The following issues were found
tools/testing/selftests/futex/functional/futex_requeue_pi.c
9 issues
Line: 363
Column: 14
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
{
int c, ret;
while ((c = getopt(argc, argv, "bchlot:v:")) != -1) {
switch (c) {
case 'b':
broadcast = 1;
break;
case 'c':
Reported by FlawFinder.
Line: 382
Column: 17
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
locked = 0;
break;
case 't':
timeout_ns = atoi(optarg);
break;
case 'v':
log_verbosity(atoi(optarg));
break;
default:
Reported by FlawFinder.
Line: 385
Column: 18
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
timeout_ns = atoi(optarg);
break;
case 'v':
log_verbosity(atoi(optarg));
break;
default:
usage(basename(argv[0]));
exit(1);
}
Reported by FlawFinder.
Line: 117
Column: 2
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
/* Each thread sleeps for a different amount of time
* This is to avoid races, because we don't lock the
* external mutex here */
usleep(1000 * (long)args->id);
old_val = f1;
atomic_inc(&waiters_blocked);
info("Calling futex_wait_requeue_pi: %p (%u) -> %p\n",
&f1, f1, &f2);
Reported by FlawFinder.
Line: 155
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
info("Waker: waiting for waiters to block\n");
while (waiters_blocked.val < THREAD_MAX)
usleep(1000);
usleep(1000);
info("Waker: Calling broadcast\n");
if (args->lock) {
info("Calling FUTEX_LOCK_PI on mutex=%x @ %p\n", f2, &f2);
Reported by FlawFinder.
Line: 156
Column: 2
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
info("Waker: waiting for waiters to block\n");
while (waiters_blocked.val < THREAD_MAX)
usleep(1000);
usleep(1000);
info("Waker: Calling broadcast\n");
if (args->lock) {
info("Calling FUTEX_LOCK_PI on mutex=%x @ %p\n", f2, &f2);
futex_lock_pi(&f2, NULL, 0, FUTEX_PRIVATE_FLAG);
Reported by FlawFinder.
Line: 203
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
info("Waker: waiting for waiters to block\n");
while (waiters_blocked.val < THREAD_MAX)
usleep(1000);
usleep(1000);
while (task_count < THREAD_MAX && waiters_woken.val < THREAD_MAX) {
info("task_count: %d, waiters_woken: %d\n",
task_count, waiters_woken.val);
Reported by FlawFinder.
Line: 204
Column: 2
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
info("Waker: waiting for waiters to block\n");
while (waiters_blocked.val < THREAD_MAX)
usleep(1000);
usleep(1000);
while (task_count < THREAD_MAX && waiters_woken.val < THREAD_MAX) {
info("task_count: %d, waiters_woken: %d\n",
task_count, waiters_woken.val);
if (args->lock) {
Reported by FlawFinder.
Line: 236
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
}
task_count += args->ret;
usleep(SIGNAL_PERIOD_US);
i++;
/* we have to loop at least THREAD_MAX times */
if (i > MAX_WAKE_ITERS + THREAD_MAX) {
error("max signaling iterations (%d) reached, giving up on pending waiters.\n",
0, MAX_WAKE_ITERS + THREAD_MAX);
Reported by FlawFinder.
tools/testing/selftests/tc-testing/plugin-lib/rootPlugin.py
9 issues
Line: 3
Column: 1
import os
import sys
from TdcPlugin import TdcPlugin
from tdc_config import *
class SubPlugin(TdcPlugin):
def __init__(self):
Reported by Pylint.
Line: 5
Column: 1
import sys
from TdcPlugin import TdcPlugin
from tdc_config import *
class SubPlugin(TdcPlugin):
def __init__(self):
self.sub_class = 'root/SubPlugin'
Reported by Pylint.
Line: 5
Column: 1
import sys
from TdcPlugin import TdcPlugin
from tdc_config import *
class SubPlugin(TdcPlugin):
def __init__(self):
self.sub_class = 'root/SubPlugin'
Reported by Pylint.
Line: 1
Column: 1
import os
import sys
from TdcPlugin import TdcPlugin
from tdc_config import *
class SubPlugin(TdcPlugin):
def __init__(self):
Reported by Pylint.
