The following issues were found
drivers/net/ethernet/sfc/siena.c
7 issues
Line: 355
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* siena_rx_push_rss_config, below)
*/
efx_reado(efx, &temp, FR_CZ_RX_RSS_IPV6_REG1);
memcpy(efx->rss_context.rx_hash_key, &temp, sizeof(temp));
efx_reado(efx, &temp, FR_CZ_RX_RSS_IPV6_REG2);
memcpy(efx->rss_context.rx_hash_key + sizeof(temp), &temp, sizeof(temp));
efx_reado(efx, &temp, FR_CZ_RX_RSS_IPV6_REG3);
memcpy(efx->rss_context.rx_hash_key + 2 * sizeof(temp), &temp,
FRF_CZ_RX_RSS_IPV6_TKEY_HI_WIDTH / 8);
Reported by FlawFinder.
Line: 357
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
efx_reado(efx, &temp, FR_CZ_RX_RSS_IPV6_REG1);
memcpy(efx->rss_context.rx_hash_key, &temp, sizeof(temp));
efx_reado(efx, &temp, FR_CZ_RX_RSS_IPV6_REG2);
memcpy(efx->rss_context.rx_hash_key + sizeof(temp), &temp, sizeof(temp));
efx_reado(efx, &temp, FR_CZ_RX_RSS_IPV6_REG3);
memcpy(efx->rss_context.rx_hash_key + 2 * sizeof(temp), &temp,
FRF_CZ_RX_RSS_IPV6_TKEY_HI_WIDTH / 8);
efx_farch_rx_pull_indir_table(efx);
return 0;
Reported by FlawFinder.
Line: 359
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
efx_reado(efx, &temp, FR_CZ_RX_RSS_IPV6_REG2);
memcpy(efx->rss_context.rx_hash_key + sizeof(temp), &temp, sizeof(temp));
efx_reado(efx, &temp, FR_CZ_RX_RSS_IPV6_REG3);
memcpy(efx->rss_context.rx_hash_key + 2 * sizeof(temp), &temp,
FRF_CZ_RX_RSS_IPV6_TKEY_HI_WIDTH / 8);
efx_farch_rx_pull_indir_table(efx);
return 0;
}
Reported by FlawFinder.
Line: 372
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Set hash key for IPv4 */
if (key)
memcpy(efx->rss_context.rx_hash_key, key, sizeof(temp));
memcpy(&temp, efx->rss_context.rx_hash_key, sizeof(temp));
efx_writeo(efx, &temp, FR_BZ_RX_RSS_TKEY);
/* Enable IPv6 RSS */
BUILD_BUG_ON(sizeof(efx->rss_context.rx_hash_key) <
Reported by FlawFinder.
Line: 386
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
efx_writeo(efx, &temp, FR_CZ_RX_RSS_IPV6_REG2);
EFX_POPULATE_OWORD_2(temp, FRF_CZ_RX_RSS_IPV6_THASH_ENABLE, 1,
FRF_CZ_RX_RSS_IPV6_IP_THASH_ENABLE, 1);
memcpy(&temp, efx->rss_context.rx_hash_key + 2 * sizeof(temp),
FRF_CZ_RX_RSS_IPV6_TKEY_HI_WIDTH / 8);
efx_writeo(efx, &temp, FR_CZ_RX_RSS_IPV6_REG3);
memcpy(efx->rss_context.rx_indir_table, rx_indir_table,
sizeof(efx->rss_context.rx_indir_table));
Reported by FlawFinder.
Line: 605
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (full_stats)
memcpy(full_stats, stats, sizeof(u64) * SIENA_STAT_COUNT);
if (core_stats) {
core_stats->rx_packets = stats[SIENA_STAT_rx_packets];
core_stats->tx_packets = stats[SIENA_STAT_tx_packets];
core_stats->rx_bytes = stats[SIENA_STAT_rx_bytes];
Reported by FlawFinder.
Line: 654
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rc != 0)
return rc;
memcpy(MCDI_PTR(inbuf, SET_MCAST_HASH_IN_HASH0),
efx->multicast_hash.byte, sizeof(efx->multicast_hash));
return efx_mcdi_rpc(efx, MC_CMD_SET_MCAST_HASH,
inbuf, sizeof(inbuf), NULL, 0, NULL);
}
Reported by FlawFinder.
drivers/net/ethernet/smsc/smsc911x.c
7 issues
Line: 120
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef USE_PHY_WORK_AROUND
#define MIN_PACKET_SIZE (64)
char loopback_tx_pkt[MIN_PACKET_SIZE];
char loopback_rx_pkt[MIN_PACKET_SIZE];
unsigned int resetcount;
#endif
/* Members for Multicast filter workaround */
Reported by FlawFinder.
