The following issues were found
drivers/crypto/inside-secure/safexcel_hash.c
42 issues
Line: 125
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (unlikely(req->digest == CONTEXT_CONTROL_DIGEST_XCM)) {
if (req->xcbcmac)
memcpy(ctx->base.ctxr->data, &ctx->base.ipad, ctx->key_sz);
else
memcpy(ctx->base.ctxr->data, req->state, req->state_sz);
if (!req->finish && req->xcbcmac)
cdesc->control_data.control0 |=
Reported by FlawFinder.
Line: 127
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (req->xcbcmac)
memcpy(ctx->base.ctxr->data, &ctx->base.ipad, ctx->key_sz);
else
memcpy(ctx->base.ctxr->data, req->state, req->state_sz);
if (!req->finish && req->xcbcmac)
cdesc->control_data.control0 |=
CONTEXT_CONTROL_DIGEST_XCM |
CONTEXT_CONTROL_TYPE_HASH_OUT |
Reported by FlawFinder.
Line: 162
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Hash continuation or HMAC, setup (inner) digest from state */
memcpy(ctx->base.ctxr->data, req->state, req->state_sz);
if (req->finish) {
/* Compute digest count for hash/HMAC finish operations */
if ((req->digest == CONTEXT_CONTROL_DIGEST_PRECOMPUTED) ||
req->hmac_zlen || (req->processed != req->block_sz)) {
Reported by FlawFinder.
Line: 206
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
req->hmac_zlen = false;
} else { /* HMAC */
/* Need outer digest for HMAC finalization */
memcpy(ctx->base.ctxr->data + (req->state_sz >> 2),
&ctx->base.opad, req->state_sz);
/* Single pass HMAC - no digest count */
cdesc->control_data.control0 |=
CONTEXT_CONTROL_SIZE(req->state_sz >> 1) |
Reported by FlawFinder.
Line: 273
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (sreq->hmac &&
(sreq->digest != CONTEXT_CONTROL_DIGEST_HMAC)) {
/* Faking HMAC using hash - need to do outer hash */
memcpy(sreq->cache, sreq->state,
crypto_ahash_digestsize(ahash));
memcpy(sreq->state, &ctx->base.opad, sreq->digest_sz);
sreq->len = sreq->block_sz +
Reported by FlawFinder.
Line: 276
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(sreq->cache, sreq->state,
crypto_ahash_digestsize(ahash));
memcpy(sreq->state, &ctx->base.opad, sreq->digest_sz);
sreq->len = sreq->block_sz +
crypto_ahash_digestsize(ahash);
sreq->processed = sreq->block_sz;
sreq->hmac = 0;
Reported by FlawFinder.
Line: 297
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Undo final XOR with 0xffffffff ...*/
*(__le32 *)areq->result = ~sreq->state[0];
} else {
memcpy(areq->result, sreq->state,
crypto_ahash_digestsize(ahash));
}
}
cache_len = safexcel_queued_len(sreq);
Reported by FlawFinder.
Line: 304
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cache_len = safexcel_queued_len(sreq);
if (cache_len)
memcpy(sreq->cache, sreq->cache_next, cache_len);
*should_complete = true;
return 1;
}
Reported by FlawFinder.
Line: 781
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* result directly here.
*/
if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_MD5)
memcpy(areq->result, md5_zero_message_hash,
MD5_DIGEST_SIZE);
else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA1)
memcpy(areq->result, sha1_zero_message_hash,
SHA1_DIGEST_SIZE);
else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA224)
Reported by FlawFinder.
Line: 784
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(areq->result, md5_zero_message_hash,
MD5_DIGEST_SIZE);
else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA1)
memcpy(areq->result, sha1_zero_message_hash,
SHA1_DIGEST_SIZE);
else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA224)
memcpy(areq->result, sha224_zero_message_hash,
SHA224_DIGEST_SIZE);
else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA256)
Reported by FlawFinder.
drivers/scsi/qla2xxx/qla_init.c
42 issues
Line: 3588
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
int leftover, len;
memset(str, 0, STR_LEN);
snprintf(str, SFF_VEN_NAME_LEN+1, a0->vendor_name);
ql_dbg(ql_dbg_init, vha, 0x015a,
"SFP MFG Name: %s\n", str);
memset(str, 0, STR_LEN);
snprintf(str, SFF_PART_NAME_LEN+1, a0->vendor_pn);
Reported by FlawFinder.
Line: 3593
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
"SFP MFG Name: %s\n", str);
memset(str, 0, STR_LEN);
snprintf(str, SFF_PART_NAME_LEN+1, a0->vendor_pn);
ql_dbg(ql_dbg_init, vha, 0x015c,
"SFP Part Name: %s\n", str);
/* media */
memset(str, 0, STR_LEN);
Reported by FlawFinder.
Line: 1704
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
e->u.new_sess.id = *id;
e->u.new_sess.pla = pla;
e->u.new_sess.fc4_type = fc4_type;
memcpy(e->u.new_sess.port_name, port_name, WWN_SIZE);
if (node_name)
memcpy(e->u.new_sess.node_name, node_name, WWN_SIZE);
return qla2x00_post_work(vha, e);
}
Reported by FlawFinder.
