The following issues were found
tools/testing/selftests/net/msg_zerocopy.c
7 issues
Line: 711
Column: 14
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
cfg_payload_len = max_payload_len;
while ((c = getopt(argc, argv, "46c:C:D:i:mp:rs:S:t:vz")) != -1) {
switch (c) {
case '4':
if (cfg_family != PF_UNSPEC)
error(1, 0, "Pass one of -4 or -6");
cfg_family = PF_INET;
Reported by FlawFinder.
Line: 94
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct sockaddr_storage cfg_dst_addr;
static struct sockaddr_storage cfg_src_addr;
static char payload[IP_MAXPACKET];
static long packets, bytes, completions, expected_completions;
static int zerocopied = -1;
static uint32_t next_completion;
static unsigned long gettimeofday_ms(void)
Reported by FlawFinder.
Line: 180
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cm->cmsg_len = CMSG_LEN(sizeof(cookie));
cm->cmsg_level = SOL_RDS;
cm->cmsg_type = RDS_CMSG_ZCOPY_COOKIE;
memcpy(CMSG_DATA(cm), &cookie, sizeof(cookie));
}
static bool do_sendmsg(int fd, struct msghdr *msg, bool do_zerocopy, int domain)
{
int ret, len, i, flags;
Reported by FlawFinder.
Line: 187
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret, len, i, flags;
static uint32_t cookie;
char ckbuf[CMSG_SPACE(sizeof(cookie))];
len = 0;
for (i = 0; i < msg->msg_iovlen; i++)
len += msg->msg_iov[i].iov_len;
Reported by FlawFinder.
Line: 361
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool do_recvmsg_completion(int fd)
{
char cmsgbuf[CMSG_SPACE(sizeof(struct rds_zcopy_cookies))];
struct rds_zcopy_cookies *ck;
struct cmsghdr *cmsg;
struct msghdr msg;
bool ret = false;
Reported by FlawFinder.
Line: 399
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cmsghdr *cm;
uint32_t hi, lo, range;
int ret, zerocopy;
char control[100];
if (domain == PF_RDS)
return do_recvmsg_completion(fd);
msg.msg_control = control;
Reported by FlawFinder.
Line: 625
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void do_flush_datagram(int fd, int type)
{
int ret, off = 0;
char buf[64];
/* MSG_TRUNC will return full datagram length */
ret = recv(fd, buf, sizeof(buf), MSG_DONTWAIT | MSG_TRUNC);
if (ret == -1 && errno == EAGAIN)
return;
Reported by FlawFinder.
tools/testing/selftests/net/psock_tpacket.c
7 issues
Line: 375
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int rcv_sock, ret;
size_t packet_len;
union frame_map ppd;
char packet[1024];
unsigned int frame_num = 0, got = 0;
struct sockaddr_ll ll = {
.sll_family = PF_PACKET,
.sll_halen = ETH_ALEN,
};
Reported by FlawFinder.
Line: 430
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ppd.v1->tp_h.tp_snaplen = packet_len;
ppd.v1->tp_h.tp_len = packet_len;
memcpy((uint8_t *) ppd.raw + TPACKET_HDRLEN -
sizeof(struct sockaddr_ll), packet,
packet_len);
total_bytes += ppd.v1->tp_h.tp_snaplen;
break;
Reported by FlawFinder.
Line: 440
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ppd.v2->tp_h.tp_snaplen = packet_len;
ppd.v2->tp_h.tp_len = packet_len;
memcpy((uint8_t *) ppd.raw + TPACKET2_HDRLEN -
sizeof(struct sockaddr_ll), packet,
packet_len);
total_bytes += ppd.v2->tp_h.tp_snaplen;
break;
case TPACKET_V3: {
Reported by FlawFinder.
Line: 452
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tx->tp_len = packet_len;
tx->tp_next_offset = 0;
memcpy((uint8_t *)tx + TPACKET3_HDRLEN -
sizeof(struct sockaddr_ll), packet,
packet_len);
total_bytes += tx->tp_snaplen;
break;
}
Reported by FlawFinder.
