The following issues were found
drivers/net/ethernet/marvell/mv643xx_eth.c
8 issues
Line: 2965
CWE codes:
908
/* Historical default if unspecified. We could also read/write
* the interface state in the PSC1
*/
if (!dev->of_node || err)
iface = PHY_INTERFACE_MODE_GMII;
return iface;
}
static struct phy_device *phy_scan(struct mv643xx_eth_private *mp,
Reported by Cppcheck.
Line: 2992
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
for (i = 0; i < num; i++) {
int addr = (start + i) & 0x1f;
snprintf(phy_id, sizeof(phy_id), PHY_ID_FMT,
"orion-mdio-mii", addr);
phydev = phy_connect(mp->dev, phy_id, mv643xx_eth_adjust_link,
get_phy_mode(mp));
if (!IS_ERR(phydev)) {
Reported by FlawFinder.
Line: 745
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (length <= 8 && (uintptr_t)data & 0x7) {
/* Copy unaligned small data fragment to TSO header data area */
memcpy(txq->tso_hdrs + tx_index * TSO_HEADER_SIZE,
data, length);
desc->buf_ptr = txq->tso_hdrs_dma
+ tx_index * TSO_HEADER_SIZE;
} else {
/* Alignment is okay, map buffer and hand off to hardware */
Reported by FlawFinder.
Line: 1424
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* ethtool ******************************************************************/
struct mv643xx_eth_stats {
char stat_string[ETH_GSTRING_LEN];
int sizeof_stat;
int netdev_off;
int mp_off;
};
Reported by FlawFinder.
Line: 1694
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (stringset == ETH_SS_STATS) {
for (i = 0; i < ARRAY_SIZE(mv643xx_eth_stats); i++) {
memcpy(data + i * ETH_GSTRING_LEN,
mv643xx_eth_stats[i].stat_string,
ETH_GSTRING_LEN);
}
}
}
Reported by FlawFinder.
Line: 1918
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(sa->sa_data))
return -EADDRNOTAVAIL;
memcpy(dev->dev_addr, sa->sa_data, ETH_ALEN);
netif_addr_lock_bh(dev);
mv643xx_eth_program_unicast_filter(dev);
netif_addr_unlock_bh(dev);
Reported by FlawFinder.
Line: 2925
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int tx_ring_size;
if (is_valid_ether_addr(pd->mac_addr))
memcpy(dev->dev_addr, pd->mac_addr, ETH_ALEN);
else
uc_addr_get(mp, dev->dev_addr);
mp->rx_ring_size = DEFAULT_RX_QUEUE_SIZE;
if (pd->rx_queue_size)
Reported by FlawFinder.
Line: 2977
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int start;
int num;
int i;
char phy_id[MII_BUS_ID_SIZE + 3];
if (phy_addr == MV643XX_ETH_PHY_ADDR_DEFAULT) {
start = phy_addr_get(mp) & 0x1f;
num = 32;
} else {
Reported by FlawFinder.
drivers/net/ethernet/intel/iavf/iavf_adv_rss.c
8 issues
Line: 190
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
memset(hash_opt, 0, sizeof(hash_opt));
strcat(hash_opt, proto);
if (packet_hdrs & IAVF_ADV_RSS_FLOW_SEG_HDR_IPV4)
strcat(hash_opt, "v4 ");
else
strcat(hash_opt, "v6 ");
Reported by FlawFinder.
Line: 176
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
u32 packet_hdrs = rss->packet_hdrs;
u64 hash_flds = rss->hash_flds;
static char hash_opt[300];
const char *proto;
if (packet_hdrs & IAVF_ADV_RSS_FLOW_SEG_HDR_TCP)
proto = "TCP";
else if (packet_hdrs & IAVF_ADV_RSS_FLOW_SEG_HDR_UDP)
Reported by FlawFinder.