Line: 1
Column: 1
import os
import sys
from TdcPlugin import TdcPlugin
from tdc_config import *
class SubPlugin(TdcPlugin):
def __init__(self):
Reported by Pylint.
Line: 8
Column: 1
from tdc_config import *
class SubPlugin(TdcPlugin):
def __init__(self):
self.sub_class = 'root/SubPlugin'
super().__init__()
def pre_suite(self, testcount, testidlist):
Reported by Pylint.
Line: 8
Column: 1
from tdc_config import *
class SubPlugin(TdcPlugin):
def __init__(self):
self.sub_class = 'root/SubPlugin'
super().__init__()
def pre_suite(self, testcount, testidlist):
Reported by Pylint.
Line: 13
Column: 5
self.sub_class = 'root/SubPlugin'
super().__init__()
def pre_suite(self, testcount, testidlist):
# run commands before test_runner goes into a test loop
super().pre_suite(testcount, testidlist)
if os.geteuid():
print('This script must be run with root privileges', file=sys.stderr)
Reported by Pylint.
Line: 19
Column: 13
if os.geteuid():
print('This script must be run with root privileges', file=sys.stderr)
exit(1)
Reported by Pylint.
tools/lib/perf/include/perf/event.h
9 issues
Line: 19
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u64 start;
__u64 len;
__u64 pgoff;
char filename[PATH_MAX];
};
struct perf_record_mmap2 {
struct perf_event_header header;
__u32 pid, tid;
Reported by FlawFinder.
Line: 44
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
__u32 prot;
__u32 flags;
char filename[PATH_MAX];
};
struct perf_record_comm {
struct perf_event_header header;
__u32 pid, tid;
Reported by FlawFinder.
Line: 50
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct perf_record_comm {
struct perf_event_header header;
__u32 pid, tid;
char comm[16];
};
struct perf_record_namespaces {
struct perf_event_header header;
__u32 pid, tid;
Reported by FlawFinder.
Line: 107
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 len;
__u16 ksym_type;
__u16 flags;
char name[KSYM_NAME_LEN];
};
struct perf_record_bpf_event {
struct perf_event_header header;
__u16 type;
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct perf_record_cgroup {
struct perf_event_header header;
__u64 id;
char path[PATH_MAX];
};
struct perf_record_text_poke_event {
struct perf_event_header header;
__u64 addr;
Reported by FlawFinder.
Line: 203
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct perf_trace_event_type {
__u64 event_id;
char name[MAX_EVENT_NAME];
};
struct perf_record_header_event_type {
struct perf_event_header header;
struct perf_trace_event_type event_type;
Reported by FlawFinder.
Line: 276
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 fmt;
__u64 ip;
__u64 time;
char msg[MAX_AUXTRACE_ERROR_MSG];
};
struct perf_record_aux {
struct perf_event_header header;
__u64 aux_offset;
Reported by FlawFinder.
Line: 294
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct perf_record_thread_map_entry {
__u64 pid;
char comm[16];
};
struct perf_record_thread_map {
struct perf_event_header header;
__u64 nr;
Reported by FlawFinder.
Line: 400
Column: 28
CWE codes:
120
20
struct perf_record_fork fork;
struct perf_record_lost lost;
struct perf_record_lost_samples lost_samples;
struct perf_record_read read;
struct perf_record_throttle throttle;
struct perf_record_sample sample;
struct perf_record_bpf_event bpf;
struct perf_record_ksymbol ksymbol;
struct perf_record_text_poke_event text_poke;
Reported by FlawFinder.
tools/perf/util/data.c
9 issues
Line: 58
Column: 9
CWE codes:
362
if (ret < 0)
goto out_err;
ret = open(file->path, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
if (ret < 0)
goto out_err;
file->fd = ret;
}
Reported by FlawFinder.
Line: 100
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
while ((dent = readdir(dir)) != NULL) {
struct perf_data_file *file;
char path[PATH_MAX];
struct stat st;
snprintf(path, sizeof(path), "%s/%s", data->path, dent->d_name);
if (stat(path, &st))
continue;
Reported by FlawFinder.
Line: 123
Column: 9
CWE codes:
362
if (!file->path)
goto out_err;
ret = open(file->path, O_RDONLY);
if (ret < 0)
goto out_err;
file->fd = ret;
file->size = st.st_size;
Reported by FlawFinder.
