The following issues were found
include/xen/interface/version.h
8 issues
Line: 22
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* arg == xen_extraversion_t. */
#define XENVER_extraversion 1
struct xen_extraversion {
char extraversion[16];
};
#define XEN_EXTRAVERSION_LEN (sizeof(struct xen_extraversion))
/* arg == xen_compile_info_t. */
#define XENVER_compile_info 2
Reported by FlawFinder.
Line: 29
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* arg == xen_compile_info_t. */
#define XENVER_compile_info 2
struct xen_compile_info {
char compiler[64];
char compile_by[16];
char compile_domain[32];
char compile_date[32];
};
Reported by FlawFinder.
Line: 30
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define XENVER_compile_info 2
struct xen_compile_info {
char compiler[64];
char compile_by[16];
char compile_domain[32];
char compile_date[32];
};
#define XENVER_capabilities 3
Reported by FlawFinder.
Line: 31
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct xen_compile_info {
char compiler[64];
char compile_by[16];
char compile_domain[32];
char compile_date[32];
};
#define XENVER_capabilities 3
struct xen_capabilities_info {
Reported by FlawFinder.
Line: 32
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char compiler[64];
char compile_by[16];
char compile_domain[32];
char compile_date[32];
};
#define XENVER_capabilities 3
struct xen_capabilities_info {
char info[1024];
Reported by FlawFinder.
Line: 37
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define XENVER_capabilities 3
struct xen_capabilities_info {
char info[1024];
};
#define XEN_CAPABILITIES_INFO_LEN (sizeof(struct xen_capabilities_info))
#define XENVER_changeset 4
struct xen_changeset_info {
Reported by FlawFinder.
Line: 43
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define XENVER_changeset 4
struct xen_changeset_info {
char info[64];
};
#define XEN_CHANGESET_INFO_LEN (sizeof(struct xen_changeset_info))
#define XENVER_platform_parameters 5
struct xen_platform_parameters {
Reported by FlawFinder.
Line: 69
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define XENVER_commandline 9
struct xen_commandline {
char buf[1024];
};
/*
* Return value is the number of bytes written, or XEN_Exx on error.
* Calling with empty parameter returns the size of build_id.
Reported by FlawFinder.
net/bridge/br_multicast_eht.c
8 issues
Line: 269
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!eht_host)
return NULL;
memcpy(&eht_host->h_addr, h_addr, sizeof(*h_addr));
INIT_HLIST_HEAD(&eht_host->set_entries);
eht_host->pg = pg;
eht_host->filter_mode = filter_mode;
rb_link_node(&eht_host->rb_node, parent, link);
Reported by FlawFinder.
Line: 316
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!set_h)
return NULL;
memcpy(&set_h->h_addr, &eht_host->h_addr,
sizeof(union net_bridge_eht_addr));
set_h->mcast_gc.destroy = br_multicast_destroy_eht_set_entry;
set_h->eht_set = eht_set;
set_h->h_parent = eht_host;
set_h->br = br;
Reported by FlawFinder.
Line: 363
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!eht_set)
return NULL;
memcpy(&eht_set->src_addr, src_addr, sizeof(*src_addr));
eht_set->mcast_gc.destroy = br_multicast_destroy_eht_set;
eht_set->pg = pg;
eht_set->br = pg->key.port->br;
eht_set->entry_tree = RB_ROOT;
timer_setup(&eht_set->timer, br_multicast_eht_set_expired, 0);
Reported by FlawFinder.
Line: 385
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
#if IS_ENABLED(CONFIG_IPV6)
case htons(ETH_P_IPV6):
memcpy(&dest->ip6, &src->src.ip6, sizeof(struct in6_addr));
break;
#endif
}
}
Reported by FlawFinder.
Line: 514
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&eht_src_addr, 0, sizeof(eht_src_addr));
for (src_idx = 0; src_idx < nsrcs; src_idx++) {
memcpy(&eht_src_addr, srcs + (src_idx * addr_size), addr_size);
br_multicast_create_eht_set_entry(pg, &eht_src_addr, h_addr,
filter_mode,
false);
}
}
Reported by FlawFinder.