Line: 192
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(hash_opt, proto);
if (packet_hdrs & IAVF_ADV_RSS_FLOW_SEG_HDR_IPV4)
strcat(hash_opt, "v4 ");
else
strcat(hash_opt, "v6 ");
if (hash_flds & (IAVF_ADV_RSS_HASH_FLD_IPV4_SA |
IAVF_ADV_RSS_HASH_FLD_IPV6_SA))
Reported by FlawFinder.
Line: 194
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (packet_hdrs & IAVF_ADV_RSS_FLOW_SEG_HDR_IPV4)
strcat(hash_opt, "v4 ");
else
strcat(hash_opt, "v6 ");
if (hash_flds & (IAVF_ADV_RSS_HASH_FLD_IPV4_SA |
IAVF_ADV_RSS_HASH_FLD_IPV6_SA))
strcat(hash_opt, "IP SA,");
if (hash_flds & (IAVF_ADV_RSS_HASH_FLD_IPV4_DA |
Reported by FlawFinder.
Line: 198
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (hash_flds & (IAVF_ADV_RSS_HASH_FLD_IPV4_SA |
IAVF_ADV_RSS_HASH_FLD_IPV6_SA))
strcat(hash_opt, "IP SA,");
if (hash_flds & (IAVF_ADV_RSS_HASH_FLD_IPV4_DA |
IAVF_ADV_RSS_HASH_FLD_IPV6_DA))
strcat(hash_opt, "IP DA,");
if (hash_flds & (IAVF_ADV_RSS_HASH_FLD_TCP_SRC_PORT |
IAVF_ADV_RSS_HASH_FLD_UDP_SRC_PORT |
Reported by FlawFinder.
Line: 201
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(hash_opt, "IP SA,");
if (hash_flds & (IAVF_ADV_RSS_HASH_FLD_IPV4_DA |
IAVF_ADV_RSS_HASH_FLD_IPV6_DA))
strcat(hash_opt, "IP DA,");
if (hash_flds & (IAVF_ADV_RSS_HASH_FLD_TCP_SRC_PORT |
IAVF_ADV_RSS_HASH_FLD_UDP_SRC_PORT |
IAVF_ADV_RSS_HASH_FLD_SCTP_SRC_PORT))
strcat(hash_opt, "src port,");
if (hash_flds & (IAVF_ADV_RSS_HASH_FLD_TCP_DST_PORT |
Reported by FlawFinder.
Line: 205
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (hash_flds & (IAVF_ADV_RSS_HASH_FLD_TCP_SRC_PORT |
IAVF_ADV_RSS_HASH_FLD_UDP_SRC_PORT |
IAVF_ADV_RSS_HASH_FLD_SCTP_SRC_PORT))
strcat(hash_opt, "src port,");
if (hash_flds & (IAVF_ADV_RSS_HASH_FLD_TCP_DST_PORT |
IAVF_ADV_RSS_HASH_FLD_UDP_DST_PORT |
IAVF_ADV_RSS_HASH_FLD_SCTP_DST_PORT))
strcat(hash_opt, "dst port,");
Reported by FlawFinder.
Line: 209
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (hash_flds & (IAVF_ADV_RSS_HASH_FLD_TCP_DST_PORT |
IAVF_ADV_RSS_HASH_FLD_UDP_DST_PORT |
IAVF_ADV_RSS_HASH_FLD_SCTP_DST_PORT))
strcat(hash_opt, "dst port,");
if (!action)
action = "";
if (!result)
Reported by FlawFinder.
drivers/net/ethernet/netronome/nfp/nfp_devlink.c
8 issues
Line: 280
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
return -ENOMEM;
buf[0] = '\0';
strcat(buf, vendor);
strcat(buf, part);
strcat(buf, sn);
err = devlink_info_serial_number_put(req, buf);
kfree(buf);
Reported by FlawFinder.
Line: 281
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
buf[0] = '\0';
strcat(buf, vendor);
strcat(buf, part);
strcat(buf, sn);
err = devlink_info_serial_number_put(req, buf);
kfree(buf);
if (err)
Reported by FlawFinder.