Line: 205
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return 0;
if (!stat(data->path, &st) && st.st_size) {
char oldname[PATH_MAX];
int ret;
snprintf(oldname, sizeof(oldname), "%s.old",
data->path);
Reported by FlawFinder.
Line: 246
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int flags = data->in_place_update ? O_RDWR : O_RDONLY;
struct stat st;
int fd;
char sbuf[STRERR_BUFSIZE];
fd = open(data->file.path, flags);
if (fd < 0) {
int err = errno;
Reported by FlawFinder.
Line: 248
Column: 7
CWE codes:
362
int fd;
char sbuf[STRERR_BUFSIZE];
fd = open(data->file.path, flags);
if (fd < 0) {
int err = errno;
pr_err("failed to open %s: %s", data->file.path,
str_error_r(err, sbuf, sizeof(sbuf)));
Reported by FlawFinder.
Line: 286
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int open_file_write(struct perf_data *data)
{
int fd;
char sbuf[STRERR_BUFSIZE];
fd = open(data->file.path, O_CREAT|O_RDWR|O_TRUNC|O_CLOEXEC,
S_IRUSR|S_IWUSR);
if (fd < 0)
Reported by FlawFinder.
Line: 288
Column: 7
CWE codes:
362
int fd;
char sbuf[STRERR_BUFSIZE];
fd = open(data->file.path, O_CREAT|O_RDWR|O_TRUNC|O_CLOEXEC,
S_IRUSR|S_IWUSR);
if (fd < 0)
pr_err("failed to open %s : %s\n", data->file.path,
str_error_r(errno, sbuf, sizeof(sbuf)));
Reported by FlawFinder.
Line: 504
Column: 9
CWE codes:
362
FILE *file;
u64 magic;
file = fopen(path, "r");
if (!file)
return false;
if (fread(&magic, 1, 8, file) < 8)
goto out;
Reported by FlawFinder.
tools/power/cpupower/utils/cpupower.c
9 issues
Line: 96
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
sprintf(page, "cpupower");
if ((subpage != NULL) && strcmp(subpage, "help")) {
strcat(page, "-");
strcat(page, subpage);
}
execlp("man", "man", page, NULL);
/* should not be reached */
Reported by FlawFinder.
Line: 99
Column: 2
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
strcat(page, subpage);
}
execlp("man", "man", page, NULL);
/* should not be reached */
return -EINVAL;
}
Reported by FlawFinder.
Line: 118
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
static void print_version(void)
{
printf(PACKAGE " " VERSION "\n");
printf(_("Report errors and bugs to %s, please.\n"), PACKAGE_BUGREPORT);
}
static void handle_options(int *argc, const char ***argv)
{
Reported by FlawFinder.
Line: 220
Column: 8
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
sprintf(pathname, "/dev/cpu/%d/msr", base_cpu);
if (!ret && !strcmp(uts.machine, "x86_64") &&
stat(pathname, &statbuf) != 0) {
if (system("modprobe msr") == -1)
fprintf(stderr, _("MSR access not available.\n"));
}
}
for (i = 0; i < ARRAY_SIZE(commands); i++) {
Reported by FlawFinder.
Line: 93
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!page)
return -ENOMEM;
sprintf(page, "cpupower");
if ((subpage != NULL) && strcmp(subpage, "help")) {
strcat(page, "-");
strcat(page, subpage);
}
Reported by FlawFinder.
Line: 180
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int i, ret;
struct stat statbuf;
struct utsname uts;
char pathname[32];
cpus_chosen = bitmask_alloc(sysconf(_SC_NPROCESSORS_CONF));
online_cpus = bitmask_alloc(sysconf(_SC_NPROCESSORS_CONF));
offline_cpus = bitmask_alloc(sysconf(_SC_NPROCESSORS_CONF));
Reported by FlawFinder.
Line: 217
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
run_as_root = !geteuid();
if (run_as_root) {
ret = uname(&uts);
sprintf(pathname, "/dev/cpu/%d/msr", base_cpu);
if (!ret && !strcmp(uts.machine, "x86_64") &&
stat(pathname, &statbuf) != 0) {
if (system("modprobe msr") == -1)
fprintf(stderr, _("MSR access not available.\n"));
}
Reported by FlawFinder.