Line: 121
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef USE_PHY_WORK_AROUND
#define MIN_PACKET_SIZE (64)
char loopback_tx_pkt[MIN_PACKET_SIZE];
char loopback_rx_pkt[MIN_PACKET_SIZE];
unsigned int resetcount;
#endif
/* Members for Multicast filter workaround */
unsigned int multicast_update_pending;
Reported by FlawFinder.
Line: 1284
Column: 35
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Returns hash bit number for given MAC address
* Example:
* 01 00 5E 00 00 01 -> returns bit number 31 */
static unsigned int smsc911x_hash(char addr[ETH_ALEN])
{
return (ether_crc(ETH_ALEN, addr) >> 26) & 0x3f;
}
static void smsc911x_rx_multicast_update(struct smsc911x_data *pdata)
Reported by FlawFinder.
Line: 1942
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(addr->sa_data))
return -EADDRNOTAVAIL;
memcpy(dev->dev_addr, addr->sa_data, ETH_ALEN);
spin_lock_irq(&pdata->mac_lock);
smsc911x_set_hw_mac_address(pdata, dev->dev_addr);
spin_unlock_irq(&pdata->mac_lock);
Reported by FlawFinder.
Line: 2107
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(data, &eeprom_data[eeprom->offset], len);
eeprom->len = len;
return 0;
}
static int smsc911x_ethtool_set_eeprom(struct net_device *dev,
Reported by FlawFinder.
Line: 2528
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SMSC_TRACE(pdata, probe,
"MAC Address is specified by configuration");
} else if (is_valid_ether_addr(pdata->config.mac)) {
memcpy(dev->dev_addr, pdata->config.mac, ETH_ALEN);
SMSC_TRACE(pdata, probe,
"MAC Address specified by platform data");
} else {
/* Try reading mac address from device. if EEPROM is present
* it will already have been set */
Reported by FlawFinder.
Line: 801
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
break;
}
}
if (!mismatch) {
SMSC_TRACE(pdata, hw, "Successfully verified "
"loopback packet");
return 0;
} else {
SMSC_WARN(pdata, hw, "Data mismatch "
Reported by FlawFinder.
drivers/net/ethernet/ti/cpmac.c
7 issues
Line: 1117
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
priv->msg_enable = netif_msg_init(debug_level, 0xff);
memcpy(dev->dev_addr, pdata->dev_addr, sizeof(pdata->dev_addr));
snprintf(priv->phy_name, MII_BUS_ID_SIZE, PHY_ID_FMT,
mdio_bus_id, phy_id);
phydev = phy_connect(dev, priv->phy_name, cpmac_adjust_link,
PHY_INTERFACE_MODE_MII);
Reported by FlawFinder.
Line: 196
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
dma_addr_t dma_ring;
void __iomem *regs;
struct mii_bus *mii_bus;
char phy_name[MII_BUS_ID_SIZE + 3];
int oldlink, oldspeed, oldduplex;
u32 msg_enable;
struct net_device *dev;
struct work_struct reset_work;
struct platform_device *pdev;
Reported by FlawFinder.
Line: 1057
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int cpmac_probe(struct platform_device *pdev)
{
int rc, phy_id;
char mdio_bus_id[MII_BUS_ID_SIZE];
struct resource *mem;
struct cpmac_priv *priv;
struct net_device *dev;
struct plat_cpmac_data *pdata;
struct phy_device *phydev = NULL;
Reported by FlawFinder.
Line: 1115
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
priv->dev = dev;
priv->ring_size = 64;
priv->msg_enable = netif_msg_init(debug_level, 0xff);
memcpy(dev->dev_addr, pdata->dev_addr, sizeof(pdata->dev_addr));
snprintf(priv->phy_name, MII_BUS_ID_SIZE, PHY_ID_FMT,
mdio_bus_id, phy_id);
phydev = phy_connect(dev, priv->phy_name, cpmac_adjust_link,
Reported by FlawFinder.
Line: 1067
Column: 3
CWE codes:
120
pdata = dev_get_platdata(&pdev->dev);
if (external_switch || dumb_switch) {
strncpy(mdio_bus_id, "fixed-0", MII_BUS_ID_SIZE); /* fixed phys bus */
phy_id = pdev->id;
} else {
for (phy_id = 0; phy_id < PHY_MAX_ADDR; phy_id++) {
if (!(pdata->phy_mask & (1 << phy_id)))
continue;
Reported by FlawFinder.