Line: 1706
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
e->u.new_sess.fc4_type = fc4_type;
memcpy(e->u.new_sess.port_name, port_name, WWN_SIZE);
if (node_name)
memcpy(e->u.new_sess.node_name, node_name, WWN_SIZE);
return qla2x00_post_work(vha, e);
}
void qla2x00_handle_rscn(scsi_qla_host_t *vha, struct event_arg *ea)
Reported by FlawFinder.
Line: 3427
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
mutex_lock(&ha->optrom_mutex);
if (ha->fw_dumped) {
memcpy(fw_dump, ha->fw_dump, ha->fw_dump_len);
vfree(ha->fw_dump);
ha->fw_dump = fw_dump;
ha->fw_dump_alloc_len = dump_size;
ql_dbg(ql_dbg_init, vha, 0x00c5,
"Re-Allocated (%d KB) and save firmware dump.\n",
Reported by FlawFinder.
Line: 4493
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint8_t al_pa;
uint8_t area;
uint8_t domain;
char connect_type[22];
struct qla_hw_data *ha = vha->hw;
scsi_qla_host_t *base_vha = pci_get_drvdata(ha->pdev);
port_id_t id;
unsigned long flags;
Reported by FlawFinder.
Line: 4540
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
case 0:
ql_dbg(ql_dbg_disc, vha, 0x200b, "HBA in NL topology.\n");
ha->current_topology = ISP_CFG_NL;
strcpy(connect_type, "(Loop)");
break;
case 1:
ql_dbg(ql_dbg_disc, vha, 0x200c, "HBA in FL topology.\n");
ha->switch_cap = sw_cap;
Reported by FlawFinder.
Line: 4547
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
ql_dbg(ql_dbg_disc, vha, 0x200c, "HBA in FL topology.\n");
ha->switch_cap = sw_cap;
ha->current_topology = ISP_CFG_FL;
strcpy(connect_type, "(FL_Port)");
break;
case 2:
ql_dbg(ql_dbg_disc, vha, 0x200d, "HBA in N P2P topology.\n");
ha->operating_mode = P2P;
Reported by FlawFinder.
Line: 4554
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
ql_dbg(ql_dbg_disc, vha, 0x200d, "HBA in N P2P topology.\n");
ha->operating_mode = P2P;
ha->current_topology = ISP_CFG_N;
strcpy(connect_type, "(N_Port-to-N_Port)");
break;
case 3:
ql_dbg(ql_dbg_disc, vha, 0x200e, "HBA in F P2P topology.\n");
ha->switch_cap = sw_cap;
Reported by FlawFinder.
Line: 4562
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
ha->switch_cap = sw_cap;
ha->operating_mode = P2P;
ha->current_topology = ISP_CFG_F;
strcpy(connect_type, "(F_Port)");
break;
default:
ql_dbg(ql_dbg_disc, vha, 0x200f,
"HBA in unknown topology %x, using NL.\n", topo);
Reported by FlawFinder.
drivers/net/bonding/bond_sysfs.c
42 issues
Line: 53
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
res += sprintf(buf + res, "++more++ ");
break;
}
res += sprintf(buf + res, "%s ", bond->dev->name);
}
if (res)
buf[res-1] = '\n'; /* eat the leftover space */
rtnl_unlock();
Reported by FlawFinder.
Line: 184
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
res += sprintf(buf + res, "++more++ ");
break;
}
res += sprintf(buf + res, "%s ", slave->dev->name);
}
rtnl_unlock();
if (res)
Reported by FlawFinder.
Line: 206
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
val = bond_opt_get_val(BOND_OPT_MODE, BOND_MODE(bond));
return sprintf(buf, "%s %d\n", val->string, BOND_MODE(bond));
}
static DEVICE_ATTR(mode, 0644, bonding_show_mode, bonding_sysfs_store_option);
/* Show the bonding transmit hash method. */
static ssize_t bonding_show_xmit_hash(struct device *d,
Reported by FlawFinder.
Line: 220
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
val = bond_opt_get_val(BOND_OPT_XMIT_HASH, bond->params.xmit_policy);
return sprintf(buf, "%s %d\n", val->string, bond->params.xmit_policy);
}
static DEVICE_ATTR(xmit_hash_policy, 0644,
bonding_show_xmit_hash, bonding_sysfs_store_option);
/* Show arp_validate. */
Reported by FlawFinder.
Line: 236
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
val = bond_opt_get_val(BOND_OPT_ARP_VALIDATE,
bond->params.arp_validate);
return sprintf(buf, "%s %d\n", val->string, bond->params.arp_validate);
}
static DEVICE_ATTR(arp_validate, 0644, bonding_show_arp_validate,
bonding_sysfs_store_option);
/* Show arp_all_targets. */
Reported by FlawFinder.
Line: 251
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
val = bond_opt_get_val(BOND_OPT_ARP_ALL_TARGETS,
bond->params.arp_all_targets);
return sprintf(buf, "%s %d\n",
val->string, bond->params.arp_all_targets);
}
static DEVICE_ATTR(arp_all_targets, 0644,
bonding_show_arp_all_targets, bonding_sysfs_store_option);
Reported by FlawFinder.