Line: 538
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&src_ip, 0, sizeof(src_ip));
src_ip.proto = pg->key.addr.proto;
for (src_idx = 0; src_idx < nsrcs; src_idx++) {
memcpy(&eht_src_addr, srcs + (src_idx * addr_size), addr_size);
if (!br_multicast_del_eht_set_entry(pg, &eht_src_addr, h_addr))
continue;
memcpy(&src_ip, srcs + (src_idx * addr_size), addr_size);
src_ent = br_multicast_find_group_src(pg, &src_ip);
if (!src_ent)
Reported by FlawFinder.
Line: 541
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&eht_src_addr, srcs + (src_idx * addr_size), addr_size);
if (!br_multicast_del_eht_set_entry(pg, &eht_src_addr, h_addr))
continue;
memcpy(&src_ip, srcs + (src_idx * addr_size), addr_size);
src_ent = br_multicast_find_group_src(pg, &src_ip);
if (!src_ent)
continue;
br_multicast_del_group_src(src_ent, true);
changed = true;
Reported by FlawFinder.
Line: 780
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
memset(&eht_host_addr, 0, sizeof(eht_host_addr));
memcpy(&eht_host_addr, h_addr, addr_size);
if (addr_size == sizeof(__be32))
changed = __eht_ip4_handle(pg, &eht_host_addr, srcs, nsrcs,
grec_type);
#if IS_ENABLED(CONFIG_IPV6)
else
Reported by FlawFinder.
net/atm/mpc.c
8 issues
Line: 273
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct net_device *find_lec_by_itfnum(int itf)
{
struct net_device *dev;
char name[IFNAMSIZ];
sprintf(name, "lec%d", itf);
dev = dev_get_by_name(&init_net, name);
return dev;
Reported by FlawFinder.
Line: 275
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct net_device *dev;
char name[IFNAMSIZ];
sprintf(name, "lec%d", itf);
dev = dev_get_by_name(&init_net, name);
return dev;
}
Reported by FlawFinder.
Line: 485
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ether_addr_copy(mpc->mps_macs, router_mac);
tlvs += 20; if (device_type == MPS_AND_MPC) tlvs += 20;
if (mps_macs > 0)
memcpy(mpc->mps_macs, tlvs, mps_macs*ETH_ALEN);
tlvs += mps_macs*ETH_ALEN;
mpc->number_of_mps_macs = num_macs;
return tlvs;
}
Reported by FlawFinder.
Line: 843
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
set_bit(ATM_VF_READY, &vcc->flags);
if (mpc->dev) {
char empty[ATM_ESA_LEN];
memset(empty, 0, ATM_ESA_LEN);
start_mpc(mpc, mpc->dev);
/* set address if mpcd e.g. gets killed and restarted.
* If we do not do it now we have to wait for the next LE_ARP
Reported by FlawFinder.
Line: 862
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct k_message mesg;
memcpy(mpc->mps_ctrl_addr, addr, ATM_ESA_LEN);
mesg.type = SET_MPS_CTRL_ADDR;
memcpy(mesg.MPS_ctrl, addr, ATM_ESA_LEN);
msg_to_mpoad(&mesg, mpc);
}
Reported by FlawFinder.
Line: 865
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(mpc->mps_ctrl_addr, addr, ATM_ESA_LEN);
mesg.type = SET_MPS_CTRL_ADDR;
memcpy(mesg.MPS_ctrl, addr, ATM_ESA_LEN);
msg_to_mpoad(&mesg, mpc);
}
static void mpoad_close(struct atm_vcc *vcc)
{
Reported by FlawFinder.
Line: 1347
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tlv[5] = 0x02; /* MPOA client */
tlv[6] = 0x00; /* number of MPS MAC addresses */
memcpy(&tlv[7], mesg->MPS_ctrl, ATM_ESA_LEN); /* MPC ctrl ATM addr */
memcpy(mpc->our_ctrl_addr, mesg->MPS_ctrl, ATM_ESA_LEN);
dprintk("(%s) setting MPC ctrl ATM address to",
mpc->dev ? mpc->dev->name : "<unknown>");
for (i = 7; i < sizeof(tlv); i++)
Reported by FlawFinder.