Line: 87
Column: 10
CWE codes:
126
len = 10; /* enough for "cpupower-" */
if (subpage != NULL)
len += strlen(subpage);
page = malloc(len);
if (!page)
return -ENOMEM;
Reported by FlawFinder.
Line: 95
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
sprintf(page, "cpupower");
if ((subpage != NULL) && strcmp(subpage, "help")) {
strcat(page, "-");
strcat(page, subpage);
}
execlp("man", "man", page, NULL);
Reported by FlawFinder.
tools/perf/util/bpf-loader.c
9 issues
Line: 458
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return err;
}
memcpy(&buf[prologue_cnt], orig_insns,
sizeof(struct bpf_insn) * orig_insns_cnt);
res->new_insn_ptr = buf;
res->new_insn_cnt = prologue_cnt + orig_insns_cnt;
res->pfd = NULL;
Reported by FlawFinder.
Line: 701
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; i < priv->pev.ntevs; i++) {
struct probe_trace_event *tev = &priv->pev.tevs[i];
char name_buf[EVENTS_WRITE_BUFSIZE];
struct strfilter *delfilter;
snprintf(name_buf, EVENTS_WRITE_BUFSIZE,
"%s:%s", tev->group, tev->event);
name_buf[EVENTS_WRITE_BUFSIZE - 1] = '\0';
Reported by FlawFinder.
Line: 733
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
err = bpf_object__load(obj);
if (err) {
char bf[128];
libbpf_strerror(err, bf, sizeof(bf));
pr_debug("bpf: load objects failed: err=%d: (%s)\n", err, bf);
return err;
}
return 0;
Reported by FlawFinder.
Line: 1607
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define ERRCODE_OFFSET(c) ERRNO_OFFSET(BPF_LOADER_ERRNO__##c)
#define NR_ERRNO (__BPF_LOADER_ERRNO__END - __BPF_LOADER_ERRNO__START)
static const char *bpf_loader_strerror_table[NR_ERRNO] = {
[ERRCODE_OFFSET(CONFIG)] = "Invalid config string",
[ERRCODE_OFFSET(GROUP)] = "Invalid group name",
[ERRCODE_OFFSET(EVENTNAME)] = "No event name found in config string",
[ERRCODE_OFFSET(INTERNAL)] = "BPF loader internal error",
[ERRCODE_OFFSET(COMPILE)] = "Error when compiling BPF scriptlet",
Reported by FlawFinder.
Line: 1636
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int
bpf_loader_strerror(int err, char *buf, size_t size)
{
char sbuf[STRERR_BUFSIZE];
const char *msg;
if (!buf || !size)
return -1;
Reported by FlawFinder.
Line: 1665
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
#define bpf__strerror_head(err, buf, size) \
char sbuf[STRERR_BUFSIZE], *emsg;\
if (!size)\
return 0;\
if (err < 0)\
err = -err;\
bpf_loader_strerror(err, sbuf, sizeof(sbuf));\
Reported by FlawFinder.
Line: 1198
Column: 19
CWE codes:
126
goto out;
}
*key_scan_pos += strlen(map_opt);
err = config_map_indices_range_check(term, map, map_name);
if (err)
goto out;
*key_scan_pos -= strlen(map_opt);
Reported by FlawFinder.
Line: 1202
Column: 19
CWE codes:
126
err = config_map_indices_range_check(term, map, map_name);
if (err)
goto out;
*key_scan_pos -= strlen(map_opt);
for (i = 0; i < ARRAY_SIZE(bpf_obj_config__map_funcs); i++) {
struct bpf_obj_config__map_func *func =
&bpf_obj_config__map_funcs[i];
Reported by FlawFinder.
Line: 1219
Column: 20
CWE codes:
126
out:
free(map_name);
if (!err)
*key_scan_pos += strlen(map_opt);
return err;
}
int bpf__config_obj(struct bpf_object *obj,
struct parse_events_term *term,
Reported by FlawFinder.
tools/testing/selftests/landlock/base_test.c
9 issues
Line: 178
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ruleset_fd_tx, dir_fd;
union {
/* Aligned ancillary data buffer. */
char buf[CMSG_SPACE(sizeof(ruleset_fd_tx))];
struct cmsghdr _align;
} cmsg_tx = {};
char data_tx = '.';
struct iovec io = {
.iov_base = &data_tx,
Reported by FlawFinder.
