The following issues were found
drivers/target/iscsi/iscsi_target_nego.c
7 issues
Line: 143
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (strstr("CHAP", authtype))
strcpy(conn->sess->auth_type, "CHAP");
else
strcpy(conn->sess->auth_type, NONE);
if (strstr("None", authtype))
return 1;
else if (strstr("CHAP", authtype))
return chap_main_loop(conn, auth, in_buf, out_buf,
Reported by FlawFinder.
Line: 91
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
" %d\n", len, max_length);
return -1;
}
memcpy(out_buf, ptr, len);
out_buf[len] = '\0';
return 0;
}
Reported by FlawFinder.
Line: 141
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
if (strstr("CHAP", authtype))
strcpy(conn->sess->auth_type, "CHAP");
else
strcpy(conn->sess->auth_type, NONE);
if (strstr("None", authtype))
return 1;
Reported by FlawFinder.
Line: 327
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
login_rsp->opcode = ISCSI_OP_LOGIN_RSP;
hton24(login_rsp->dlength, login->rsp_length);
memcpy(login_rsp->isid, login->isid, 6);
login_rsp->tsih = cpu_to_be16(login->tsih);
login_rsp->itt = login->init_task_tag;
login_rsp->statsn = cpu_to_be32(conn->stat_sn++);
login_rsp->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
login_rsp->max_cmdsn = cpu_to_be32((u32) atomic_read(&conn->sess->max_cmd_sn));
Reported by FlawFinder.
Line: 1041
Column: 17
CWE codes:
126
char *param_buf)
{
char *c;
u32 iqn_size = strlen(param_buf), i;
for (i = 0; i < iqn_size; i++) {
c = ¶m_buf[i];
if (!isupper(*c))
continue;
Reported by FlawFinder.
Line: 1104
Column: 26
CWE codes:
126
else if (!strncmp(key, "TargetName", 10))
t_buf = value;
start += strlen(key) + strlen(value) + 2;
}
/*
* See 5.3. Login Phase.
*/
if (!i_buf) {
Reported by FlawFinder.
Line: 1104
Column: 12
CWE codes:
126
else if (!strncmp(key, "TargetName", 10))
t_buf = value;
start += strlen(key) + strlen(value) + 2;
}
/*
* See 5.3. Login Phase.
*/
if (!i_buf) {
Reported by FlawFinder.
drivers/scsi/scsi_transport_iscsi.c
7 issues
Line: 1535
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device *dev = &shost->shost_gendev;
struct iscsi_internal *i = to_iscsi_internal(shost->transportt);
struct request_queue *q;
char bsg_name[20];
if (!i->iscsi_transport->bsg_request)
return -ENOTSUPP;
snprintf(bsg_name, sizeof(bsg_name), "iscsi_host%d", shost->host_no);
Reported by FlawFinder.
Line: 2515
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ev->r.recv_req.cid = conn->cid;
ev->r.recv_req.sid = iscsi_conn_get_sid(conn);
pdu = (char*)ev + sizeof(*ev);
memcpy(pdu, hdr, sizeof(struct iscsi_hdr));
memcpy(pdu + sizeof(struct iscsi_hdr), data, data_size);
return iscsi_multicast_skb(skb, ISCSI_NL_GRP_ISCSID, GFP_ATOMIC);
}
EXPORT_SYMBOL_GPL(iscsi_recv_pdu);
Reported by FlawFinder.
Line: 2516
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ev->r.recv_req.sid = iscsi_conn_get_sid(conn);
pdu = (char*)ev + sizeof(*ev);
memcpy(pdu, hdr, sizeof(struct iscsi_hdr));
memcpy(pdu + sizeof(struct iscsi_hdr), data, data_size);
return iscsi_multicast_skb(skb, ISCSI_NL_GRP_ISCSID, GFP_ATOMIC);
}
EXPORT_SYMBOL_GPL(iscsi_recv_pdu);
Reported by FlawFinder.