Line: 1348
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tlv[6] = 0x00; /* number of MPS MAC addresses */
memcpy(&tlv[7], mesg->MPS_ctrl, ATM_ESA_LEN); /* MPC ctrl ATM addr */
memcpy(mpc->our_ctrl_addr, mesg->MPS_ctrl, ATM_ESA_LEN);
dprintk("(%s) setting MPC ctrl ATM address to",
mpc->dev ? mpc->dev->name : "<unknown>");
for (i = 7; i < sizeof(tlv); i++)
dprintk_cont(" %02x", tlv[i]);
Reported by FlawFinder.
net/rose/af_rose.c
8 issues
Line: 99
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
addr->rose_addr[4] == 0x00) {
strcpy(buf, "*");
} else {
sprintf(buf, "%02X%02X%02X%02X%02X", addr->rose_addr[0] & 0xFF,
addr->rose_addr[1] & 0xFF,
addr->rose_addr[2] & 0xFF,
addr->rose_addr[3] & 0xFF,
addr->rose_addr[4] & 0xFF);
}
Reported by FlawFinder.
Line: 793
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out_release;
}
memcpy(&rose->source_addr, dev->dev_addr, ROSE_ADDR_LEN);
rose->source_call = user->call;
rose->device = dev;
ax25_uid_put(user);
rose_insert_socket(sk); /* Finish the bind */
Reported by FlawFinder.
Line: 1079
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (msg->msg_namelen != sizeof(struct sockaddr_rose) && msg->msg_namelen != sizeof(struct full_sockaddr_rose))
return -EINVAL;
memset(&srose, 0, sizeof(struct full_sockaddr_rose));
memcpy(&srose, usrose, msg->msg_namelen);
if (rosecmp(&rose->dest_addr, &srose.srose_addr) != 0 ||
ax25cmp(&rose->dest_call, &srose.srose_call) != 0)
return -EISCONN;
if (srose.srose_ndigis != rose->dest_ndigis)
return -EISCONN;
Reported by FlawFinder.
Line: 1160
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef M_BIT
#define ROSE_PACLEN (256-ROSE_MIN_LEN)
if (skb->len - ROSE_MIN_LEN > ROSE_PACLEN) {
unsigned char header[ROSE_MIN_LEN];
struct sk_buff *skbn;
int frontlen;
int lg;
/* Save a copy of the Header */
Reported by FlawFinder.
Line: 1391
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int rose_info_show(struct seq_file *seq, void *v)
{
char buf[11], rsbuf[11];
if (v == SEQ_START_TOKEN)
seq_puts(seq,
"dest_addr dest_call src_addr src_call dev lci neigh st vs vr va t t1 t2 t3 hb idle Snd-Q Rcv-Q inode\n");
Reported by FlawFinder.
Line: 1521
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; i < rose_ndevs; i++) {
struct net_device *dev;
char name[IFNAMSIZ];
sprintf(name, "rose%d", i);
dev = alloc_netdev(0, name, NET_NAME_UNKNOWN, rose_setup);
if (!dev) {
printk(KERN_ERR "ROSE: rose_proto_init - unable to allocate memory\n");
Reported by FlawFinder.
Line: 1523
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct net_device *dev;
char name[IFNAMSIZ];
sprintf(name, "rose%d", i);
dev = alloc_netdev(0, name, NET_NAME_UNKNOWN, rose_setup);
if (!dev) {
printk(KERN_ERR "ROSE: rose_proto_init - unable to allocate memory\n");
rc = -ENOMEM;
goto fail;
Reported by FlawFinder.
Line: 97
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (addr->rose_addr[0] == 0x00 && addr->rose_addr[1] == 0x00 &&
addr->rose_addr[2] == 0x00 && addr->rose_addr[3] == 0x00 &&
addr->rose_addr[4] == 0x00) {
strcpy(buf, "*");
} else {
sprintf(buf, "%02X%02X%02X%02X%02X", addr->rose_addr[0] & 0xFF,
addr->rose_addr[1] & 0xFF,
addr->rose_addr[2] & 0xFF,
addr->rose_addr[3] & 0xFF,
Reported by FlawFinder.
net/ipv4/ip_tunnel.c
8 issues
Line: 249
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
} else {
if (strlen(ops->kind) > (IFNAMSIZ - 3))
goto failed;
strcpy(name, ops->kind);
strcat(name, "%d");
}
ASSERT_RTNL();
dev = alloc_netdev(ops->priv_size, name, NET_NAME_UNKNOWN, ops->setup);
Reported by FlawFinder.
Line: 1246
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
tunnel->dev = dev;
tunnel->net = dev_net(dev);
strcpy(tunnel->parms.name, dev->name);
iph->version = 4;
iph->ihl = 5;
if (tunnel->collect_md)
netif_keep_dst(dev);
Reported by FlawFinder.
