from,32) ;
to += 32 ;
from += 32 ;
len -= 32 ;
break ;
case 'P' : /* timestamp is NOT swapped */
Reported by FlawFinder.
Line: 1460
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break ;
case SMT_P4011 : /* fddiPORTRequestedPaths */
/* all 3*8 bits allowed */
IFSET(memcpy((char *)mib_p->fddiPORTRequestedPaths,
(char *)&long_val,4)) ;
break ;
case SMT_P401F: /* fddiPORTMaint_LS */
if (word_val > 4)
goto val_error ;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/spectrum_trap.c
10 issues
Line: 1210
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mlxsw_sp_trap_cpu_policers_set(struct mlxsw_sp *mlxsw_sp)
{
struct mlxsw_sp_trap *trap = mlxsw_sp->trap;
char qpcr_pl[MLXSW_REG_QPCR_LEN];
u16 hw_id;
/* The purpose of "thin" policer is to drop as many packets
* as possible. The dummy group is using it.
*/
Reported by FlawFinder.
Line: 1229
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mlxsw_sp_trap_dummy_group_init(struct mlxsw_sp *mlxsw_sp)
{
char htgt_pl[MLXSW_REG_HTGT_LEN];
mlxsw_reg_htgt_pack(htgt_pl, MLXSW_REG_HTGT_TRAP_GROUP_SP_DUMMY,
mlxsw_sp->trap->thin_policer_hw_id, 0, 1);
return mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(htgt), htgt_pl);
}
Reported by FlawFinder.
Line: 1260
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
trap->policers_count = free_policers;
/* Initialize policer items array with pre-defined policers. */
memcpy(trap->policer_items_arr, mlxsw_sp_trap_policer_items_arr,
elem_size * arr_size);
/* Initialize policer items array with the rest of the available
* policers.
*/
Reported by FlawFinder.
Line: 1356
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!trap->group_items_arr)
return -ENOMEM;
memcpy(trap->group_items_arr, mlxsw_sp_trap_group_items_arr,
elem_size * common_groups_count);
memcpy(trap->group_items_arr + common_groups_count,
spec_group_items_arr, elem_size * spec_groups_count);
trap->groups_count = groups_count;
Reported by FlawFinder.
Line: 1358
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(trap->group_items_arr, mlxsw_sp_trap_group_items_arr,
elem_size * common_groups_count);
memcpy(trap->group_items_arr + common_groups_count,
spec_group_items_arr, elem_size * spec_groups_count);
trap->groups_count = groups_count;
return 0;
Reported by FlawFinder.
Line: 1444
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!trap->trap_items_arr)
return -ENOMEM;
memcpy(trap->trap_items_arr, mlxsw_sp_trap_items_arr,
elem_size * common_traps_count);
memcpy(trap->trap_items_arr + common_traps_count,
spec_trap_items_arr, elem_size * spec_traps_count);
trap->traps_count = traps_count;
Reported by FlawFinder.
Line: 1446
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(trap->trap_items_arr, mlxsw_sp_trap_items_arr,
elem_size * common_traps_count);
memcpy(trap->trap_items_arr + common_traps_count,
spec_trap_items_arr, elem_size * spec_traps_count);
trap->traps_count = traps_count;
return 0;
Reported by FlawFinder.
Line: 1644
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_sp *mlxsw_sp = mlxsw_core_driver_priv(mlxsw_core);
u16 hw_policer_id = MLXSW_REG_HTGT_INVALID_POLICER;
const struct mlxsw_sp_trap_group_item *group_item;
char htgt_pl[MLXSW_REG_HTGT_LEN];
group_item = mlxsw_sp_trap_group_item_lookup(mlxsw_sp, group->id);
if (WARN_ON(!group_item))
return -EINVAL;
Reported by FlawFinder.
Line: 1735
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 rate, u64 burst, bool clear_counter,
struct netlink_ext_ack *extack)
{
char qpcr_pl[MLXSW_REG_QPCR_LEN];
u8 burst_size;
int err;
err = mlxsw_sp_trap_policer_bs(burst, &burst_size, extack);
if (err)
Reported by FlawFinder.