Line: 2551
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
}
memcpy((char *)ev + sizeof(*ev), data, data_size);
return iscsi_multicast_skb(skb, ISCSI_NL_GRP_UIP, GFP_ATOMIC);
}
EXPORT_SYMBOL_GPL(iscsi_offload_mesg);
Reported by FlawFinder.
Line: 2653
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ev->r.host_event.data_size = data_size;
if (data_size)
memcpy((char *)ev + sizeof(*ev), data, data_size);
iscsi_multicast_skb(skb, ISCSI_NL_GRP_ISCSID, GFP_NOIO);
}
EXPORT_SYMBOL_GPL(iscsi_post_host_event);
Reported by FlawFinder.
Line: 2682
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ev->r.ping_comp.status = status;
ev->r.ping_comp.pid = pid;
ev->r.ping_comp.data_size = data_size;
memcpy((char *)ev + sizeof(*ev), data, data_size);
iscsi_multicast_skb(skb, ISCSI_NL_GRP_ISCSID, GFP_NOIO);
}
EXPORT_SYMBOL_GPL(iscsi_ping_comp_event);
Reported by FlawFinder.
Line: 2702
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
nlh = __nlmsg_put(skb, 0, 0, type, (len - sizeof(*nlh)), 0);
memcpy(nlmsg_data(nlh), payload, size);
return iscsi_unicast_skb(skb, portid);
}
static int
iscsi_if_get_stats(struct iscsi_transport *transport, struct nlmsghdr *nlh)
Reported by FlawFinder.
drivers/target/iscsi/iscsi_target.c
7 issues
Line: 127
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!tiqn)
return ERR_PTR(-ENOMEM);
sprintf(tiqn->tiqn, "%s", buf);
INIT_LIST_HEAD(&tiqn->tiqn_list);
INIT_LIST_HEAD(&tiqn->tiqn_tpg_list);
spin_lock_init(&tiqn->tiqn_state_lock);
spin_lock_init(&tiqn->tiqn_tpg_lock);
spin_lock_init(&tiqn->sess_err_stats.lock);
Reported by FlawFinder.
Line: 3419
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
continue;
if (!target_name_printed) {
len = sprintf(buf, "TargetName=%s",
tiqn->tiqn);
len += 1;
if ((len + payload_len) > buffer_len) {
spin_unlock(&tpg->tpg_np_lock);
Reported by FlawFinder.
Line: 3349
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iscsi_tpg_np *tpg_np;
int buffer_len, end_of_buf = 0, len = 0, payload_len = 0;
int target_name_printed;
unsigned char buf[ISCSI_IQN_LEN+12]; /* iqn + "TargetName=" + \0 */
unsigned char *text_in = cmd->text_in_ptr, *text_ptr = NULL;
bool active;
buffer_len = min(conn->conn_ops->MaxRecvDataSegmentLength,
SENDTARGETS_BUF_LIMIT);
Reported by FlawFinder.
Line: 3433
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (skip_bytes && len <= skip_bytes) {
skip_bytes -= len;
} else {
memcpy(payload + payload_len, buf, len);
payload_len += len;
target_name_printed = 1;
if (len > skip_bytes)
skip_bytes = 0;
}
Reported by FlawFinder.
Line: 3446
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
sockaddr = &np->np_sockaddr;
len = sprintf(buf, "TargetAddress="
"%pISpc,%hu",
sockaddr,
tpg->tpgt);
len += 1;
Reported by FlawFinder.
Line: 3462
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (skip_bytes && len <= skip_bytes) {
skip_bytes -= len;
} else {
memcpy(payload + payload_len, buf, len);
payload_len += len;
if (len > skip_bytes)
skip_bytes = 0;
}
}
Reported by FlawFinder.