Line: 239
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int err;
struct ip_tunnel *tunnel;
struct net_device *dev;
char name[IFNAMSIZ];
err = -E2BIG;
if (parms->name[0]) {
if (!dev_valid_name(parms->name))
goto failed;
Reported by FlawFinder.
Line: 250
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (strlen(ops->kind) > (IFNAMSIZ - 3))
goto failed;
strcpy(name, ops->kind);
strcat(name, "%d");
}
ASSERT_RTNL();
dev = alloc_netdev(ops->priv_size, name, NET_NAME_UNKNOWN, ops->setup);
if (!dev) {
Reported by FlawFinder.
Line: 837
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
t->parms.i_key = p->i_key;
t->parms.o_key = p->o_key;
if (dev->type != ARPHRD_ETHER) {
memcpy(dev->dev_addr, &p->iph.saddr, 4);
memcpy(dev->broadcast, &p->iph.daddr, 4);
}
ip_tunnel_add(itn, t);
t->parms.iph.ttl = p->iph.ttl;
Reported by FlawFinder.
Line: 838
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
t->parms.o_key = p->o_key;
if (dev->type != ARPHRD_ETHER) {
memcpy(dev->dev_addr, &p->iph.saddr, 4);
memcpy(dev->broadcast, &p->iph.daddr, 4);
}
ip_tunnel_add(itn, t);
t->parms.iph.ttl = p->iph.ttl;
t->parms.iph.tos = p->iph.tos;
Reported by FlawFinder.
Line: 873
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!t)
t = netdev_priv(dev);
}
memcpy(p, &t->parms, sizeof(*p));
break;
case SIOCADDTUNNEL:
case SIOCCHGTUNNEL:
err = -EPERM;
Reported by FlawFinder.
Line: 247
Column: 7
CWE codes:
126
goto failed;
strlcpy(name, parms->name, IFNAMSIZ);
} else {
if (strlen(ops->kind) > (IFNAMSIZ - 3))
goto failed;
strcpy(name, ops->kind);
strcat(name, "%d");
}
Reported by FlawFinder.
net/ipv6/ip6_vti.c
7 issues
Line: 194
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
goto out;
strcpy(t->parms.name, dev->name);
vti6_tnl_link(ip6n, t);
return 0;
Reported by FlawFinder.
Line: 1167
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
t = netdev_priv(ip6n->fb_tnl_dev);
strcpy(t->parms.name, ip6n->fb_tnl_dev->name);
return 0;
err_register:
free_netdev(ip6n->fb_tnl_dev);
err_alloc_dev:
Reported by FlawFinder.
Line: 208
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct net_device *dev;
struct ip6_tnl *t;
char name[IFNAMSIZ];
int err;
if (p->name[0]) {
if (!dev_valid_name(p->name))
goto failed;
Reported by FlawFinder.
Line: 216
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto failed;
strlcpy(name, p->name, IFNAMSIZ);
} else {
sprintf(name, "ip6_vti%%d");
}
dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, vti6_dev_setup);
if (!dev)
goto failed;
Reported by FlawFinder.
Line: 663
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct net_device *tdev = NULL;
int mtu;
memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr));
memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr));
p->flags &= ~(IP6_TNL_F_CAP_XMIT | IP6_TNL_F_CAP_RCV |
IP6_TNL_F_CAP_PER_PACKET);
p->flags |= ip6_tnl_get_cap(t, &p->laddr, &p->raddr);
Reported by FlawFinder.
Line: 664
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int mtu;
memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr));
memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr));
p->flags &= ~(IP6_TNL_F_CAP_XMIT | IP6_TNL_F_CAP_RCV |
IP6_TNL_F_CAP_PER_PACKET);
p->flags |= ip6_tnl_get_cap(t, &p->laddr, &p->raddr);
Reported by FlawFinder.
Line: 753
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p->o_key = u->o_key;
p->proto = u->proto;
memcpy(p->name, u->name, sizeof(u->name));
}
static void
vti6_parm_to_user(struct ip6_tnl_parm2 *u, const struct __ip6_tnl_parm *p)
{
Reported by FlawFinder.
include/uapi/linux/chio.h
7 issues
Line: 41
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct changer_vendor_params {
int cvp_n1; /* number of vendor specific elems (CHET_V1) */
char cvp_label1[16];
int cvp_n2; /* number of vendor specific elems (CHET_V2) */
char cvp_label2[16];
int cvp_n3; /* number of vendor specific elems (CHET_V3) */
char cvp_label3[16];
int cvp_n4; /* number of vendor specific elems (CHET_V4) */
Reported by FlawFinder.