Line: 759
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int test_kernel_bit_width(void)
{
char in[512], *ptr;
int num = 0, fd;
ssize_t ret;
fd = open("/proc/kallsyms", O_RDONLY);
if (fd == -1) {
Reported by FlawFinder.
Line: 763
Column: 7
CWE codes:
362
int num = 0, fd;
ssize_t ret;
fd = open("/proc/kallsyms", O_RDONLY);
if (fd == -1) {
perror("open");
exit(1);
}
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/mvm/tx.c
7 issues
Line: 415
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
((keyconf->keyidx << TX_CMD_SEC_WEP_KEY_IDX_POS) &
TX_CMD_SEC_WEP_KEY_IDX_MSK);
memcpy(&tx_cmd->key[3], keyconf->key, keyconf->keylen);
break;
case WLAN_CIPHER_SUITE_GCMP:
case WLAN_CIPHER_SUITE_GCMP_256:
type = TX_CMD_SEC_GCMP;
fallthrough;
Reported by FlawFinder.
Line: 504
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->len = cpu_to_le16((u16)skb->len);
/* Copy MAC header from skb into command buffer */
memcpy(cmd->hdr, hdr, hdrlen);
cmd->flags = cpu_to_le16(flags);
cmd->rate_n_flags = cpu_to_le32(rate_n_flags);
} else {
struct iwl_tx_cmd_gen2 *cmd = (void *)dev_cmd->payload;
Reported by FlawFinder.
Line: 517
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->len = cpu_to_le16((u16)skb->len);
/* Copy MAC header from skb into command buffer */
memcpy(cmd->hdr, hdr, hdrlen);
cmd->flags = cpu_to_le32(flags);
cmd->rate_n_flags = cpu_to_le32(rate_n_flags);
}
goto out;
Reported by FlawFinder.
Line: 535
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iwl_mvm_set_tx_cmd_rate(mvm, tx_cmd, info, sta, hdr->frame_control);
/* Copy MAC header from skb into command buffer */
memcpy(tx_cmd->hdr, hdr, hdrlen);
out:
return dev_cmd;
}
Reported by FlawFinder.
Line: 650
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*pos++ = WLAN_OUI_WFA & 0xff;
*pos++ = WLAN_OUI_TYPE_WFA_P2P;
memcpy(pos, &resp_data->notif.noa_attr,
resp_data->noa_len - sizeof(struct ieee80211_vendor_ie));
out:
rcu_read_unlock();
}
Reported by FlawFinder.
Line: 770
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct sk_buff *tmp, *next;
struct ieee80211_hdr *hdr = (void *)skb->data;
char cb[sizeof(skb->cb)];
u16 i = 0;
unsigned int tcp_payload_len;
unsigned int mss = skb_shinfo(skb)->gso_size;
bool ipv4 = (skb->protocol == htons(ETH_P_IP));
bool qos = ieee80211_is_data_qos(hdr->frame_control);
Reported by FlawFinder.
Line: 1836
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* put the rate scaling data there */
if (freed == 1) {
info->flags |= IEEE80211_TX_STAT_AMPDU;
memcpy(&info->status, &tx_info->status,
sizeof(tx_info->status));
iwl_mvm_hwrate_to_tx_status(rate, info);
}
}
Reported by FlawFinder.
drivers/net/ethernet/hisilicon/hns/hns_ethtool.c
7 issues
Line: 436
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
} else {
ndev->stats.rx_frame_errors++;
for (i = 0; i < skb->len; i++) {
snprintf(buff + i % 16 * 2, 3, /* tailing \0*/
"%02x", *(skb->data + i));
if ((i % 16 == 15) || (i == skb->len - 1))
pr_info("%s\n", buff);
}
}
Reported by FlawFinder.