Line: 117
Column: 6
CWE codes:
126
struct iscsi_tiqn *tiqn = NULL;
int ret;
if (strlen(buf) >= ISCSI_IQN_LEN) {
pr_err("Target IQN exceeds %d bytes\n",
ISCSI_IQN_LEN);
return ERR_PTR(-EINVAL);
}
Reported by FlawFinder.
drivers/staging/wlan-ng/prism2mib.c
7 issues
Line: 385
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
prism2mgmt_bytearea2pstr(bytebuf, pstr, mib->parm2);
} else {
memset(bytebuf, 0, mib->parm2);
memcpy(bytebuf, pstr->data, pstr->len);
result =
hfa384x_drvr_setconfig(hw, mib->parm1, bytebuf, mib->parm2);
}
return result;
Reported by FlawFinder.
Line: 540
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = (pstr->len > 5) ? HFA384x_RID_CNFWEP128DEFAULTKEY_LEN :
HFA384x_RID_CNFWEPDEFAULTKEY_LEN;
memset(bytebuf, 0, len);
memcpy(bytebuf, pstr->data, pstr->len);
result = hfa384x_drvr_setconfig(hw, mib->parm1, bytebuf, len);
}
return result;
}
Reported by FlawFinder.
Line: 679
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(u8 *)&wpa,
sizeof(wpa));
pstr->len = le16_to_cpu(wpa.datalen);
memcpy(pstr->data, wpa.data, pstr->len);
} else {
wpa.datalen = cpu_to_le16(pstr->len);
memcpy(wpa.data, pstr->data, pstr->len);
hfa384x_drvr_setconfig(hw,
Reported by FlawFinder.
Line: 682
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pstr->data, wpa.data, pstr->len);
} else {
wpa.datalen = cpu_to_le16(pstr->len);
memcpy(wpa.data, pstr->data, pstr->len);
hfa384x_drvr_setconfig(hw,
HFA384x_RID_CNFWPADATA,
(u8 *)&wpa,
sizeof(wpa));
Reported by FlawFinder.
Line: 717
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct p80211pstrd *pstr)
{
bytestr->len = cpu_to_le16((u16)(pstr->len));
memcpy(bytestr->data, pstr->data, pstr->len);
}
/*
* prism2mgmt_bytestr2pstr
*
Reported by FlawFinder.
Line: 739
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct p80211pstrd *pstr)
{
pstr->len = (u8)(le16_to_cpu(bytestr->len));
memcpy(pstr->data, bytestr->data, pstr->len);
}
/*
* prism2mgmt_bytearea2pstr
*
Reported by FlawFinder.
Line: 760
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void prism2mgmt_bytearea2pstr(u8 *bytearea, struct p80211pstrd *pstr, int len)
{
pstr->len = (u8)len;
memcpy(pstr->data, bytearea, len);
}
Reported by FlawFinder.
drivers/soundwire/sysfs_slave.c
7 issues
Line: 75
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
char *buf) \
{ \
struct sdw_slave *slave = dev_to_sdw_dev(dev); \
return sprintf(buf, format_string, slave->prop.field); \
} \
static DEVICE_ATTR_RO(field)
sdw_slave_attr(mipi_revision, "0x%x\n");
sdw_slave_attr(wake_capable, "%d\n");
Reported by FlawFinder.
Line: 148
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
char *buf) \
{ \
struct sdw_slave *slave = dev_to_sdw_dev(dev); \
return sprintf(buf, format_string, slave->prop.dp0_prop->field);\
} \
static DEVICE_ATTR_RO(field)
sdw_dp0_attr(max_word, "%d\n");
sdw_dp0_attr(min_word, "%d\n");
Reported by FlawFinder.