Line: 268
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
val = bond_opt_get_val(BOND_OPT_FAIL_OVER_MAC,
bond->params.fail_over_mac);
return sprintf(buf, "%s %d\n", val->string, bond->params.fail_over_mac);
}
static DEVICE_ATTR(fail_over_mac, 0644,
bonding_show_fail_over_mac, bonding_sysfs_store_option);
/* Show the arp timer interval. */
Reported by FlawFinder.
Line: 352
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
val = bond_opt_get_val(BOND_OPT_LACP_RATE, bond->params.lacp_fast);
return sprintf(buf, "%s %d\n", val->string, bond->params.lacp_fast);
}
static DEVICE_ATTR(lacp_rate, 0644,
bonding_show_lacp, bonding_sysfs_store_option);
static ssize_t bonding_show_min_links(struct device *d,
Reported by FlawFinder.
Line: 377
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
val = bond_opt_get_val(BOND_OPT_AD_SELECT, bond->params.ad_select);
return sprintf(buf, "%s %d\n", val->string, bond->params.ad_select);
}
static DEVICE_ATTR(ad_select, 0644,
bonding_show_ad_select, bonding_sysfs_store_option);
/* Show the number of peer notifications to send after a failover event. */
Reported by FlawFinder.
Line: 420
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
rcu_read_lock();
primary = rcu_dereference(bond->primary_slave);
if (primary)
count = sprintf(buf, "%s\n", primary->dev->name);
rcu_read_unlock();
return count;
}
static DEVICE_ATTR(primary, 0644,
Reported by FlawFinder.
drivers/scsi/lpfc/lpfc_debugfs.c
41 issues
Line: 465
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct lpfc_pvt_pool *pvt_pool;
struct lpfc_pbl_pool *pbl_pool;
u32 txcmplq_cnt;
char tmp[LPFC_DEBUG_OUT_LINE_SZ] = {0};
if (phba->sli_rev != LPFC_SLI_REV4)
return 0;
if (!phba->sli4_hba.hdwq)
Reported by FlawFinder.
Line: 1259
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 data1, data2, data3;
u64 tot, totin, totout;
int i;
char tmp[LPFC_MAX_SCSI_INFO_TMP_LEN] = {0};
if (!(vport->cfg_enable_fc4_type & LPFC_ENABLE_FCP) ||
(phba->sli_rev != LPFC_SLI_REV4))
return 0;
Reported by FlawFinder.
Line: 1702
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint32_t tot_xmt;
uint32_t tot_rcv;
uint32_t tot_cmpl;
char tmp[LPFC_MAX_SCSI_INFO_TMP_LEN] = {0};
scnprintf(tmp, sizeof(tmp), "HDWQ Stats:\n\n");
if (strlcat(buf, tmp, size) >= size)
goto buffer_done;
Reported by FlawFinder.
Line: 2157
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct lpfc_debug *debug = file->private_data;
struct lpfc_hba *phba = (struct lpfc_hba *)debug->i_private;
struct lpfc_sli4_hdw_queue *qp;
char mybuf[64];
char *pbuf;
int i;
memset(mybuf, 0, sizeof(mybuf));
Reported by FlawFinder.
Line: 2207
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
&phba->ras_fwlog.fwlog_buff_list, list) {
/* Check if copying will go over size and a '\0' char */
if ((copied + LPFC_RAS_MAX_ENTRY_SIZE) >= (size - 1)) {
memcpy(buffer + copied, dmabuf->virt,
size - copied - 1);
copied += size - copied - 1;
break;
}
memcpy(buffer + copied, dmabuf->virt, LPFC_RAS_MAX_ENTRY_SIZE);
Reported by FlawFinder.
Line: 2212
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copied += size - copied - 1;
break;
}
memcpy(buffer + copied, dmabuf->virt, LPFC_RAS_MAX_ENTRY_SIZE);
copied += LPFC_RAS_MAX_ENTRY_SIZE;
}
return copied;
}
Reported by FlawFinder.
Line: 2375
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct dentry *dent = file->f_path.dentry;
struct lpfc_hba *phba = file->private_data;
char cbuf[32];
uint64_t tmp = 0;
int cnt = 0;
if (dent == phba->debug_writeGuard)
cnt = scnprintf(cbuf, 32, "%u\n", phba->lpfc_injerr_wgrd_cnt);
Reported by FlawFinder.
Line: 2395
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cnt = scnprintf(cbuf, 32, "0x%06x\n",
phba->lpfc_injerr_nportid);
else if (dent == phba->debug_InjErrWWPN) {
memcpy(&tmp, &phba->lpfc_injerr_wwpn, sizeof(struct lpfc_name));
tmp = cpu_to_be64(tmp);
cnt = scnprintf(cbuf, 32, "0x%016llx\n", tmp);
} else if (dent == phba->debug_InjErrLBA) {
if (phba->lpfc_injerr_lba == (sector_t)(-1))
cnt = scnprintf(cbuf, 32, "off\n");
Reported by FlawFinder.