Line: 282
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
buf[0] = '\0';
strcat(buf, vendor);
strcat(buf, part);
strcat(buf, sn);
err = devlink_info_serial_number_put(req, buf);
kfree(buf);
if (err)
return err;
Reported by FlawFinder.
Line: 23
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!eth_port)
return -EINVAL;
memcpy(copy, eth_port, sizeof(*eth_port));
return 0;
}
static int
Reported by FlawFinder.
Line: 372
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
attrs.phys.port_number = eth_port.label_port;
attrs.phys.split_subport_number = eth_port.label_subport;
serial_len = nfp_cpp_serial(port->app->cpp, &serial);
memcpy(attrs.switch_id.id, serial, serial_len);
attrs.switch_id.id_len = serial_len;
devlink_port_attrs_set(&port->dl_port, &attrs);
devlink = priv_to_devlink(app->pf);
Reported by FlawFinder.
Line: 274
Column: 34
CWE codes:
126
if (vendor && part && sn) {
char *buf;
buf = kmalloc(strlen(vendor) + strlen(part) + strlen(sn) + 1,
GFP_KERNEL);
if (!buf)
return -ENOMEM;
buf[0] = '\0';
Reported by FlawFinder.
Line: 274
Column: 17
CWE codes:
126
if (vendor && part && sn) {
char *buf;
buf = kmalloc(strlen(vendor) + strlen(part) + strlen(sn) + 1,
GFP_KERNEL);
if (!buf)
return -ENOMEM;
buf[0] = '\0';
Reported by FlawFinder.
Line: 274
Column: 49
CWE codes:
126
if (vendor && part && sn) {
char *buf;
buf = kmalloc(strlen(vendor) + strlen(part) + strlen(sn) + 1,
GFP_KERNEL);
if (!buf)
return -ENOMEM;
buf[0] = '\0';
Reported by FlawFinder.
drivers/net/hamradio/mkiss.c
8 issues
Line: 347
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
netif_tx_lock_bh(dev);
netif_addr_lock(dev);
memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
netif_addr_unlock(dev);
netif_tx_unlock_bh(dev);
return 0;
}
Reported by FlawFinder.
Line: 394
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ax->xleft) {
if (ax->xleft <= len) {
memcpy(ax->xbuff, ax->xhead, ax->xleft);
} else {
ax->xleft = 0;
dev->stats.tx_dropped++;
}
}
Reported by FlawFinder.
Line: 405
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ax->rcount) {
if (ax->rcount <= len) {
memcpy(ax->rbuff, orbuff, ax->rcount);
} else {
ax->rcount = 0;
dev->stats.rx_over_errors++;
set_bit(AXF_ERROR, &ax->flags);
}
Reported by FlawFinder.
Line: 649
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev->netdev_ops = &ax_netdev_ops;
memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
dev->flags = IFF_BROADCAST | IFF_MULTICAST;
}
Reported by FlawFinder.
Line: 650
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
dev->flags = IFF_BROADCAST | IFF_MULTICAST;
}
/*
Reported by FlawFinder.
Line: 844
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
break;
case SIOCSIFHWADDR: {
char addr[AX25_ADDR_LEN];
if (copy_from_user(&addr,
(void __user *) arg, AX25_ADDR_LEN)) {
err = -EFAULT;
break;
Reported by FlawFinder.
Line: 853
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
netif_tx_lock_bh(dev);
memcpy(dev->dev_addr, addr, AX25_ADDR_LEN);
netif_tx_unlock_bh(dev);
err = 0;
break;
}
Reported by FlawFinder.