Line: 237
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct sdw_slave *slave = dev_to_sdw_dev(dev);
return sprintf(buf, "%s\n", slave_status[slave->status]);
}
static DEVICE_ATTR_RO(status);
static ssize_t device_number_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 247
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sdw_slave *slave = dev_to_sdw_dev(dev);
if (slave->status == SDW_SLAVE_UNATTACHED)
return sprintf(buf, "%s", "N/A");
else
return sprintf(buf, "%d", slave->dev_num);
}
static DEVICE_ATTR_RO(device_number);
Reported by FlawFinder.
Line: 166
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int i;
for (i = 0; i < slave->prop.dp0_prop->num_words; i++)
size += sprintf(buf + size, "%d ",
slave->prop.dp0_prop->words[i]);
size += sprintf(buf + size, "\n");
return size;
}
Reported by FlawFinder.
Line: 249
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (slave->status == SDW_SLAVE_UNATTACHED)
return sprintf(buf, "%s", "N/A");
else
return sprintf(buf, "%d", slave->dev_num);
}
static DEVICE_ATTR_RO(device_number);
static struct attribute *slave_status_attrs[] = {
&dev_attr_status.attr,
Reported by FlawFinder.
Line: 168
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < slave->prop.dp0_prop->num_words; i++)
size += sprintf(buf + size, "%d ",
slave->prop.dp0_prop->words[i]);
size += sprintf(buf + size, "\n");
return size;
}
static DEVICE_ATTR_RO(words);
Reported by FlawFinder.
drivers/staging/wlan-ng/cfg80211.c
7 issues
Line: 97
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg.msgcode = DIDMSG_DOT11REQ_MIBSET;
mibitem->did = did;
mibitem->data.len = len;
memcpy(mibitem->data.data, data, len);
return p80211req_dorequest(wlandev, (u8 *)&msg);
}
/* The interface functions, called by the cfg80211 layer */
Reported by FlawFinder.
Line: 320
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (request->n_ssids > 0) {
msg1.scantype.data = P80211ENUM_scantype_active;
msg1.ssid.data.len = request->ssids->ssid_len;
memcpy(msg1.ssid.data.data,
request->ssids->ssid, request->ssids->ssid_len);
} else {
msg1.scantype.data = 0;
}
msg1.probedelay.data = 0;
Reported by FlawFinder.
Line: 361
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ie_buf[0] = WLAN_EID_SSID;
ie_buf[1] = msg2->ssid.data.len;
ie_len = ie_buf[1] + 2;
memcpy(&ie_buf[2], &msg2->ssid.data.data, msg2->ssid.data.len);
freq = ieee80211_channel_to_frequency(msg2->dschannel.data,
NL80211_BAND_2GHZ);
bss = cfg80211_inform_bss(wiphy,
ieee80211_get_channel(wiphy, freq),
CFG80211_BSS_FTYPE_UNKNOWN,
Reported by FlawFinder.
Line: 532
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
msg_join.msgcode = DIDMSG_LNXREQ_AUTOJOIN;
memcpy(msg_join.ssid.data.data, sme->ssid, length);
msg_join.ssid.data.len = length;
result = p80211req_dorequest(wlandev, (u8 *)&msg_join);
exit:
Reported by FlawFinder.
Line: 555
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Do a join, with a bogus ssid. Thats the only way I can think of */
msg_join.msgcode = DIDMSG_LNXREQ_AUTOJOIN;
memcpy(msg_join.ssid.data.data, "---", 3);
msg_join.ssid.data.len = 3;
result = p80211req_dorequest(wlandev, (u8 *)&msg_join);
if (result)
Reported by FlawFinder.
Line: 687
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
priv = wiphy_priv(wiphy);
priv->wlandev = wlandev;
memcpy(priv->channels, prism2_channels, sizeof(prism2_channels));
memcpy(priv->rates, prism2_rates, sizeof(prism2_rates));
priv->band.channels = priv->channels;
priv->band.n_channels = ARRAY_SIZE(prism2_channels);
priv->band.bitrates = priv->rates;
priv->band.n_bitrates = ARRAY_SIZE(prism2_rates);
Reported by FlawFinder.