Line: 2417
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct dentry *dent = file->f_path.dentry;
struct lpfc_hba *phba = file->private_data;
char dstbuf[33];
uint64_t tmp = 0;
int size;
memset(dstbuf, 0, 33);
size = (nbytes < 32) ? nbytes : 32;
Reported by FlawFinder.
Line: 2453
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
phba->lpfc_injerr_nportid = (uint32_t)(tmp & Mask_DID);
else if (dent == phba->debug_InjErrWWPN) {
tmp = cpu_to_be64(tmp);
memcpy(&phba->lpfc_injerr_wwpn, &tmp, sizeof(struct lpfc_name));
} else
lpfc_printf_log(phba, KERN_ERR, LOG_INIT,
"0548 Unknown debugfs error injection entry\n");
return nbytes;
Reported by FlawFinder.
tools/testing/selftests/tc-testing/TdcResults.py
41 issues
Line: 54
Column: 31
if type(newstep) == list:
self.steps.extend(newstep)
elif type(newstep) == str:
self.steps.append(step)
else:
raise TypeError('TdcResults.add_steps() requires a list or str')
def get_executed_steps(self):
return self.steps
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python3
from enum import Enum
class ResultState(Enum):
noresult = -1
skip = 0
success = 1
fail = 2
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python3
from enum import Enum
class ResultState(Enum):
noresult = -1
skip = 0
success = 1
fail = 2
Reported by Pylint.
Line: 5
Column: 1
from enum import Enum
class ResultState(Enum):
noresult = -1
skip = 0
success = 1
fail = 2
Reported by Pylint.
Line: 11
Column: 1
success = 1
fail = 2
class TestResult:
def __init__(self, test_id="", test_name=""):
self.test_id = test_id
self.test_name = test_name
self.result = ResultState.noresult
self.failmsg = ""
Reported by Pylint.
Line: 13
Column: 1
class TestResult:
def __init__(self, test_id="", test_name=""):
self.test_id = test_id
self.test_name = test_name
self.result = ResultState.noresult
self.failmsg = ""
self.errormsg = ""
self.steps = []
Reported by Pylint.
Line: 14
Column: 1
class TestResult:
def __init__(self, test_id="", test_name=""):
self.test_id = test_id
self.test_name = test_name
self.result = ResultState.noresult
self.failmsg = ""
self.errormsg = ""
self.steps = []
Reported by Pylint.
Line: 15
Column: 1
def __init__(self, test_id="", test_name=""):
self.test_id = test_id
self.test_name = test_name
self.result = ResultState.noresult
self.failmsg = ""
self.errormsg = ""
self.steps = []
def set_result(self, result):
Reported by Pylint.
Line: 16
Column: 1
self.test_id = test_id
self.test_name = test_name
self.result = ResultState.noresult
self.failmsg = ""
self.errormsg = ""
self.steps = []
def set_result(self, result):
if (isinstance(result, ResultState)):
Reported by Pylint.
Line: 17
Column: 1
self.test_name = test_name
self.result = ResultState.noresult
self.failmsg = ""
self.errormsg = ""
self.steps = []
def set_result(self, result):
if (isinstance(result, ResultState)):
self.result = result
Reported by Pylint.
drivers/net/wireless/marvell/mwifiex/main.c
41 issues
Line: 1118
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mwifiex_drv_get_driver_version(adapter, drv_version,
sizeof(drv_version) - 1);
p += sprintf(p, "driver_version = %s\n", drv_version);
if (adapter->iface_type == MWIFIEX_USB) {
cardp = (struct usb_card_rec *)adapter->card;
p += sprintf(p, "tx_cmd_urb_pending = %d\n",
atomic_read(&cardp->tx_cmd_urb_pending));
Reported by FlawFinder.
Line: 1151
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!adapter->priv[i] || !adapter->priv[i]->netdev)
continue;
priv = adapter->priv[i];
p += sprintf(p, "\n[interface : \"%s\"]\n",
priv->netdev->name);
p += sprintf(p, "wmm_tx_pending[0] = %d\n",
atomic_read(&priv->wmm_tx_pending[0]));
p += sprintf(p, "wmm_tx_pending[1] = %d\n",
atomic_read(&priv->wmm_tx_pending[1]));
Reported by FlawFinder.
Line: 1161
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
atomic_read(&priv->wmm_tx_pending[2]));
p += sprintf(p, "wmm_tx_pending[3] = %d\n",
atomic_read(&priv->wmm_tx_pending[3]));
p += sprintf(p, "media_state=\"%s\"\n", !priv->media_connected ?
"Disconnected" : "Connected");
p += sprintf(p, "carrier %s\n", (netif_carrier_ok(priv->netdev)
? "on" : "off"));
for (idx = 0; idx < priv->netdev->num_tx_queues; idx++) {
txq = netdev_get_tx_queue(priv->netdev, idx);
Reported by FlawFinder.
Line: 1163
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
atomic_read(&priv->wmm_tx_pending[3]));
p += sprintf(p, "media_state=\"%s\"\n", !priv->media_connected ?