Line: 203
Column: 32
CWE codes:
362
ruleset_fd_tx = landlock_create_ruleset(&ruleset_attr,
sizeof(ruleset_attr), 0);
ASSERT_LE(0, ruleset_fd_tx);
path_beneath_attr.parent_fd = open("/tmp", O_PATH | O_NOFOLLOW |
O_DIRECTORY | O_CLOEXEC);
ASSERT_LE(0, path_beneath_attr.parent_fd);
ASSERT_EQ(0, landlock_add_rule(ruleset_fd_tx, LANDLOCK_RULE_PATH_BENEATH,
&path_beneath_attr, 0));
ASSERT_EQ(0, close(path_beneath_attr.parent_fd));
Reported by FlawFinder.
Line: 215
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmsg->cmsg_len = CMSG_LEN(sizeof(ruleset_fd_tx));
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_RIGHTS;
memcpy(CMSG_DATA(cmsg), &ruleset_fd_tx, sizeof(ruleset_fd_tx));
/* Sends the ruleset FD over a socketpair and then close it. */
ASSERT_EQ(0, socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, socket_fds));
ASSERT_EQ(sizeof(data_tx), sendmsg(socket_fds[0], &msg, 0));
ASSERT_EQ(0, close(socket_fds[0]));
Reported by FlawFinder.
Line: 234
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ASSERT_EQ(0, close(socket_fds[1]));
cmsg = CMSG_FIRSTHDR(&msg);
ASSERT_EQ(cmsg->cmsg_len, CMSG_LEN(sizeof(ruleset_fd_tx)));
memcpy(&ruleset_fd_rx, CMSG_DATA(cmsg), sizeof(ruleset_fd_tx));
/* Enforces the received ruleset on the child. */
ASSERT_EQ(0, prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0));
ASSERT_EQ(0, landlock_restrict_self(ruleset_fd_rx, 0));
ASSERT_EQ(0, close(ruleset_fd_rx));
Reported by FlawFinder.
Line: 242
Column: 17
CWE codes:
362
ASSERT_EQ(0, close(ruleset_fd_rx));
/* Checks that the ruleset enforcement. */
ASSERT_EQ(-1, open("/", O_RDONLY | O_DIRECTORY | O_CLOEXEC));
ASSERT_EQ(EACCES, errno);
dir_fd = open("/tmp", O_RDONLY | O_DIRECTORY | O_CLOEXEC);
ASSERT_LE(0, dir_fd);
ASSERT_EQ(0, close(dir_fd));
_exit(_metadata->passed ? EXIT_SUCCESS : EXIT_FAILURE);
Reported by FlawFinder.
Line: 244
Column: 12
CWE codes:
362
/* Checks that the ruleset enforcement. */
ASSERT_EQ(-1, open("/", O_RDONLY | O_DIRECTORY | O_CLOEXEC));
ASSERT_EQ(EACCES, errno);
dir_fd = open("/tmp", O_RDONLY | O_DIRECTORY | O_CLOEXEC);
ASSERT_LE(0, dir_fd);
ASSERT_EQ(0, close(dir_fd));
_exit(_metadata->passed ? EXIT_SUCCESS : EXIT_FAILURE);
return;
}
Reported by FlawFinder.
Line: 254
Column: 11
CWE codes:
362
ASSERT_EQ(0, close(socket_fds[1]));
/* Checks that the parent is unrestricted. */
dir_fd = open("/", O_RDONLY | O_DIRECTORY | O_CLOEXEC);
ASSERT_LE(0, dir_fd);
ASSERT_EQ(0, close(dir_fd));
dir_fd = open("/tmp", O_RDONLY | O_DIRECTORY | O_CLOEXEC);
ASSERT_LE(0, dir_fd);
ASSERT_EQ(0, close(dir_fd));
Reported by FlawFinder.
Line: 257
Column: 11
CWE codes:
362
dir_fd = open("/", O_RDONLY | O_DIRECTORY | O_CLOEXEC);
ASSERT_LE(0, dir_fd);
ASSERT_EQ(0, close(dir_fd));
dir_fd = open("/tmp", O_RDONLY | O_DIRECTORY | O_CLOEXEC);
ASSERT_LE(0, dir_fd);
ASSERT_EQ(0, close(dir_fd));
ASSERT_EQ(child, waitpid(child, &status, 0));
ASSERT_EQ(1, WIFEXITED(status));
Reported by FlawFinder.