Line: 821
Column: 22
CWE codes:
126
switch (cmd) {
case SIOCGIFNAME:
err = copy_to_user((void __user *) arg, ax->dev->name,
strlen(ax->dev->name) + 1) ? -EFAULT : 0;
break;
case SIOCGIFENCAP:
err = put_user(4, (int __user *) arg);
break;
Reported by FlawFinder.
drivers/net/netdevsim/dev.c
8 issues
Line: 227
Column: 2
CWE codes:
134
Suggestion:
Make format string constant
char dev_ddir_name[sizeof(DRV_NAME) + 10];
int err;
sprintf(dev_ddir_name, DRV_NAME "%u", nsim_dev->nsim_bus_dev->dev.id);
nsim_dev->ddir = debugfs_create_dir(dev_ddir_name, nsim_dev_ddir);
if (IS_ERR(nsim_dev->ddir))
return PTR_ERR(nsim_dev->ddir);
nsim_dev->ports_ddir = debugfs_create_dir("ports", nsim_dev->ddir);
if (IS_ERR(nsim_dev->ports_ddir))
Reported by FlawFinder.
Line: 224
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int nsim_dev_debugfs_init(struct nsim_dev *nsim_dev)
{
char dev_ddir_name[sizeof(DRV_NAME) + 10];
int err;
sprintf(dev_ddir_name, DRV_NAME "%u", nsim_dev->nsim_bus_dev->dev.id);
nsim_dev->ddir = debugfs_create_dir(dev_ddir_name, nsim_dev_ddir);
if (IS_ERR(nsim_dev->ddir))
Reported by FlawFinder.
Line: 317
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct nsim_bus_dev *nsim_bus_dev = nsim_dev->nsim_bus_dev;
unsigned int port_index = nsim_dev_port->port_index;
char port_ddir_name[16];
char dev_link_name[32];
sprintf(port_ddir_name, "%u", port_index);
nsim_dev_port->ddir = debugfs_create_dir(port_ddir_name,
nsim_dev->ports_ddir);
Reported by FlawFinder.
Line: 318
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nsim_bus_dev *nsim_bus_dev = nsim_dev->nsim_bus_dev;
unsigned int port_index = nsim_dev_port->port_index;
char port_ddir_name[16];
char dev_link_name[32];
sprintf(port_ddir_name, "%u", port_index);
nsim_dev_port->ddir = debugfs_create_dir(port_ddir_name,
nsim_dev->ports_ddir);
if (IS_ERR(nsim_dev_port->ddir))
Reported by FlawFinder.
Line: 320
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char port_ddir_name[16];
char dev_link_name[32];
sprintf(port_ddir_name, "%u", port_index);
nsim_dev_port->ddir = debugfs_create_dir(port_ddir_name,
nsim_dev->ports_ddir);
if (IS_ERR(nsim_dev_port->ddir))
return PTR_ERR(nsim_dev_port->ddir);
Reported by FlawFinder.
Line: 326
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ERR(nsim_dev_port->ddir))
return PTR_ERR(nsim_dev_port->ddir);
sprintf(dev_link_name, "../../../" DRV_NAME "%u", nsim_bus_dev->dev.id);
if (nsim_dev_port_is_vf(nsim_dev_port)) {
unsigned int vf_id = nsim_dev_port_index_to_vf_index(port_index);
debugfs_create_u16("tx_share", 0400, nsim_dev_port->ddir,
&nsim_bus_dev->vfconfigs[vf_id].min_tx_rate);
Reported by FlawFinder.
Line: 1283
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
attrs.pci_vf.pf = 0;
attrs.pci_vf.vf = port_index;
}
memcpy(attrs.switch_id.id, nsim_dev->switch_id.id, nsim_dev->switch_id.id_len);
attrs.switch_id.id_len = nsim_dev->switch_id.id_len;
devlink_port_attrs_set(devlink_port, &attrs);
err = devlink_port_register(priv_to_devlink(nsim_dev), devlink_port,
nsim_dev_port->port_index);
if (err)
Reported by FlawFinder.