"Disconnected" : "Connected");
p += sprintf(p, "carrier %s\n", (netif_carrier_ok(priv->netdev)
? "on" : "off"));
for (idx = 0; idx < priv->netdev->num_tx_queues; idx++) {
txq = netdev_get_tx_queue(priv->netdev, idx);
p += sprintf(p, "tx queue %d:%s ", idx,
netif_tx_queue_stopped(txq) ?
Reported by FlawFinder.
Line: 1167
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
? "on" : "off"));
for (idx = 0; idx < priv->netdev->num_tx_queues; idx++) {
txq = netdev_get_tx_queue(priv->netdev, idx);
p += sprintf(p, "tx queue %d:%s ", idx,
netif_tx_queue_stopped(txq) ?
"stopped" : "started");
}
p += sprintf(p, "\n%s: num_tx_timeout = %d\n",
priv->netdev->name, priv->num_tx_timeout);
Reported by FlawFinder.
Line: 1171
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
netif_tx_queue_stopped(txq) ?
"stopped" : "started");
}
p += sprintf(p, "\n%s: num_tx_timeout = %d\n",
priv->netdev->name, priv->num_tx_timeout);
}
if (adapter->iface_type == MWIFIEX_SDIO ||
adapter->iface_type == MWIFIEX_PCIE) {
Reported by FlawFinder.
Line: 1177
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (adapter->iface_type == MWIFIEX_SDIO ||
adapter->iface_type == MWIFIEX_PCIE) {
p += sprintf(p, "\n=== %s register dump===\n",
adapter->iface_type == MWIFIEX_SDIO ?
"SDIO" : "PCIE");
if (adapter->if_ops.reg_dump)
p += adapter->if_ops.reg_dump(adapter, p);
}
Reported by FlawFinder.
Line: 1250
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(fw_dump_ptr, "========Start dump ");
fw_dump_ptr += strlen("========Start dump ");
strcpy(fw_dump_ptr, entry->mem_name);
fw_dump_ptr += strlen(entry->mem_name);
strcpy(fw_dump_ptr, "========\n");
fw_dump_ptr += strlen("========\n");
Reported by FlawFinder.
Line: 523
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int _mwifiex_fw_dpc(const struct firmware *firmware, void *context)
{
int ret;
char fmt[64];
struct mwifiex_adapter *adapter = context;
struct mwifiex_fw_image fw;
bool init_failed = false;
struct wireless_dev *wdev;
struct completion *fw_done = adapter->fw_done;
Reported by FlawFinder.
Line: 1101
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void mwifiex_drv_info_dump(struct mwifiex_adapter *adapter)
{
char *p;
char drv_version[64];
struct usb_card_rec *cardp;
struct sdio_mmc_card *sdio_card;
struct mwifiex_private *priv;
int i, idx;
struct netdev_queue *txq;
Reported by FlawFinder.
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c
41 issues
Line: 770
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
j = 0;
sprintf(result[j++], "%02u", pg_id);
sprintf(result[j++], "0x%02x", pri_bit_map);
sprintf(result[j++], "%4s", sch_mode_str);
sprintf(result[j++], "%3u", weight);
hclge_dbg_fill_shaper_content(&c_shaper_para, result, &j);
hclge_dbg_fill_shaper_content(&p_shaper_para, result, &j);
hclge_dbg_fill_content(content, sizeof(content), tm_pg_items,
Reported by FlawFinder.
Line: 1055
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(result[j++], "%04u", i);
sprintf(result[j++], "%4u", priority);
sprintf(result[j++], "%4u", link_vld);
sprintf(result[j++], "%4s", sch_mode_str);
sprintf(result[j++], "%3u", weight);
hclge_dbg_fill_shaper_content(&shaper_para, result, &j);
hclge_dbg_fill_content(content, sizeof(content), tm_qset_items,
(const char **)result,
Reported by FlawFinder.
Line: 1918
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
result[i++] = hclge_dbg_get_func_id_str(str_id,
func_id);
sprintf(result[i++], "%pM", mac_node->mac_addr);
sprintf(result[i++], "%5s",
hclge_mac_state_str[mac_node->state]);
hclge_dbg_fill_content(content, sizeof(content),
mac_list_items,
(const char **)result,
ARRAY_SIZE(mac_list_items));
Reported by FlawFinder.
Line: 102
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static char *hclge_dbg_get_func_id_str(char *buf, u8 id)
{
if (id)
sprintf(buf, "vf%u", id - 1);
else
sprintf(buf, "pf");
return buf;
}
Reported by FlawFinder.
Line: 104
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (id)
sprintf(buf, "vf%u", id - 1);
else
sprintf(buf, "pf");
return buf;
}
static int hclge_dbg_get_dfx_bd_num(struct hclge_dev *hdev, int offset,
Reported by FlawFinder.
Line: 713
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static void hclge_dbg_fill_shaper_content(struct hclge_tm_shaper_para *para,
char **result, u8 *index)
{
sprintf(result[(*index)++], "%3u", para->ir_b);
sprintf(result[(*index)++], "%3u", para->ir_u);
sprintf(result[(*index)++], "%3u", para->ir_s);
sprintf(result[(*index)++], "%3u", para->bs_b);
sprintf(result[(*index)++], "%3u", para->bs_s);
sprintf(result[(*index)++], "%3u", para->flag);
Reported by FlawFinder.