Line: 160
Column: 16
CWE codes:
120
20
ASSERT_EQ(-1, write(ruleset_fd, ".", 1));
ASSERT_EQ(EINVAL, errno);
ASSERT_EQ(-1, read(ruleset_fd, &buf, 1));
ASSERT_EQ(EINVAL, errno);
ASSERT_EQ(0, close(ruleset_fd));
}
Reported by FlawFinder.
tools/testing/selftests/dma/dma_map_benchmark.c
9 issues
Line: 61
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
int cmd = DMA_MAP_BENCHMARK;
char *p;
while ((opt = getopt(argc, argv, "t:s:n:b:d:x:g:")) != -1) {
switch (opt) {
case 't':
threads = atoi(optarg);
break;
case 's':
Reported by FlawFinder.
Line: 64
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
while ((opt = getopt(argc, argv, "t:s:n:b:d:x:g:")) != -1) {
switch (opt) {
case 't':
threads = atoi(optarg);
break;
case 's':
seconds = atoi(optarg);
break;
case 'n':
Reported by FlawFinder.
Line: 67
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
threads = atoi(optarg);
break;
case 's':
seconds = atoi(optarg);
break;
case 'n':
node = atoi(optarg);
break;
case 'b':
Reported by FlawFinder.
Line: 70
Column: 11
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
seconds = atoi(optarg);
break;
case 'n':
node = atoi(optarg);
break;
case 'b':
bits = atoi(optarg);
break;
case 'd':
Reported by FlawFinder.
Line: 73
Column: 11
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
node = atoi(optarg);
break;
case 'b':
bits = atoi(optarg);
break;
case 'd':
dir = atoi(optarg);
break;
case 'x':
Reported by FlawFinder.
Line: 76
Column: 10
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
bits = atoi(optarg);
break;
case 'd':
dir = atoi(optarg);
break;
case 'x':
xdelay = atoi(optarg);
break;
case 'g':
Reported by FlawFinder.
Line: 79
Column: 13
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
dir = atoi(optarg);
break;
case 'x':
xdelay = atoi(optarg);
break;
case 'g':
granule = atoi(optarg);
break;
default:
Reported by FlawFinder.
Line: 82
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
xdelay = atoi(optarg);
break;
case 'g':
granule = atoi(optarg);
break;
default:
return -1;
}
}
Reported by FlawFinder.
Line: 124
Column: 7
CWE codes:
362
exit(1);
}
fd = open("/sys/kernel/debug/dma_map_benchmark", O_RDWR);
if (fd == -1) {
perror("open");
exit(1);
}
Reported by FlawFinder.
tools/testing/selftests/bpf/prog_tests/tcp_hdr_options.c
9 issues
Line: 50
Column: 12
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
strerror(errno), errno))
return -1;
if (CHECK(system("ip link set dev lo up"), "run ip cmd",
"failed to bring lo link up\n"))
return -1;
return 0;
}
Reported by FlawFinder.
Line: 61
Column: 7
CWE codes:
362
{
int fd, err, len;
fd = open(sysctl, O_WRONLY);
if (CHECK(fd == -1, "open sysctl", "open(%s): %s (%d)\n",
sysctl, strerror(errno), errno))
return -1;
len = strlen(value);
Reported by FlawFinder.
Line: 160
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
goto error_close;
if (fast_open) {
char bytes_in[sizeof(fast)];
int ret;
ret = read(sk_fds->passive_fd, bytes_in, sizeof(bytes_in));
if (CHECK(ret != sizeof(fast), "read fastopen syn data",
"expected=%lu actual=%d\n", sizeof(fast), ret)) {
Reported by FlawFinder.
Line: 496
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void misc(void)
{
const char send_msg[] = "MISC!!!";
char recv_msg[sizeof(send_msg)];
const unsigned int nr_data = 2;
struct bpf_link *link;
struct sk_fds sk_fds;
int i, ret;
Reported by FlawFinder.