Line: 301
Column: 8
CWE codes:
126
if (!*name_ptr)
return 0;
len = strlen(*name_ptr);
return simple_read_from_buffer(data, count, ppos, *name_ptr, len);
}
static const struct file_operations nsim_dev_rate_parent_fops = {
.open = simple_open,
Reported by FlawFinder.
drivers/net/phy/micrel.c
8 issues
Line: 814
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int ksz9031_config_init(struct phy_device *phydev)
{
const struct device_node *of_node;
static const char *clk_skews[2] = {"rxc-skew-ps", "txc-skew-ps"};
static const char *rx_data_skews[4] = {
"rxd0-skew-ps", "rxd1-skew-ps",
"rxd2-skew-ps", "rxd3-skew-ps"
};
static const char *tx_data_skews[4] = {
Reported by FlawFinder.
Line: 815
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
const struct device_node *of_node;
static const char *clk_skews[2] = {"rxc-skew-ps", "txc-skew-ps"};
static const char *rx_data_skews[4] = {
"rxd0-skew-ps", "rxd1-skew-ps",
"rxd2-skew-ps", "rxd3-skew-ps"
};
static const char *tx_data_skews[4] = {
"txd0-skew-ps", "txd1-skew-ps",
Reported by FlawFinder.
Line: 819
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"rxd0-skew-ps", "rxd1-skew-ps",
"rxd2-skew-ps", "rxd3-skew-ps"
};
static const char *tx_data_skews[4] = {
"txd0-skew-ps", "txd1-skew-ps",
"txd2-skew-ps", "txd3-skew-ps"
};
static const char *control_skews[2] = {"txen-skew-ps", "rxdv-skew-ps"};
const struct device *dev_walker;
Reported by FlawFinder.
Line: 823
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"txd0-skew-ps", "txd1-skew-ps",
"txd2-skew-ps", "txd3-skew-ps"
};
static const char *control_skews[2] = {"txen-skew-ps", "rxdv-skew-ps"};
const struct device *dev_walker;
int result;
result = ksz9031_enable_edpd(phydev);
if (result < 0)
Reported by FlawFinder.
Line: 1009
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int ksz9131_config_init(struct phy_device *phydev)
{
struct device_node *of_node;
char *clk_skews[2] = {"rxc-skew-psec", "txc-skew-psec"};
char *rx_data_skews[4] = {
"rxd0-skew-psec", "rxd1-skew-psec",
"rxd2-skew-psec", "rxd3-skew-psec"
};
char *tx_data_skews[4] = {
Reported by FlawFinder.
Line: 1010
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct device_node *of_node;
char *clk_skews[2] = {"rxc-skew-psec", "txc-skew-psec"};
char *rx_data_skews[4] = {
"rxd0-skew-psec", "rxd1-skew-psec",
"rxd2-skew-psec", "rxd3-skew-psec"
};
char *tx_data_skews[4] = {
"txd0-skew-psec", "txd1-skew-psec",
Reported by FlawFinder.
Line: 1014
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"rxd0-skew-psec", "rxd1-skew-psec",
"rxd2-skew-psec", "rxd3-skew-psec"
};
char *tx_data_skews[4] = {
"txd0-skew-psec", "txd1-skew-psec",
"txd2-skew-psec", "txd3-skew-psec"
};
char *control_skews[2] = {"txen-skew-psec", "rxdv-skew-psec"};
const struct device *dev_walker;
Reported by FlawFinder.
Line: 1018
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"txd0-skew-psec", "txd1-skew-psec",
"txd2-skew-psec", "txd3-skew-psec"
};
char *control_skews[2] = {"txen-skew-psec", "rxdv-skew-psec"};
const struct device *dev_walker;
int ret;
dev_walker = &phydev->mdio.dev;
do {
Reported by FlawFinder.
drivers/net/usb/cdc_ncm.c
8 issues
Line: 359
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
{ \
struct usbnet *dev = netdev_priv(to_net_dev(d)); \
struct cdc_ncm_ctx *ctx = (struct cdc_ncm_ctx *)dev->data[0]; \
return sprintf(buf, format "\n", tocpu(ctx->ncm_parm.name)); \
} \
static DEVICE_ATTR(name, 0444, cdc_ncm_show_##name, NULL)
NCM_PARM_ATTR(bmNtbFormatsSupported, "0x%04x", le16_to_cpu);
NCM_PARM_ATTR(dwNtbInMaxSize, "%u", le32_to_cpu);
Reported by FlawFinder.