Line: 43
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cvp_n1; /* number of vendor specific elems (CHET_V1) */
char cvp_label1[16];
int cvp_n2; /* number of vendor specific elems (CHET_V2) */
char cvp_label2[16];
int cvp_n3; /* number of vendor specific elems (CHET_V3) */
char cvp_label3[16];
int cvp_n4; /* number of vendor specific elems (CHET_V4) */
char cvp_label4[16];
int reserved[8];
Reported by FlawFinder.
Line: 45
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cvp_n2; /* number of vendor specific elems (CHET_V2) */
char cvp_label2[16];
int cvp_n3; /* number of vendor specific elems (CHET_V3) */
char cvp_label3[16];
int cvp_n4; /* number of vendor specific elems (CHET_V4) */
char cvp_label4[16];
int reserved[8];
};
Reported by FlawFinder.
Line: 47
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cvp_n3; /* number of vendor specific elems (CHET_V3) */
char cvp_label3[16];
int cvp_n4; /* number of vendor specific elems (CHET_V4) */
char cvp_label4[16];
int reserved[8];
};
/*
Reported by FlawFinder.
Line: 126
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cge_srcunit;
int cge_id; /* scsi id (for data transfer elements) */
int cge_lun; /* scsi lun (for data transfer elements) */
char cge_pvoltag[36]; /* primary volume tag */
char cge_avoltag[36]; /* alternate volume tag */
int cge_flags;
};
/* flags */
#define CGE_ERRNO 0x01 /* errno available */
Reported by FlawFinder.
Line: 127
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cge_id; /* scsi id (for data transfer elements) */
int cge_lun; /* scsi lun (for data transfer elements) */
char cge_pvoltag[36]; /* primary volume tag */
char cge_avoltag[36]; /* alternate volume tag */
int cge_flags;
};
/* flags */
#define CGE_ERRNO 0x01 /* errno available */
#define CGE_INVERT 0x02 /* media inverted */
Reported by FlawFinder.
Line: 146
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct changer_set_voltag {
int csv_type; /* type/unit */
int csv_unit;
char csv_voltag[36]; /* volume tag */
int csv_flags;
};
#define CSV_PVOLTAG 0x01 /* primary volume tag */
#define CSV_AVOLTAG 0x02 /* alternate volume tag */
#define CSV_CLEARTAG 0x04 /* clear volume tag */
Reported by FlawFinder.
include/uapi/linux/netfilter/x_tables.h
7 issues
Line: 17
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u16 match_size;
/* Used by userspace */
char name[XT_EXTENSION_MAXNAMELEN];
__u8 revision;
} user;
struct {
__u16 match_size;
Reported by FlawFinder.
Line: 31
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u16 match_size;
} u;
unsigned char data[0];
};
struct xt_entry_target {
union {
struct {
Reported by FlawFinder.
Line: 40
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u16 target_size;
/* Used by userspace */
char name[XT_EXTENSION_MAXNAMELEN];
__u8 revision;
} user;
struct {
__u16 target_size;
Reported by FlawFinder.
Line: 54
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u16 target_size;
} u;
unsigned char data[0];
};
#define XT_TARGET_INIT(__name, __size) \
{ \
.target.u.user = { \
Reported by FlawFinder.
Line: 72
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct xt_error_target {
struct xt_entry_target target;
char errorname[XT_FUNCTION_MAXNAMELEN];
};
/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
* kernel supports, if >= revision. */
struct xt_get_revision {
Reported by FlawFinder.
Line: 78
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
* kernel supports, if >= revision. */
struct xt_get_revision {
char name[XT_EXTENSION_MAXNAMELEN];
__u8 revision;
};
/* CONTINUE verdict for targets */
#define XT_CONTINUE 0xFFFFFFFF
Reported by FlawFinder.