Line: 381
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int frame_size;
int check_ok;
u32 i;
char buff[33]; /* 32B data and the last character '\0' */
if (!ring_data) { /* Just for doing create frame*/
ndev = skb->dev;
priv = netdev_priv(ndev);
Reported by FlawFinder.
Line: 391
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(skb->data, 0xFF, frame_size);
if ((!AE_IS_VER1(priv->enet_ver)) &&
(priv->ae_handle->port_type == HNAE_PORT_SERVICE)) {
memcpy(skb->data, ndev->dev_addr, 6);
skb->data[5] += 0x1f;
}
frame_size &= ~1ul;
memset(&skb->data[frame_size / 2], 0xAA, frame_size / 2 - 1);
Reported by FlawFinder.
Line: 647
Column: 2
CWE codes:
120
{
struct hns_nic_priv *priv = netdev_priv(net_dev);
strncpy(drvinfo->version, HNAE_DRIVER_VERSION,
sizeof(drvinfo->version));
drvinfo->version[sizeof(drvinfo->version) - 1] = '\0';
strncpy(drvinfo->driver, HNAE_DRIVER_NAME, sizeof(drvinfo->driver));
drvinfo->driver[sizeof(drvinfo->driver) - 1] = '\0';
Reported by FlawFinder.
Line: 651
Column: 2
CWE codes:
120
sizeof(drvinfo->version));
drvinfo->version[sizeof(drvinfo->version) - 1] = '\0';
strncpy(drvinfo->driver, HNAE_DRIVER_NAME, sizeof(drvinfo->driver));
drvinfo->driver[sizeof(drvinfo->driver) - 1] = '\0';
strncpy(drvinfo->bus_info, priv->dev->bus->name,
sizeof(drvinfo->bus_info));
drvinfo->bus_info[ETHTOOL_BUSINFO_LEN - 1] = '\0';
Reported by FlawFinder.
Line: 654
Column: 2
CWE codes:
120
strncpy(drvinfo->driver, HNAE_DRIVER_NAME, sizeof(drvinfo->driver));
drvinfo->driver[sizeof(drvinfo->driver) - 1] = '\0';
strncpy(drvinfo->bus_info, priv->dev->bus->name,
sizeof(drvinfo->bus_info));
drvinfo->bus_info[ETHTOOL_BUSINFO_LEN - 1] = '\0';
strncpy(drvinfo->fw_version, "N/A", ETHTOOL_FWVERS_LEN);
drvinfo->eedump_len = 0;
Reported by FlawFinder.
Line: 658
Column: 2
CWE codes:
120
sizeof(drvinfo->bus_info));
drvinfo->bus_info[ETHTOOL_BUSINFO_LEN - 1] = '\0';
strncpy(drvinfo->fw_version, "N/A", ETHTOOL_FWVERS_LEN);
drvinfo->eedump_len = 0;
}
/**
* hns_get_ringparam - get ring parameter
Reported by FlawFinder.
drivers/net/ethernet/intel/i40e/i40e_ddp.c
7 issues
Line: 444
Column: 3
CWE codes:
120
Suggestion:
Consider strcat_s, strlcat, snprintf, or automatically resizing strings
profile_name[sizeof(profile_name) - 1] = 0;
strncpy(profile_name, I40E_DDP_PROFILE_PATH,
sizeof(profile_name) - 1);
strncat(profile_name, flash->data, I40E_DDP_PROFILE_NAME_MAX);
/* Load DDP recipe. */
status = request_firmware(&ddp_config, profile_name,
&netdev->dev);
if (status) {
netdev_err(netdev, "DDP recipe file request failed.");
Reported by FlawFinder.
Line: 144
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Clear reserved field */
memset(pinfo->reserved, 0, sizeof(pinfo->reserved));
memcpy(pinfo->name, profile->name, I40E_DDP_NAME_SIZE);
status = i40e_aq_write_ddp(hw, (void *)sec, sec->data_end,
track_id, &offset, &info, NULL);
return status;
}
Reported by FlawFinder.