Line: 1813
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mlxsw_sp *mlxsw_sp = mlxsw_core_driver_priv(mlxsw_core);
struct mlxsw_sp_trap_policer_item *policer_item;
char qpcr_pl[MLXSW_REG_QPCR_LEN];
int err;
policer_item = mlxsw_sp_trap_policer_item_lookup(mlxsw_sp, policer->id);
if (WARN_ON(!policer_item))
return -EINVAL;
Reported by FlawFinder.
drivers/net/ethernet/microsoft/mana/mana_ethtool.c
10 issues
Line: 11
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "mana.h"
static const struct {
char name[ETH_GSTRING_LEN];
u16 offset;
} mana_eth_stats[] = {
{"stop_queue", offsetof(struct mana_ethtool_stats, stop_queue)},
{"wake_queue", offsetof(struct mana_ethtool_stats, wake_queue)},
};
Reported by FlawFinder.
Line: 40
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
for (i = 0; i < ARRAY_SIZE(mana_eth_stats); i++) {
memcpy(p, mana_eth_stats[i].name, ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
for (i = 0; i < num_queues; i++) {
sprintf(p, "rx_%d_packets", i);
Reported by FlawFinder.
Line: 45
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < num_queues; i++) {
sprintf(p, "rx_%d_packets", i);
p += ETH_GSTRING_LEN;
sprintf(p, "rx_%d_bytes", i);
p += ETH_GSTRING_LEN;
}
Reported by FlawFinder.
Line: 47
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < num_queues; i++) {
sprintf(p, "rx_%d_packets", i);
p += ETH_GSTRING_LEN;
sprintf(p, "rx_%d_bytes", i);
p += ETH_GSTRING_LEN;
}
for (i = 0; i < num_queues; i++) {
sprintf(p, "tx_%d_packets", i);
Reported by FlawFinder.
Line: 52
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < num_queues; i++) {
sprintf(p, "tx_%d_packets", i);
p += ETH_GSTRING_LEN;
sprintf(p, "tx_%d_bytes", i);
p += ETH_GSTRING_LEN;
}
}
Reported by FlawFinder.
Line: 54
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < num_queues; i++) {
sprintf(p, "tx_%d_packets", i);
p += ETH_GSTRING_LEN;
sprintf(p, "tx_%d_bytes", i);
p += ETH_GSTRING_LEN;
}
}
static void mana_get_ethtool_stats(struct net_device *ndev,
Reported by FlawFinder.
Line: 142
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (key)
memcpy(key, apc->hashkey, MANA_HASH_KEY_SIZE);
return 0;
}
static int mana_set_rxfh(struct net_device *ndev, const u32 *indir,
Reported by FlawFinder.
Line: 176
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (key) {
update_hash = true;
memcpy(save_key, apc->hashkey, MANA_HASH_KEY_SIZE);
memcpy(apc->hashkey, key, MANA_HASH_KEY_SIZE);
}
err = mana_config_rss(apc, TRI_STATE_TRUE, update_hash, update_table);
Reported by FlawFinder.
Line: 177
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (key) {
update_hash = true;
memcpy(save_key, apc->hashkey, MANA_HASH_KEY_SIZE);
memcpy(apc->hashkey, key, MANA_HASH_KEY_SIZE);
}
err = mana_config_rss(apc, TRI_STATE_TRUE, update_hash, update_table);
if (err) { /* recover to original values */
Reported by FlawFinder.
Line: 189
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (update_hash)
memcpy(apc->hashkey, save_key, MANA_HASH_KEY_SIZE);
mana_config_rss(apc, TRI_STATE_TRUE, update_hash, update_table);
}
return err;
Reported by FlawFinder.
drivers/net/ethernet/netronome/nfp/flower/action.c
10 issues
Line: 389
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
push->class = opt->opt_class;
push->type = opt->type;
push->length = opt->length;
memcpy(&push->opt_data, opt->opt_data, opt->length * 4);
src += sizeof(struct geneve_opt) + opt->length * 4;
}
return 0;
Reported by FlawFinder.