Line: 70
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct usb_driver cdc_ncm_driver;
struct cdc_ncm_stats {
char stat_string[ETH_GSTRING_LEN];
int sizeof_stat;
int stat_offset;
};
#define CDC_NCM_STAT(str, m) { \
Reported by FlawFinder.
Line: 127
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (stringset) {
case ETH_SS_STATS:
for (i = 0; i < ARRAY_SIZE(cdc_ncm_gstrings_stats); i++) {
memcpy(p, cdc_ncm_gstrings_stats[i].stat_string, ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
}
}
Reported by FlawFinder.
Line: 201
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct usbnet *dev = netdev_priv(to_net_dev(d));
struct cdc_ncm_ctx *ctx = (struct cdc_ncm_ctx *)dev->data[0];
return sprintf(buf, "%u\n", ctx->min_tx_pkt);
}
static ssize_t rx_max_show(struct device *d,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 210
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct usbnet *dev = netdev_priv(to_net_dev(d));
struct cdc_ncm_ctx *ctx = (struct cdc_ncm_ctx *)dev->data[0];
return sprintf(buf, "%u\n", ctx->rx_max);
}
static ssize_t tx_max_show(struct device *d,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 219
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct usbnet *dev = netdev_priv(to_net_dev(d));
struct cdc_ncm_ctx *ctx = (struct cdc_ncm_ctx *)dev->data[0];
return sprintf(buf, "%u\n", ctx->tx_max);
}
static ssize_t tx_timer_usecs_show(struct device *d,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 228
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct usbnet *dev = netdev_priv(to_net_dev(d));
struct cdc_ncm_ctx *ctx = (struct cdc_ncm_ctx *)dev->data[0];
return sprintf(buf, "%u\n", ctx->timer_interval / (u32)NSEC_PER_USEC);
}
static ssize_t min_tx_pkt_store(struct device *d,
struct device_attribute *attr,
const char *buf, size_t len)
Reported by FlawFinder.
Line: 310
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct usbnet *dev = netdev_priv(to_net_dev(d));
struct cdc_ncm_ctx *ctx = (struct cdc_ncm_ctx *)dev->data[0];
return sprintf(buf, "%c\n", ctx->drvflags & CDC_NCM_FLAG_NDP_TO_END ? 'Y' : 'N');
}
static ssize_t ndp_to_end_store(struct device *d, struct device_attribute *attr, const char *buf, size_t len)
{
struct usbnet *dev = netdev_priv(to_net_dev(d));
Reported by FlawFinder.
drivers/net/usb/lan78xx.c
8 issues
Line: 574
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
check_counter_rollover(stats, dev->stats, eee_tx_lpi_transitions);
check_counter_rollover(stats, dev->stats, eee_tx_lpi_time);
memcpy(&dev->stats.saved, stats, sizeof(struct lan78xx_statstage));
}
static void lan78xx_update_stats(struct lan78xx_net *dev)
{
u32 *p, *count, *max;
Reported by FlawFinder.
Line: 1027
Column: 32
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
/* returns hash bit number for given MAC address */
static inline u32 lan78xx_hash(char addr[ETH_ALEN])
{
return (ether_crc(ETH_ALEN, addr) >> 23) & 0x1ff;
}
static void lan78xx_deferred_multicast_write(struct work_struct *param)
Reported by FlawFinder.