Line: 184
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Clear reserved field */
memset(pinfo->reserved, 0, sizeof(pinfo->reserved));
memcpy(pinfo->name, profile->name, I40E_DDP_NAME_SIZE);
status = i40e_aq_write_ddp(hw, (void *)sec, sec->data_end,
track_id, &offset, &info, NULL);
return status;
}
Reported by FlawFinder.
Line: 313
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
pinfo.op = I40E_DDP_REMOVE_TRACKID;
memcpy(pinfo.name, profile_hdr->name, I40E_DDP_NAME_SIZE);
/* Check if profile data already exists*/
istatus = i40e_ddp_does_profile_exist(&pf->hw, &pinfo);
if (istatus < 0) {
netdev_err(netdev, "Failed to fetch loaded profiles.");
Reported by FlawFinder.
Line: 438
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
if (strncmp(flash->data, "-", 2) != 0) {
struct i40e_ddp_old_profile_list *list_entry;
char profile_name[sizeof(I40E_DDP_PROFILE_PATH)
+ I40E_DDP_PROFILE_NAME_MAX];
profile_name[sizeof(profile_name) - 1] = 0;
strncpy(profile_name, I40E_DDP_PROFILE_PATH,
sizeof(profile_name) - 1);
Reported by FlawFinder.
Line: 464
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
netdev_info(netdev, "Failed to allocate memory for previous DDP profile data.");
netdev_info(netdev, "New profile loaded but roll-back will be impossible.");
} else {
memcpy(list_entry->old_ddp_buf,
ddp_config->data, ddp_config->size);
list_entry->old_ddp_size = ddp_config->size;
list_add(&list_entry->list, &pf->ddp_old_prof);
}
}
Reported by FlawFinder.
Line: 442
Column: 3
CWE codes:
120
+ I40E_DDP_PROFILE_NAME_MAX];
profile_name[sizeof(profile_name) - 1] = 0;
strncpy(profile_name, I40E_DDP_PROFILE_PATH,
sizeof(profile_name) - 1);
strncat(profile_name, flash->data, I40E_DDP_PROFILE_NAME_MAX);
/* Load DDP recipe. */
status = request_firmware(&ddp_config, profile_name,
&netdev->dev);
Reported by FlawFinder.
drivers/net/ethernet/intel/i40e/i40e_debugfs.c
7 issues
Line: 60
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* setup, adding or removing filters, or other things. Many of
* these will be useful for some forms of unit testing.
**************************************************************/
static char i40e_dbg_command_buf[256] = "";
/**
* i40e_dbg_command_read - read for command datum
* @filp: the opened file
* @buffer: where to write the data for the user to read
Reported by FlawFinder.
Line: 497
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct i40e_adminq_ring *ring;
struct i40e_hw *hw = &pf->hw;
char hdr[32];
int i;
snprintf(hdr, sizeof(hdr), "%s %s: ",
dev_driver_string(&pf->pdev->dev),
dev_name(&pf->pdev->dev));
Reported by FlawFinder.
Line: 1641
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* The netdev_ops entry in debugfs is for giving the driver commands
* to be executed from the netdev operations.
**************************************************************/
static char i40e_dbg_netdev_ops_buf[256] = "";
/**
* i40e_dbg_netdev_ops_read - read for netdev_ops datum
* @filp: the opened file
* @buffer: where to write the data for the user to read
Reported by FlawFinder.
Line: 611
Column: 15
CWE codes:
120
20
rxd = I40E_RX_DESC(ring, i);
dev_info(&pf->pdev->dev,
" d[%03x] = 0x%016llx 0x%016llx\n",
i, rxd->read.pkt_addr,
rxd->read.hdr_addr);
}
}
} else if (cnt == 3) {
if (desc_n >= ring->count || desc_n < 0) {
Reported by FlawFinder.