Line: 714
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char **result, u8 *index)
{
sprintf(result[(*index)++], "%3u", para->ir_b);
sprintf(result[(*index)++], "%3u", para->ir_u);
sprintf(result[(*index)++], "%3u", para->ir_s);
sprintf(result[(*index)++], "%3u", para->bs_b);
sprintf(result[(*index)++], "%3u", para->bs_s);
sprintf(result[(*index)++], "%3u", para->flag);
sprintf(result[(*index)++], "%6u", para->rate);
Reported by FlawFinder.
Line: 715
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
sprintf(result[(*index)++], "%3u", para->ir_b);
sprintf(result[(*index)++], "%3u", para->ir_u);
sprintf(result[(*index)++], "%3u", para->ir_s);
sprintf(result[(*index)++], "%3u", para->bs_b);
sprintf(result[(*index)++], "%3u", para->bs_s);
sprintf(result[(*index)++], "%3u", para->flag);
sprintf(result[(*index)++], "%6u", para->rate);
}
Reported by FlawFinder.
Line: 716
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(result[(*index)++], "%3u", para->ir_b);
sprintf(result[(*index)++], "%3u", para->ir_u);
sprintf(result[(*index)++], "%3u", para->ir_s);
sprintf(result[(*index)++], "%3u", para->bs_b);
sprintf(result[(*index)++], "%3u", para->bs_s);
sprintf(result[(*index)++], "%3u", para->flag);
sprintf(result[(*index)++], "%6u", para->rate);
}
Reported by FlawFinder.
Line: 717
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(result[(*index)++], "%3u", para->ir_u);
sprintf(result[(*index)++], "%3u", para->ir_s);
sprintf(result[(*index)++], "%3u", para->bs_b);
sprintf(result[(*index)++], "%3u", para->bs_s);
sprintf(result[(*index)++], "%3u", para->flag);
sprintf(result[(*index)++], "%6u", para->rate);
}
static int hclge_dbg_dump_tm_pg(struct hclge_dev *hdev, char *buf, int len)
Reported by FlawFinder.
drivers/net/wireless/intel/ipw2x00/libipw_rx.c
41 issues
Line: 269
Column: 35
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
/* Called only as a tasklet (software IRQ), by libipw_rx */
static int
libipw_rx_frame_decrypt(struct libipw_device *ieee, struct sk_buff *skb,
struct lib80211_crypt_data *crypt)
{
struct libipw_hdr_3addr *hdr;
int res, hdrlen;
if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL)
Reported by FlawFinder.
Line: 301
Column: 33
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
static int
libipw_rx_frame_decrypt_msdu(struct libipw_device *ieee,
struct sk_buff *skb, int keyidx,
struct lib80211_crypt_data *crypt)
{
struct libipw_hdr_3addr *hdr;
int res, hdrlen;
if (crypt == NULL || crypt->ops->decrypt_msdu == NULL)
Reported by FlawFinder.
Line: 429
Column: 28
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
* is only allowed 2-bits of storage, no value of keyidx can
* be provided via above code that would result in keyidx
* being out of range */
crypt = ieee->crypt_info.crypt[keyidx];
#ifdef NOT_YET
sta = NULL;
/* Use station specific key to override default keys if the
Reported by FlawFinder.
Line: 442
Column: 48
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
* stations that do not support WEP key mapping). */
if (is_unicast_ether_addr(hdr->addr1) || local->bcrx_sta_key)
(void)hostap_handle_sta_crypto(local, hdr, &crypt,
&sta);
#endif
/* allow NULL decrypt to indicate an station specific override
* for default encryption */
Reported by FlawFinder.
Line: 448
Column: 7
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
/* allow NULL decrypt to indicate an station specific override
* for default encryption */
if (crypt && (crypt->ops == NULL ||
crypt->ops->decrypt_mpdu == NULL))
crypt = NULL;
if (!crypt && (fc & IEEE80211_FCTL_PROTECTED)) {
/* This seems to be triggered by some (multicast?)
Reported by FlawFinder.
Line: 452
Column: 8
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
crypt->ops->decrypt_mpdu == NULL))
crypt = NULL;
if (!crypt && (fc & IEEE80211_FCTL_PROTECTED)) {
/* This seems to be triggered by some (multicast?)
* frames from other than current BSS, so just drop the
* frames silently instead of filling system log with
* these reports. */
LIBIPW_DEBUG_DROP("Decryption failed (not set)"
Reported by FlawFinder.
Line: 467
Column: 52
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (type != WLAN_FC_TYPE_DATA) {
if (type == WLAN_FC_TYPE_MGMT && stype == WLAN_FC_STYPE_AUTH &&
fc & IEEE80211_FCTL_PROTECTED && ieee->host_decrypt &&
(keyidx = hostap_rx_frame_decrypt(ieee, skb, crypt)) < 0) {
printk(KERN_DEBUG "%s: failed to decrypt mgmt::auth "
"from %pM\n", dev->name, hdr->addr2);
/* TODO: could inform hostapd about this so that it
* could send auth failure report */
goto rx_dropped;
Reported by FlawFinder.