Line: 688
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
priv = wiphy_priv(wiphy);
priv->wlandev = wlandev;
memcpy(priv->channels, prism2_channels, sizeof(prism2_channels));
memcpy(priv->rates, prism2_rates, sizeof(prism2_rates));
priv->band.channels = priv->channels;
priv->band.n_channels = ARRAY_SIZE(prism2_channels);
priv->band.bitrates = priv->rates;
priv->band.n_bitrates = ARRAY_SIZE(prism2_rates);
priv->band.band = NL80211_BAND_2GHZ;
Reported by FlawFinder.
drivers/staging/wfx/traces.h
7 issues
Line: 184
__entry->msg_type = __entry->msg_id & 0x80 ? "IND" : "CNF";
else
__entry->msg_type = "REQ";
if (!is_recv &&
(__entry->msg_id == HIF_REQ_ID_READ_MIB ||
__entry->msg_id == HIF_REQ_ID_WRITE_MIB)) {
__entry->mib = le16_to_cpup((__le16 *)hif->body);
header_len = 4;
} else {
Reported by Cppcheck.
Line: 184
__entry->msg_type = __entry->msg_id & 0x80 ? "IND" : "CNF";
else
__entry->msg_type = "REQ";
if (!is_recv &&
(__entry->msg_id == HIF_REQ_ID_READ_MIB ||
__entry->msg_id == HIF_REQ_ID_WRITE_MIB)) {
__entry->mib = le16_to_cpup((__le16 *)hif->body);
header_len = 4;
} else {
Reported by Cppcheck.
Line: 184
__entry->msg_type = __entry->msg_id & 0x80 ? "IND" : "CNF";
else
__entry->msg_type = "REQ";
if (!is_recv &&
(__entry->msg_id == HIF_REQ_ID_READ_MIB ||
__entry->msg_id == HIF_REQ_ID_WRITE_MIB)) {
__entry->mib = le16_to_cpup((__le16 *)hif->body);
header_len = 4;
} else {
Reported by Cppcheck.
Line: 184
__entry->msg_type = __entry->msg_id & 0x80 ? "IND" : "CNF";
else
__entry->msg_type = "REQ";
if (!is_recv &&
(__entry->msg_id == HIF_REQ_ID_READ_MIB ||
__entry->msg_id == HIF_REQ_ID_WRITE_MIB)) {
__entry->mib = le16_to_cpup((__le16 *)hif->body);
header_len = 4;
} else {
Reported by Cppcheck.
Line: 184
__entry->msg_type = __entry->msg_id & 0x80 ? "IND" : "CNF";
else
__entry->msg_type = "REQ";
if (!is_recv &&
(__entry->msg_id == HIF_REQ_ID_READ_MIB ||
__entry->msg_id == HIF_REQ_ID_WRITE_MIB)) {
__entry->mib = le16_to_cpup((__le16 *)hif->body);
header_len = 4;
} else {
Reported by Cppcheck.
Line: 196
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->buf_len = min_t(int, __entry->msg_len,
sizeof(__entry->buf))
- sizeof(struct hif_msg) - header_len;
memcpy(__entry->buf, hif->body + header_len, __entry->buf_len);
),
TP_printk("%d:%d:%s_%s%s%s: %s%s (%d bytes)",
__entry->tx_fill_level,
__entry->if_id,
__entry->msg_type,
Reported by FlawFinder.
Line: 255
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->msg_len = len;
__entry->buf_len = min_t(int, sizeof(__entry->buf),
__entry->msg_len);
memcpy(__entry->buf, io_buf, __entry->buf_len);
if (addr >= 0)
snprintf(__entry->addr_str, 10, "/%08x", addr);
else
__entry->addr_str[0] = 0;
),
Reported by FlawFinder.
drivers/staging/vt6655/rxtx.c
7 issues
Line: 1141
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uLength = cbHeaderLength + uPadding;
/* Copy the Packet into a tx Buffer */
memcpy((pbyBuffer + uLength), skb->data, skb->len);
ptdCurr = pHeadTD;
ptdCurr->td_info->req_count = (u16)cbReqCount;
Reported by FlawFinder.