Line: 612
Column: 12
CWE codes:
120
20
dev_info(&pf->pdev->dev,
" d[%03x] = 0x%016llx 0x%016llx\n",
i, rxd->read.pkt_addr,
rxd->read.hdr_addr);
}
}
} else if (cnt == 3) {
if (desc_n >= ring->count || desc_n < 0) {
dev_info(&pf->pdev->dev,
Reported by FlawFinder.
Line: 632
Column: 11
CWE codes:
120
20
dev_info(&pf->pdev->dev,
"vsi = %02i rx ring = %02i d[%03x] = 0x%016llx 0x%016llx\n",
vsi_seid, ring_id, desc_n,
rxd->read.pkt_addr, rxd->read.hdr_addr);
}
} else {
dev_info(&pf->pdev->dev, "dump desc rx/tx/xdp <vsi_seid> <ring_id> [<desc_n>]\n");
}
Reported by FlawFinder.
Line: 632
Column: 31
CWE codes:
120
20
dev_info(&pf->pdev->dev,
"vsi = %02i rx ring = %02i d[%03x] = 0x%016llx 0x%016llx\n",
vsi_seid, ring_id, desc_n,
rxd->read.pkt_addr, rxd->read.hdr_addr);
}
} else {
dev_info(&pf->pdev->dev, "dump desc rx/tx/xdp <vsi_seid> <ring_id> [<desc_n>]\n");
}
Reported by FlawFinder.
drivers/net/ethernet/intel/igbvf/ethtool.c
7 issues
Line: 16
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/if_vlan.h>
struct igbvf_stats {
char stat_string[ETH_GSTRING_LEN];
int sizeof_stat;
int stat_offset;
int base_stat_offset;
};
Reported by FlawFinder.
Line: 237
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* to the Tx and Rx ring structs.
*/
if (new_tx_count != adapter->tx_ring->count) {
memcpy(temp_ring, adapter->tx_ring, sizeof(struct igbvf_ring));
temp_ring->count = new_tx_count;
err = igbvf_setup_tx_resources(adapter, temp_ring);
if (err)
goto err_setup;
Reported by FlawFinder.
Line: 246
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
igbvf_free_tx_resources(adapter->tx_ring);
memcpy(adapter->tx_ring, temp_ring, sizeof(struct igbvf_ring));
}
if (new_rx_count != adapter->rx_ring->count) {
memcpy(temp_ring, adapter->rx_ring, sizeof(struct igbvf_ring));
Reported by FlawFinder.
Line: 250
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (new_rx_count != adapter->rx_ring->count) {
memcpy(temp_ring, adapter->rx_ring, sizeof(struct igbvf_ring));
temp_ring->count = new_rx_count;
err = igbvf_setup_rx_resources(adapter, temp_ring);
if (err)
goto err_setup;
Reported by FlawFinder.
Line: 259
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
igbvf_free_rx_resources(adapter->rx_ring);
memcpy(adapter->rx_ring, temp_ring, sizeof(struct igbvf_ring));
}
err_setup:
igbvf_up(adapter);
vfree(temp_ring);
clear_reset:
Reported by FlawFinder.
Line: 412
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (stringset) {
case ETH_SS_TEST:
memcpy(data, *igbvf_gstrings_test, sizeof(igbvf_gstrings_test));
break;
case ETH_SS_STATS:
for (i = 0; i < IGBVF_GLOBAL_STATS_LEN; i++) {
memcpy(p, igbvf_gstrings_stats[i].stat_string,
ETH_GSTRING_LEN);
Reported by FlawFinder.