Line: 570
Column: 51
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
/* skb: hdr + (possibly fragmented, possibly encrypted) payload */
if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted &&
(keyidx = libipw_rx_frame_decrypt(ieee, skb, crypt)) < 0)
goto rx_dropped;
hdr = (struct libipw_hdr_4addr *)skb->data;
/* skb: hdr + (possibly fragmented) plaintext payload */
Reported by FlawFinder.
Line: 634
Column: 54
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
/* skb: hdr + (possible reassembled) full MSDU payload; possibly still
* encrypted/authenticated */
if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted &&
libipw_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt))
goto rx_dropped;
hdr = (struct libipw_hdr_4addr *)skb->data;
if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !ieee->open_wep) {
if ( /*ieee->ieee802_1x && */
Reported by FlawFinder.
Line: 638
Column: 6
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
goto rx_dropped;
hdr = (struct libipw_hdr_4addr *)skb->data;
if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !ieee->open_wep) {
if ( /*ieee->ieee802_1x && */
libipw_is_eapol_frame(ieee, skb)) {
/* pass unencrypted EAPOL frames even if encryption is
* configured */
} else {
Reported by FlawFinder.
drivers/staging/rtl8192e/rtllib_softmac.c
41 issues
Line: 820
Column: 30
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
struct sk_buff *skb = NULL;
int encrypt;
int atim_len, erp_len;
struct lib80211_crypt_data *crypt;
char *ssid = ieee->current_network.ssid;
int ssid_len = ieee->current_network.ssid_len;
int rate_len = ieee->current_network.rates_len+2;
int rate_ex_len = ieee->current_network.rates_ex_len;
Reported by FlawFinder.
Line: 855
Column: 27
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
} else
erp_len = 0;
crypt = ieee->crypt_info.crypt[ieee->crypt_info.tx_keyidx];
encrypt = ieee->host_encrypt && crypt && crypt->ops &&
((strcmp(crypt->ops->name, "R-WEP") == 0 || wpa_ie_len));
if (ieee->pHTInfo->bCurrentHTSupport) {
tmp_ht_cap_buf = (u8 *) &(ieee->pHTInfo->SelfHTCap);
tmp_ht_cap_len = sizeof(ieee->pHTInfo->SelfHTCap);
Reported by FlawFinder.
Line: 856
Column: 34
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
erp_len = 0;
crypt = ieee->crypt_info.crypt[ieee->crypt_info.tx_keyidx];
encrypt = ieee->host_encrypt && crypt && crypt->ops &&
((strcmp(crypt->ops->name, "R-WEP") == 0 || wpa_ie_len));
if (ieee->pHTInfo->bCurrentHTSupport) {
tmp_ht_cap_buf = (u8 *) &(ieee->pHTInfo->SelfHTCap);
tmp_ht_cap_len = sizeof(ieee->pHTInfo->SelfHTCap);
tmp_ht_info_buf = (u8 *) &(ieee->pHTInfo->SelfHTInfo);
Reported by FlawFinder.
Line: 906
Column: 27
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
beacon_buf->capability |=
cpu_to_le16(WLAN_CAPABILITY_SHORT_SLOT_TIME);
crypt = ieee->crypt_info.crypt[ieee->crypt_info.tx_keyidx];
if (encrypt)
beacon_buf->capability |= cpu_to_le16(WLAN_CAPABILITY_PRIVACY);
beacon_buf->header.frame_ctl = cpu_to_le16(RTLLIB_STYPE_PROBE_RESP);
Reported by FlawFinder.
Line: 965
Column: 30
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
struct sk_buff *skb;
u8 *tag;
struct lib80211_crypt_data *crypt;
struct rtllib_assoc_response_frame *assoc;
short encrypt;
unsigned int rate_len = rtllib_MFIE_rate_len(ieee);
int len = sizeof(struct rtllib_assoc_response_frame) + rate_len +
Reported by FlawFinder.
Line: 995
Column: 28
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
cpu_to_le16(WLAN_CAPABILITY_SHORT_SLOT_TIME);
if (ieee->host_encrypt)
crypt = ieee->crypt_info.crypt[ieee->crypt_info.tx_keyidx];
else
crypt = NULL;
encrypt = (crypt && crypt->ops);
Reported by FlawFinder.
Line: 999
Column: 13
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
else
crypt = NULL;
encrypt = (crypt && crypt->ops);
if (encrypt)
assoc->capability |= cpu_to_le16(WLAN_CAPABILITY_PRIVACY);
assoc->status = 0;
Reported by FlawFinder.
Line: 1158
Column: 30
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
unsigned int ckip_ie_len = 0;
unsigned int ccxrm_ie_len = 0;
unsigned int cxvernum_ie_len = 0;
struct lib80211_crypt_data *crypt;
int encrypt;
int PMKCacheIdx;
unsigned int rate_len = (beacon->rates_len ?
(beacon->rates_len + 2) : 0) +
Reported by FlawFinder.