Line: 1326
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *data)
{
if (stringset == ETH_SS_STATS)
memcpy(data, lan78xx_gstrings, sizeof(lan78xx_gstrings));
}
static int lan78xx_get_sset_count(struct net_device *netdev, int sset)
{
if (sset == ETH_SS_STATS)
Reported by FlawFinder.
Line: 1345
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lan78xx_update_stats(dev);
mutex_lock(&dev->stats.access_lock);
memcpy(data, &dev->stats.curr_stat, sizeof(dev->stats.curr_stat));
mutex_unlock(&dev->stats.access_lock);
}
static void lan78xx_get_wol(struct net_device *netdev,
struct ethtool_wolinfo *wol)
Reported by FlawFinder.
Line: 3284
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb2 = skb_dequeue(tqp);
if (skb2) {
length += (skb2->len - TX_OVERHEAD);
memcpy(skb->data + pos, skb2->data, skb2->len);
pos += roundup(skb2->len, sizeof(u32));
dev_kfree_skb(skb2);
}
}
Reported by FlawFinder.
Line: 624
Column: 53
CWE codes:
120
20
return -EIO;
}
static inline u32 mii_access(int id, int index, int read)
{
u32 ret;
ret = ((u32)id << MII_ACC_PHY_ADDR_SHIFT_) & MII_ACC_PHY_ADDR_MASK_;
ret |= ((u32)index << MII_ACC_MIIRINDA_SHIFT_) & MII_ACC_MIIRINDA_MASK_;
Reported by FlawFinder.
Line: 630
Column: 6
CWE codes:
120
20
ret = ((u32)id << MII_ACC_PHY_ADDR_SHIFT_) & MII_ACC_PHY_ADDR_MASK_;
ret |= ((u32)index << MII_ACC_MIIRINDA_SHIFT_) & MII_ACC_MIIRINDA_MASK_;
if (read)
ret |= MII_ACC_MII_READ_;
else
ret |= MII_ACC_MII_WRITE_;
ret |= MII_ACC_MII_BUSY_;
Reported by FlawFinder.
Line: 1487
Column: 2
CWE codes:
120
{
struct lan78xx_net *dev = netdev_priv(net);
strncpy(info->driver, DRIVER_NAME, sizeof(info->driver));
usb_make_path(dev->udev, info->bus_info, sizeof(info->bus_info));
}
static u32 lan78xx_get_msglevel(struct net_device *net)
{
Reported by FlawFinder.
drivers/net/vxlan.c
8 issues
Line: 403
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fdb_info->remote_port = rd->remote_port;
fdb_info->remote_vni = rd->remote_vni;
fdb_info->remote_ifindex = rd->remote_ifindex;
memcpy(fdb_info->eth_addr, fdb->eth_addr, ETH_ALEN);
fdb_info->vni = fdb->vni;
fdb_info->offloaded = rd->offloaded;
fdb_info->added_by_user = fdb->flags & NTF_VXLAN_ADDED_BY_USER;
}
Reported by FlawFinder.
Line: 476
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
};
struct vxlan_rdst remote = { };
memcpy(f.eth_addr, eth_addr, ETH_ALEN);
vxlan_fdb_notify(vxlan, &f, &remote, RTM_GETNEIGH, true, NULL);
}
/* Hash Ethernet address */
Reported by FlawFinder.
Line: 845
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
RCU_INIT_POINTER(f->vdev, vxlan);
INIT_LIST_HEAD(&f->nh_list);
INIT_LIST_HEAD(&f->remotes);
memcpy(f->eth_addr, mac, ETH_ALEN);
return f;
}
static void vxlan_fdb_insert(struct vxlan_dev *vxlan, const u8 *mac,
Reported by FlawFinder.
Line: 2286
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
diff = !ether_addr_equal(eth_hdr(skb)->h_dest, n->ha);
if (diff) {
memcpy(eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
dev->addr_len);
memcpy(eth_hdr(skb)->h_dest, n->ha, dev->addr_len);
}
neigh_release(n);
return diff;
Reported by FlawFinder.