Line: 117
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* The argument to IPT_SO_ADD_COUNTERS. */
struct xt_counters_info {
/* Which table. */
char name[XT_TABLE_MAXNAMELEN];
unsigned int num_counters;
/* The counters (actually `number' of these). */
struct xt_counters counters[0];
Reported by FlawFinder.
net/mac802154/trace.h
7 issues
Line: 105
),
TP_fast_assign(
LOCAL_ASSIGN;
CCA_ASSIGN;
),
TP_printk(LOCAL_PR_FMT ", " CCA_PR_FMT, LOCAL_PR_ARG,
CCA_PR_ARG)
);
Reported by Cppcheck.
Line: 105
),
TP_fast_assign(
LOCAL_ASSIGN;
CCA_ASSIGN;
),
TP_printk(LOCAL_PR_FMT ", " CCA_PR_FMT, LOCAL_PR_ARG,
CCA_PR_ARG)
);
Reported by Cppcheck.
Line: 105
),
TP_fast_assign(
LOCAL_ASSIGN;
CCA_ASSIGN;
),
TP_printk(LOCAL_PR_FMT ", " CCA_PR_FMT, LOCAL_PR_ARG,
CCA_PR_ARG)
);
Reported by Cppcheck.
Line: 105
),
TP_fast_assign(
LOCAL_ASSIGN;
CCA_ASSIGN;
),
TP_printk(LOCAL_PR_FMT ", " CCA_PR_FMT, LOCAL_PR_ARG,
CCA_PR_ARG)
);
Reported by Cppcheck.
Line: 105
),
TP_fast_assign(
LOCAL_ASSIGN;
CCA_ASSIGN;
),
TP_printk(LOCAL_PR_FMT ", " CCA_PR_FMT, LOCAL_PR_ARG,
CCA_PR_ARG)
);
Reported by Cppcheck.
Line: 105
),
TP_fast_assign(
LOCAL_ASSIGN;
CCA_ASSIGN;
),
TP_printk(LOCAL_PR_FMT ", " CCA_PR_FMT, LOCAL_PR_ARG,
CCA_PR_ARG)
);
Reported by Cppcheck.
Line: 105
),
TP_fast_assign(
LOCAL_ASSIGN;
CCA_ASSIGN;
),
TP_printk(LOCAL_PR_FMT ", " CCA_PR_FMT, LOCAL_PR_ARG,
CCA_PR_ARG)
);
Reported by Cppcheck.
lib/test_hexdump.c
7 issues
Line: 102
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const char *q = *result++;
size_t amount = strlen(q);
memcpy(p, q, amount);
p += amount;
*p++ = ' ';
}
if (i)
Reported by FlawFinder.
Line: 128
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init test_hexdump(size_t len, int rowsize, int groupsize,
bool ascii)
{
char test[TEST_HEXDUMP_BUF_SIZE];
char real[TEST_HEXDUMP_BUF_SIZE];
total_tests++;
memset(real, FILL_CHAR, sizeof(real));
Reported by FlawFinder.
Line: 129
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool ascii)
{
char test[TEST_HEXDUMP_BUF_SIZE];
char real[TEST_HEXDUMP_BUF_SIZE];
total_tests++;
memset(real, FILL_CHAR, sizeof(real));
hex_dump_to_buffer(data_b, len, rowsize, groupsize, real, sizeof(real),
Reported by FlawFinder.
Line: 164
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int rowsize, int groupsize,
bool ascii)
{
char test[TEST_HEXDUMP_BUF_SIZE];
char buf[TEST_HEXDUMP_BUF_SIZE];
int rs = rowsize, gs = groupsize;
int ae, he, e, f, r;
bool a;
Reported by FlawFinder.
Line: 165
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool ascii)
{
char test[TEST_HEXDUMP_BUF_SIZE];
char buf[TEST_HEXDUMP_BUF_SIZE];
int rs = rowsize, gs = groupsize;
int ae, he, e, f, r;
bool a;
total_tests++;
Reported by FlawFinder.
Line: 100
Column: 19
CWE codes:
126
p = test;
for (i = 0; i < l / gs; i++) {
const char *q = *result++;
size_t amount = strlen(q);
memcpy(p, q, amount);
p += amount;
*p++ = ' ';
Reported by FlawFinder.
Line: 116
Column: 3
CWE codes:
120
*p++ = ' ';
} while (p < test + rs * 2 + rs / gs + 1);
strncpy(p, data_a, l);
p += l;
}
*p = '\0';
}
Reported by FlawFinder.