Line: 808
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (set_act->set_eth.head.len_lw) {
act_size = sizeof(set_act->set_eth);
memcpy(nfp_action, &set_act->set_eth, act_size);
*a_len += act_size;
}
if (set_act->set_ip_ttl_tos.head.len_lw) {
nfp_action += act_size;
Reported by FlawFinder.
Line: 815
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (set_act->set_ip_ttl_tos.head.len_lw) {
nfp_action += act_size;
act_size = sizeof(set_act->set_ip_ttl_tos);
memcpy(nfp_action, &set_act->set_ip_ttl_tos, act_size);
*a_len += act_size;
/* Hardware will automatically fix IPv4 and TCP/UDP checksum. */
*csum_updated |= TCA_CSUM_UPDATE_FLAG_IPV4HDR |
nfp_fl_csum_l4_to_flag(ip_proto);
Reported by FlawFinder.
Line: 826
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (set_act->set_ip_addr.head.len_lw) {
nfp_action += act_size;
act_size = sizeof(set_act->set_ip_addr);
memcpy(nfp_action, &set_act->set_ip_addr, act_size);
*a_len += act_size;
/* Hardware will automatically fix IPv4 and TCP/UDP checksum. */
*csum_updated |= TCA_CSUM_UPDATE_FLAG_IPV4HDR |
nfp_fl_csum_l4_to_flag(ip_proto);
Reported by FlawFinder.
Line: 837
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (set_act->set_ip6_tc_hl_fl.head.len_lw) {
nfp_action += act_size;
act_size = sizeof(set_act->set_ip6_tc_hl_fl);
memcpy(nfp_action, &set_act->set_ip6_tc_hl_fl, act_size);
*a_len += act_size;
/* Hardware will automatically fix TCP/UDP checksum. */
*csum_updated |= nfp_fl_csum_l4_to_flag(ip_proto);
}
Reported by FlawFinder.
Line: 851
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
nfp_action += act_size;
act_size = sizeof(set_act->set_ip6_src);
memcpy(nfp_action, &set_act->set_ip6_src, act_size);
*a_len += act_size;
act_size = sizeof(set_act->set_ip6_dst);
memcpy(&nfp_action[sizeof(set_act->set_ip6_src)],
&set_act->set_ip6_dst, act_size);
Reported by FlawFinder.
Line: 855
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*a_len += act_size;
act_size = sizeof(set_act->set_ip6_dst);
memcpy(&nfp_action[sizeof(set_act->set_ip6_src)],
&set_act->set_ip6_dst, act_size);
*a_len += act_size;
/* Hardware will automatically fix TCP/UDP checksum. */
*csum_updated |= nfp_fl_csum_l4_to_flag(ip_proto);
Reported by FlawFinder.
Line: 864
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (set_act->set_ip6_dst.head.len_lw) {
nfp_action += act_size;
act_size = sizeof(set_act->set_ip6_dst);
memcpy(nfp_action, &set_act->set_ip6_dst, act_size);
*a_len += act_size;
/* Hardware will automatically fix TCP/UDP checksum. */
*csum_updated |= nfp_fl_csum_l4_to_flag(ip_proto);
} else if (set_act->set_ip6_src.head.len_lw) {
Reported by FlawFinder.
Line: 872
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (set_act->set_ip6_src.head.len_lw) {
nfp_action += act_size;
act_size = sizeof(set_act->set_ip6_src);
memcpy(nfp_action, &set_act->set_ip6_src, act_size);
*a_len += act_size;
/* Hardware will automatically fix TCP/UDP checksum. */
*csum_updated |= nfp_fl_csum_l4_to_flag(ip_proto);
}
Reported by FlawFinder.
Line: 881
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (set_act->set_tport.head.len_lw) {
nfp_action += act_size;
act_size = sizeof(set_act->set_tport);
memcpy(nfp_action, &set_act->set_tport, act_size);
*a_len += act_size;
/* Hardware will automatically fix TCP/UDP checksum. */
*csum_updated |= nfp_fl_csum_l4_to_flag(ip_proto);
}
Reported by FlawFinder.