Line: 1172
Column: 27
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
int len = 0;
crypt = ieee->crypt_info.crypt[ieee->crypt_info.tx_keyidx];
if (crypt != NULL)
encrypt = ieee->host_encrypt && crypt && crypt->ops &&
((strcmp(crypt->ops->name, "R-WEP") == 0 ||
wpa_ie_len));
else
Reported by FlawFinder.
Line: 1173
Column: 6
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
int len = 0;
crypt = ieee->crypt_info.crypt[ieee->crypt_info.tx_keyidx];
if (crypt != NULL)
encrypt = ieee->host_encrypt && crypt && crypt->ops &&
((strcmp(crypt->ops->name, "R-WEP") == 0 ||
wpa_ie_len));
else
encrypt = 0;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c
41 issues
Line: 57
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head neigh_list;
struct net_device *dev; /* NULL for underlay RIF */
struct mlxsw_sp_fid *fid;
unsigned char addr[ETH_ALEN];
int mtu;
u16 rif_index;
u16 vr_id;
const struct mlxsw_sp_rif_ops *ops;
struct mlxsw_sp *mlxsw_sp;
Reported by FlawFinder.
Line: 178
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int counter_index, bool enable,
enum mlxsw_sp_rif_counter_dir dir)
{
char ritr_pl[MLXSW_REG_RITR_LEN];
bool is_egress = false;
int err;
if (dir == MLXSW_SP_RIF_COUNTER_EGRESS)
is_egress = true;
Reported by FlawFinder.
Line: 198
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_sp_rif *rif,
enum mlxsw_sp_rif_counter_dir dir, u64 *cnt)
{
char ricnt_pl[MLXSW_REG_RICNT_LEN];
unsigned int *p_counter_index;
bool valid;
int err;
valid = mlxsw_sp_rif_counter_valid_get(rif, dir);
Reported by FlawFinder.
Line: 222
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mlxsw_sp_rif_counter_clear(struct mlxsw_sp *mlxsw_sp,
unsigned int counter_index)
{
char ricnt_pl[MLXSW_REG_RICNT_LEN];
mlxsw_reg_ricnt_pack(ricnt_pl, counter_index,
MLXSW_REG_RICNT_OPCODE_CLEAR);
return mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(ricnt), ricnt_pl);
}
Reported by FlawFinder.
Line: 320
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mlxsw_sp_prefix_usage_cpy(struct mlxsw_sp_prefix_usage *prefix_usage1,
struct mlxsw_sp_prefix_usage *prefix_usage2)
{
memcpy(prefix_usage1, prefix_usage2, sizeof(*prefix_usage1));
}
static void
mlxsw_sp_prefix_usage_set(struct mlxsw_sp_prefix_usage *prefix_usage,
unsigned char prefix_len)
Reported by FlawFinder.
Line: 338
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
struct mlxsw_sp_fib_key {
unsigned char addr[sizeof(struct in6_addr)];
unsigned char prefix_len;
};
enum mlxsw_sp_fib_entry_type {
MLXSW_SP_FIB_ENTRY_TYPE_REMOTE,
Reported by FlawFinder.
Line: 576
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct mlxsw_sp_router_ll_ops *ll_ops,
struct mlxsw_sp_lpm_tree *lpm_tree)
{
char xralta_pl[MLXSW_REG_XRALTA_LEN];
mlxsw_reg_xralta_pack(xralta_pl, true,
(enum mlxsw_reg_ralxx_protocol) lpm_tree->proto,
lpm_tree->id);
return ll_ops->ralta_write(mlxsw_sp, xralta_pl);
Reported by FlawFinder.
Line: 588
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct mlxsw_sp_router_ll_ops *ll_ops,
struct mlxsw_sp_lpm_tree *lpm_tree)
{
char xralta_pl[MLXSW_REG_XRALTA_LEN];
mlxsw_reg_xralta_pack(xralta_pl, false,
(enum mlxsw_reg_ralxx_protocol) lpm_tree->proto,
lpm_tree->id);
ll_ops->ralta_write(mlxsw_sp, xralta_pl);
Reported by FlawFinder.
Line: 602
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_sp_prefix_usage *prefix_usage,
struct mlxsw_sp_lpm_tree *lpm_tree)
{
char xralst_pl[MLXSW_REG_XRALST_LEN];
u8 root_bin = 0;
u8 prefix;
u8 last_prefix = MLXSW_REG_RALST_BIN_NO_CHILD;
mlxsw_sp_prefix_usage_for_each(prefix, prefix_usage)
Reported by FlawFinder.
Line: 784
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mlxsw_sp_vr_lpm_tree_bind(struct mlxsw_sp *mlxsw_sp,
const struct mlxsw_sp_fib *fib, u8 tree_id)
{
char xraltb_pl[MLXSW_REG_XRALTB_LEN];
mlxsw_reg_xraltb_pack(xraltb_pl, fib->vr->id,
(enum mlxsw_reg_ralxx_protocol) fib->proto,
tree_id);
return fib->ll_ops->raltb_write(mlxsw_sp, xraltb_pl);
Reported by FlawFinder.