Line: 1165
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (tx_key->cipher) {
case WLAN_CIPHER_SUITE_WEP40:
case WLAN_CIPHER_SUITE_WEP104:
memcpy(key_buffer, iv, 3);
memcpy(key_buffer + 3, tx_key->key, tx_key->keylen);
if (tx_key->keylen == WLAN_KEY_LEN_WEP40) {
memcpy(key_buffer + 8, iv, 3);
memcpy(key_buffer + 11,
Reported by FlawFinder.
Line: 1166
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case WLAN_CIPHER_SUITE_WEP40:
case WLAN_CIPHER_SUITE_WEP104:
memcpy(key_buffer, iv, 3);
memcpy(key_buffer + 3, tx_key->key, tx_key->keylen);
if (tx_key->keylen == WLAN_KEY_LEN_WEP40) {
memcpy(key_buffer + 8, iv, 3);
memcpy(key_buffer + 11,
tx_key->key, WLAN_KEY_LEN_WEP40);
Reported by FlawFinder.
Line: 1169
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(key_buffer + 3, tx_key->key, tx_key->keylen);
if (tx_key->keylen == WLAN_KEY_LEN_WEP40) {
memcpy(key_buffer + 8, iv, 3);
memcpy(key_buffer + 11,
tx_key->key, WLAN_KEY_LEN_WEP40);
}
break;
Reported by FlawFinder.
Line: 1170
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (tx_key->keylen == WLAN_KEY_LEN_WEP40) {
memcpy(key_buffer + 8, iv, 3);
memcpy(key_buffer + 11,
tx_key->key, WLAN_KEY_LEN_WEP40);
}
break;
case WLAN_CIPHER_SUITE_TKIP:
Reported by FlawFinder.
Line: 1213
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ieee80211_has_a4(hdr->frame_control))
ether_addr_copy(mic_hdr->addr4, hdr->addr4);
memcpy(key_buffer, tx_key->key, WLAN_KEY_LEN_CCMP);
break;
default:
break;
}
Reported by FlawFinder.
Line: 1408
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
short_head->fifo_ctl |= cpu_to_le16(FIFOCTL_GENINT);
/* Copy Beacon */
memcpy(mgmt_hdr, skb->data, skb->len);
/* time stamp always 0 */
mgmt_hdr->u.beacon.timestamp = 0;
info = IEEE80211_SKB_CB(skb);
Reported by FlawFinder.
drivers/staging/rts5208/ms.c
7 issues
Line: 1091
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_dbg(rtsx_dev(chip), "class_code = 0x%x, device_type = 0x%x, sub_class = 0x%x\n",
class_code, device_type, sub_class);
memcpy(ms_card->raw_sys_info, buf + sys_info_addr, 96);
#ifdef SUPPORT_PCGL_1P18
memcpy(ms_card->raw_model_name, buf + model_name_addr, 48);
#endif
kfree(buf);
Reported by FlawFinder.
Line: 1093
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ms_card->raw_sys_info, buf + sys_info_addr, 96);
#ifdef SUPPORT_PCGL_1P18
memcpy(ms_card->raw_model_name, buf + model_name_addr, 48);
#endif
kfree(buf);
#ifdef SUPPORT_MSXC
Reported by FlawFinder.
Line: 1326
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (buf && buf_len) {
if (buf_len > MS_EXTRA_SIZE)
buf_len = MS_EXTRA_SIZE;
memcpy(buf, data, buf_len);
}
return STATUS_SUCCESS;
}
Reported by FlawFinder.