Line: 66
Column: 8
CWE codes:
126
sysctl, strerror(errno), errno))
return -1;
len = strlen(value);
err = write(fd, value, len);
close(fd);
if (CHECK(err != len, "write sysctl",
"write(%s, %s): err:%d %s (%d)\n",
sysctl, value, err, strerror(errno), errno))
Reported by FlawFinder.
Line: 102
Column: 8
CWE codes:
120
20
int ret, abyte;
shutdown(sk_fds->active_fd, SHUT_WR);
ret = read(sk_fds->passive_fd, &abyte, sizeof(abyte));
if (CHECK(ret != 0, "read-after-shutdown(passive_fd):",
"ret:%d %s (%d)\n",
ret, strerror(errno), errno))
return -1;
Reported by FlawFinder.
Line: 109
Column: 8
CWE codes:
120
20
return -1;
shutdown(sk_fds->passive_fd, SHUT_WR);
ret = read(sk_fds->active_fd, &abyte, sizeof(abyte));
if (CHECK(ret != 0, "read-after-shutdown(active_fd):",
"ret:%d %s (%d)\n",
ret, strerror(errno), errno))
return -1;
Reported by FlawFinder.
Line: 163
Column: 9
CWE codes:
120
20
char bytes_in[sizeof(fast)];
int ret;
ret = read(sk_fds->passive_fd, bytes_in, sizeof(bytes_in));
if (CHECK(ret != sizeof(fast), "read fastopen syn data",
"expected=%lu actual=%d\n", sizeof(fast), ret)) {
close(sk_fds->passive_fd);
goto error_close;
}
Reported by FlawFinder.
Line: 524
Column: 9
CWE codes:
120
20
ret))
goto check_linum;
ret = read(sk_fds.passive_fd, recv_msg, sizeof(recv_msg));
if (CHECK(ret != sizeof(send_msg), "read(msg)", "ret:%d\n",
ret))
goto check_linum;
}
Reported by FlawFinder.
tools/firewire/nosy-dump.c
9 issues
Line: 950
CWE codes:
775
output = fopen(option_output, "w");
if (output == NULL) {
fprintf(stderr, "Could not open %s, %m\n", option_output);
return -1;
}
}
setvbuf(stdout, NULL, _IOLBF, BUFSIZ);
Reported by Cppcheck.
Line: 852
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
return;
last_update = now;
printf(CLEAR HIDE_CURSOR
" bus resets : %8d\n"
" short packets : %8d\n"
" phy packets : %8d\n",
bus_reset_count, short_packet_count, phy_packet_count);
Reported by FlawFinder.
Line: 861
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
for (i = 0; i < array_length(packet_info); i++)
if (packet_info[i].type != PACKET_RESERVED)
printf(" %-24s: %8d\n", packet_info[i].name, tcode_count[i]);
printf(SHOW_CURSOR "\n");
}
static struct termios saved_attributes;
static void
Reported by FlawFinder.
Line: 144
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
exit(EXIT_FAILURE);
sa->ack = data[length / 4 - 1];
sa->length = length;
memcpy(&sa->packet, data, length);
return sa;
}
static void
Reported by FlawFinder.
Line: 925
Column: 11
CWE codes:
362
"endian machines\n");
if (option_input != NULL) {
input = fopen(option_input, "r");
if (input == NULL) {
fprintf(stderr, "Could not open %s, %m\n", option_input);
return -1;
}
} else {
Reported by FlawFinder.
Line: 931
Column: 8
CWE codes:
362
return -1;
}
} else {
fd = open(option_nosy_device, O_RDWR);
if (fd < 0) {
fprintf(stderr, "Could not open %s, %m\n", option_nosy_device);
return -1;
}
set_input_mode();
Reported by FlawFinder.
Line: 947
Column: 12
CWE codes:
362
view = VIEW_PACKET;
if (option_output) {
output = fopen(option_output, "w");
if (output == NULL) {
fprintf(stderr, "Could not open %s, %m\n", option_output);
return -1;
}
}
Reported by FlawFinder.
Line: 981
Column: 5
CWE codes:
120
20
} else {
poll(pollfds, 2, -1);
if (pollfds[1].revents) {
read(STDIN_FILENO, &c, sizeof c);
switch (c) {
case 'q':
if (output != NULL)
fclose(output);
return 0;
Reported by FlawFinder.