Line: 416
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case ETH_SS_STATS:
for (i = 0; i < IGBVF_GLOBAL_STATS_LEN; i++) {
memcpy(p, igbvf_gstrings_stats[i].stat_string,
ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
break;
}
Reported by FlawFinder.
drivers/net/ethernet/intel/ixgbevf/ipsec.c
7 issues
Line: 34
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sam->family = xs->props.family;
if (xs->props.family == AF_INET6)
memcpy(sam->addr, &xs->id.daddr.a6, sizeof(xs->id.daddr.a6));
else
memcpy(sam->addr, &xs->id.daddr.a4, sizeof(xs->id.daddr.a4));
memcpy(sam->key, xs->aead->alg_key, sizeof(sam->key));
msgbuf[0] = IXGBE_VF_IPSEC_ADD;
Reported by FlawFinder.
Line: 36
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (xs->props.family == AF_INET6)
memcpy(sam->addr, &xs->id.daddr.a6, sizeof(xs->id.daddr.a6));
else
memcpy(sam->addr, &xs->id.daddr.a4, sizeof(xs->id.daddr.a4));
memcpy(sam->key, xs->aead->alg_key, sizeof(sam->key));
msgbuf[0] = IXGBE_VF_IPSEC_ADD;
spin_lock_bh(&adapter->mbx_lock);
Reported by FlawFinder.
Line: 252
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
netdev_err(dev, "IPsec hw offload only supports keys up to 128 bits with a 32 bit salt\n");
return -EINVAL;
}
memcpy(mykey, key_data, 16);
return 0;
}
/**
Reported by FlawFinder.
Line: 315
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* get ip for rx sa table */
if (xs->props.family == AF_INET6)
memcpy(rsa.ipaddr, &xs->id.daddr.a6, 16);
else
memcpy(&rsa.ipaddr[3], &xs->id.daddr.a4, 4);
rsa.mode = IXGBE_RXMOD_VALID;
if (rsa.xs->id.proto & IPPROTO_ESP)
Reported by FlawFinder.
Line: 317
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (xs->props.family == AF_INET6)
memcpy(rsa.ipaddr, &xs->id.daddr.a6, 16);
else
memcpy(&rsa.ipaddr[3], &xs->id.daddr.a4, 4);
rsa.mode = IXGBE_RXMOD_VALID;
if (rsa.xs->id.proto & IPPROTO_ESP)
rsa.mode |= IXGBE_RXMOD_PROTO_ESP;
if (rsa.decrypt)
Reported by FlawFinder.
Line: 333
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rsa.pfsa = ret;
/* the preparations worked, so save the info */
memcpy(&ipsec->rx_tbl[sa_idx], &rsa, sizeof(rsa));
xs->xso.offload_handle = sa_idx + IXGBE_IPSEC_BASE_RX_INDEX;
ipsec->num_rx_sa++;
Reported by FlawFinder.
Line: 373
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tsa.pfsa = ret;
/* the preparations worked, so save the info */
memcpy(&ipsec->tx_tbl[sa_idx], &tsa, sizeof(tsa));
xs->xso.offload_handle = sa_idx + IXGBE_IPSEC_BASE_TX_INDEX;
ipsec->num_tx_sa++;
}
Reported by FlawFinder.
drivers/net/ethernet/marvell/mvneta.c
7 issues
Line: 361
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mvneta_statistic {
unsigned short offset;
unsigned short type;
const char name[ETH_GSTRING_LEN];
};
#define T_REG_32 32
#define T_REG_64 64
#define T_SW 1
Reported by FlawFinder.
Line: 2312
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sinfo = xdp_get_shared_info_from_buff(xdp);
sinfo->nr_frags = xdp_sinfo->nr_frags;
memcpy(sinfo->frags, xdp_sinfo->frags,
sinfo->nr_frags * sizeof(skb_frag_t));
}
*size -= len;
}
Reported by FlawFinder.
Line: 4610
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
for (i = 0; i < ARRAY_SIZE(mvneta_statistics); i++)
memcpy(data + i * ETH_GSTRING_LEN,
mvneta_statistics[i].name, ETH_GSTRING_LEN);
}
}
static void
Reported by FlawFinder.