Line: 2288
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (diff) {
memcpy(eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
dev->addr_len);
memcpy(eth_hdr(skb)->h_dest, n->ha, dev->addr_len);
}
neigh_release(n);
return diff;
}
Reported by FlawFinder.
Line: 3808
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst->remote_vni = conf->vni;
memcpy(&dst->remote_ip, &conf->remote_ip, sizeof(conf->remote_ip));
if (lowerdev) {
dst->remote_ifindex = conf->remote_ifindex;
dev->gso_max_size = lowerdev->gso_max_size;
Reported by FlawFinder.
Line: 3839
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
needed_headroom += VXLAN_HEADROOM;
dev->needed_headroom = needed_headroom;
memcpy(&vxlan->cfg, conf, sizeof(*conf));
}
static int vxlan_dev_configure(struct net *src_net, struct net_device *dev,
struct vxlan_config *conf, bool changelink,
struct netlink_ext_ack *extack)
Reported by FlawFinder.
Line: 3986
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* if changelink operation, start with old existing cfg */
if (changelink)
memcpy(conf, &vxlan->cfg, sizeof(*conf));
if (data[IFLA_VXLAN_ID]) {
__be32 vni = cpu_to_be32(nla_get_u32(data[IFLA_VXLAN_ID]));
if (changelink && (vni != conf->vni)) {
Reported by FlawFinder.
drivers/net/wan/lmc/lmc_debug.c
8 issues
Line: 18
Column: 3
CWE codes:
134
Suggestion:
Make format string constant
int iNewLine = 1;
char str[80], *pstr;
sprintf(str, KERN_DEBUG "lmc: %s: ", type);
pstr = str+strlen(str);
if(iLen > 240){
printk(KERN_DEBUG "lmc: Printing 240 chars... out of: %d\n", iLen);
iLen = 240;
Reported by FlawFinder.
Line: 38
Column: 4
CWE codes:
134
Suggestion:
Make format string constant
{
sprintf(pstr, "\n");
printk(str);
sprintf(str, KERN_DEBUG "lmc: %s: ", type);
pstr=str+strlen(str);
}
iNewLine++;
iLen--;
}
Reported by FlawFinder.
Line: 16
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void lmcConsoleLog(char *type, unsigned char *ucData, int iLen)
{
int iNewLine = 1;
char str[80], *pstr;
sprintf(str, KERN_DEBUG "lmc: %s: ", type);
pstr = str+strlen(str);
if(iLen > 240){
Reported by FlawFinder.
Line: 31
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
while(iLen > 0)
{
sprintf(pstr, "%02x ", *ucData);
pstr+=3;
ucData++;
if( !(iNewLine % 20))
{
sprintf(pstr, "\n");
Reported by FlawFinder.
Line: 19
Column: 14
CWE codes:
126
char str[80], *pstr;
sprintf(str, KERN_DEBUG "lmc: %s: ", type);
pstr = str+strlen(str);
if(iLen > 240){
printk(KERN_DEBUG "lmc: Printing 240 chars... out of: %d\n", iLen);
iLen = 240;
}
Reported by FlawFinder.
Line: 36
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ucData++;
if( !(iNewLine % 20))
{
sprintf(pstr, "\n");
printk(str);
sprintf(str, KERN_DEBUG "lmc: %s: ", type);
pstr=str+strlen(str);
}
iNewLine++;
Reported by FlawFinder.
Line: 39
Column: 13
CWE codes:
126
sprintf(pstr, "\n");
printk(str);
sprintf(str, KERN_DEBUG "lmc: %s: ", type);
pstr=str+strlen(str);
}
iNewLine++;
iLen--;
}
sprintf(pstr, "\n");
Reported by FlawFinder.
Line: 44
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
iNewLine++;
iLen--;
}
sprintf(pstr, "\n");
printk(str);
}
#endif
#endif
Reported by FlawFinder.