Line: 1968
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return STATUS_FAIL;
ptr = rtsx_get_cmd_data(chip);
memcpy(ms_card->raw_sys_info, ptr, 96);
/* Read useful block contents */
rtsx_init_cmd(chip);
rtsx_add_cmd(chip, READ_REG_CMD, HEADER_ID0, 0, 0);
Reported by FlawFinder.
Line: 3925
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return STATUS_FAIL;
}
memcpy(ms_card->magic_gate_id, buf, 16);
#ifdef READ_BYTES_WAIT_INT
retval = ms_poll_int(chip);
if (retval != STATUS_SUCCESS) {
set_sense_type(chip, lun, SENSE_TYPE_MG_INCOMPATIBLE_MEDIUM);
Reported by FlawFinder.
Line: 4004
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf2[2] = 0x00;
buf2[3] = 0x00;
memcpy(buf2 + 4, ms_card->magic_gate_id, 16);
memcpy(buf2 + 20, buf1, 16);
bufflen = min_t(int, 36, scsi_bufflen(srb));
rtsx_stor_set_xfer_buf(buf2, bufflen, srb);
Reported by FlawFinder.
Line: 4005
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf2[3] = 0x00;
memcpy(buf2 + 4, ms_card->magic_gate_id, 16);
memcpy(buf2 + 20, buf1, 16);
bufflen = min_t(int, 36, scsi_bufflen(srb));
rtsx_stor_set_xfer_buf(buf2, bufflen, srb);
#ifdef READ_BYTES_WAIT_INT
Reported by FlawFinder.
drivers/usb/serial/mos7720.c
7 issues
Line: 60
Column: 9
CWE codes:
362
__u8 shadowLCR; /* last LCR value received */
__u8 shadowMCR; /* last MCR value received */
__u8 shadowMSR; /* last MSR value received */
char open;
struct usb_serial_port *port; /* loop back to the owner */
struct urb *write_urb_pool[NUM_URBS];
};
#define USB_VENDOR_ID_MOSCHIP 0x9710
Reported by FlawFinder.
Line: 816
Column: 20
CWE codes:
362
return ;
}
if (mos7720_port->open)
tty_port_tty_wakeup(&mos7720_port->port->port);
}
static int mos77xx_calc_num_ports(struct usb_serial *serial,
struct usb_serial_endpoints *epds)
Reported by FlawFinder.
Line: 1091
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
transfer_size = min(count, URB_TRANSFER_BUFFER_SIZE);
memcpy(urb->transfer_buffer, current_position, transfer_size);
usb_serial_debug_data(&port->dev, __func__, transfer_size,
urb->transfer_buffer);
/* fill urb with data and submit */
usb_fill_bulk_urb(urb, serial->dev,
Reported by FlawFinder.
Line: 1127
Column: 21
CWE codes:
362
if (mos7720_port == NULL)
return;
if (!mos7720_port->open) {
dev_dbg(&port->dev, "%s - port not opened\n", __func__);
return;
}
/* if we are implementing XON/XOFF, send the stop character */
Reported by FlawFinder.
Line: 1157
Column: 21
CWE codes:
362
if (mos7720_port == NULL)
return;
if (!mos7720_port->open) {
dev_dbg(&port->dev, "%s - port not opened\n", __func__);
return;
}
/* if we are implementing XON/XOFF, send the start character */
Reported by FlawFinder.
Line: 1378
Column: 21
CWE codes:
362
serial = port->serial;
port_number = port->port_number;
if (!mos7720_port->open) {
dev_dbg(&port->dev, "%s - port not opened\n", __func__);
return;
}
lData = UART_LCR_WLEN8;
Reported by FlawFinder.
Line: 1525
Column: 21
CWE codes:
362
if (mos7720_port == NULL)
return;
if (!mos7720_port->open) {
dev_dbg(&port->dev, "%s - port not opened\n", __func__);
return;
}
/* change the port settings to the new ones specified */
Reported by FlawFinder.