Line: 4836
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!indir)
return 0;
memcpy(pp->indir, indir, MVNETA_RSS_LU_TABLE_SIZE);
return mvneta_config_rss(pp);
}
static int mvneta_ethtool_get_rxfh(struct net_device *dev, u32 *indir, u8 *key,
Reported by FlawFinder.
Line: 4856
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!indir)
return 0;
memcpy(indir, pp->indir, MVNETA_RSS_LU_TABLE_SIZE);
return 0;
}
static void mvneta_ethtool_get_wol(struct net_device *dev,
Reported by FlawFinder.
Line: 5140
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct net_device *dev;
struct phylink *phylink;
struct phy *comphy;
char hw_mac_addr[ETH_ALEN];
phy_interface_t phy_mode;
const char *mac_from;
int tx_csum_limit;
int err;
int cpu;
Reported by FlawFinder.
Line: 5242
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mvneta_get_mac_addr(pp, hw_mac_addr);
if (is_valid_ether_addr(hw_mac_addr)) {
mac_from = "hardware";
memcpy(dev->dev_addr, hw_mac_addr, ETH_ALEN);
} else {
mac_from = "random";
eth_hw_addr_random(dev);
}
}
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx4/mr.c
7 issues
Line: 407
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int mlx4_mr_hw_change_access(struct mlx4_dev *dev,
struct mlx4_mpt_entry *mpt_entry,
u32 access)
{
u32 flags = (be32_to_cpu(mpt_entry->flags) & ~MLX4_PERM_MASK) |
(access & MLX4_PERM_MASK);
mpt_entry->flags = cpu_to_be32(flags);
Reported by FlawFinder.
Line: 410
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
u32 access)
{
u32 flags = (be32_to_cpu(mpt_entry->flags) & ~MLX4_PERM_MASK) |
(access & MLX4_PERM_MASK);
mpt_entry->flags = cpu_to_be32(flags);
return 0;
}
EXPORT_SYMBOL_GPL(mlx4_mr_hw_change_access);
Reported by FlawFinder.
Line: 418
Column: 31
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
EXPORT_SYMBOL_GPL(mlx4_mr_hw_change_access);
static int mlx4_mr_alloc_reserved(struct mlx4_dev *dev, u32 mridx, u32 pd,
u64 iova, u64 size, u32 access, int npages,
int page_shift, struct mlx4_mr *mr)
{
mr->iova = iova;
mr->size = size;
mr->pd = pd;
Reported by FlawFinder.
Line: 424
Column: 19
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
mr->iova = iova;
mr->size = size;
mr->pd = pd;
mr->access = access;
mr->enabled = MLX4_MPT_DISABLED;
mr->key = hw_index_to_key(mridx);
return mlx4_mtt_init(dev, npages, page_shift, &mr->mtt);
}
Reported by FlawFinder.
Line: 527
Column: 73
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return __mlx4_mpt_free_icm(dev, index);
}
int mlx4_mr_alloc(struct mlx4_dev *dev, u32 pd, u64 iova, u64 size, u32 access,
int npages, int page_shift, struct mlx4_mr *mr)
{
u32 index;
int err;
Reported by FlawFinder.
Line: 538
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return -ENOMEM;
err = mlx4_mr_alloc_reserved(dev, index, pd, iova, size,
access, npages, page_shift, mr);
if (err)
mlx4_mpt_release(dev, index);
return err;
}
Reported by FlawFinder.
Line: 645
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
mpt_entry = mailbox->buf;
mpt_entry->flags = cpu_to_be32(MLX4_MPT_FLAG_MIO |
MLX4_MPT_FLAG_REGION |
mr->access);
mpt_entry->key = cpu_to_be32(key_to_hw_index(mr->key));
mpt_entry->pd_flags = cpu_to_be32(mr->pd | MLX4_MPT_PD_FLAG_EN_INV);
mpt_entry->start = cpu_to_be64(mr->iova);
mpt_entry->length = cpu_to_be64(mr->size);
Reported by FlawFinder.