Line: 1075
Column: 4
CWE codes:
120
continue;
if (!mdiobus_get_phy(cpmac_mii, phy_id))
continue;
strncpy(mdio_bus_id, cpmac_mii->id, MII_BUS_ID_SIZE);
break;
}
}
if (phy_id == PHY_MAX_ADDR) {
Reported by FlawFinder.
Line: 1083
Column: 3
CWE codes:
120
if (phy_id == PHY_MAX_ADDR) {
dev_err(&pdev->dev, "no PHY present, falling back "
"to switch on MDIO bus 0\n");
strncpy(mdio_bus_id, "fixed-0", MII_BUS_ID_SIZE); /* fixed phys bus */
phy_id = pdev->id;
}
mdio_bus_id[sizeof(mdio_bus_id) - 1] = '\0';
dev = alloc_etherdev_mq(sizeof(*priv), CPMAC_QUEUES);
Reported by FlawFinder.
drivers/net/ethernet/ti/cpsw.c
7 issues
Line: 1353
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
ret = -EINVAL;
goto err_node_put;
}
snprintf(slave_data->phy_id, sizeof(slave_data->phy_id),
PHY_ID_FMT, mdio->name, phyid);
put_device(&mdio->dev);
} else {
dev_err(&pdev->dev,
"No slave[%d] phy_id, phy-handle, or fixed-link property\n",
Reported by FlawFinder.
Line: 987
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cpsw_ale_add_ucast(cpsw->ale, addr->sa_data, HOST_PORT_NUM,
flags, vid);
memcpy(priv->mac_addr, addr->sa_data, ETH_ALEN);
memcpy(ndev->dev_addr, priv->mac_addr, ETH_ALEN);
for_each_slave(priv, cpsw_set_slave_mac, priv);
pm_runtime_put(cpsw->dev);
Reported by FlawFinder.
Line: 988
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
flags, vid);
memcpy(priv->mac_addr, addr->sa_data, ETH_ALEN);
memcpy(ndev->dev_addr, priv->mac_addr, ETH_ALEN);
for_each_slave(priv, cpsw_set_slave_mac, priv);
pm_runtime_put(cpsw->dev);
return 0;
Reported by FlawFinder.
Line: 1454
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
priv_sl2->msg_enable = netif_msg_init(debug_level, CPSW_DEBUG);
if (is_valid_ether_addr(data->slave_data[1].mac_addr)) {
memcpy(priv_sl2->mac_addr, data->slave_data[1].mac_addr,
ETH_ALEN);
dev_info(cpsw->dev, "cpsw: Detected MACID = %pM\n",
priv_sl2->mac_addr);
} else {
eth_random_addr(priv_sl2->mac_addr);
Reported by FlawFinder.
Line: 1463
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_info(cpsw->dev, "cpsw: Random MACID = %pM\n",
priv_sl2->mac_addr);
}
memcpy(ndev->dev_addr, priv_sl2->mac_addr, ETH_ALEN);
priv_sl2->emac_port = 1;
cpsw->slaves[1].ndev = ndev;
ndev->features |= NETIF_F_HW_VLAN_CTAG_FILTER | NETIF_F_HW_VLAN_CTAG_RX;
Reported by FlawFinder.
Line: 1635
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
priv->emac_port = 0;
if (is_valid_ether_addr(data->slave_data[0].mac_addr)) {
memcpy(priv->mac_addr, data->slave_data[0].mac_addr, ETH_ALEN);
dev_info(dev, "Detected MACID = %pM\n", priv->mac_addr);
} else {
eth_random_addr(priv->mac_addr);
dev_info(dev, "Random MACID = %pM\n", priv->mac_addr);
}
Reported by FlawFinder.
Line: 1642
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_info(dev, "Random MACID = %pM\n", priv->mac_addr);
}
memcpy(ndev->dev_addr, priv->mac_addr, ETH_ALEN);
cpsw->slaves[0].ndev = ndev;
ndev->features |= NETIF_F_HW_VLAN_CTAG_FILTER | NETIF_F_HW_VLAN_CTAG_RX;
Reported by FlawFinder.
drivers/net/ethernet/ti/davinci_emac.c
7 issues
Line: 314
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct net_device *ndev;
struct platform_device *pdev;
struct napi_struct napi;
char mac_addr[6];
void __iomem *remap_addr;
u32 emac_base_phys;
void __iomem *emac_base;
void __iomem *ctrl_base;
struct cpdma_ctlr *dma;
Reported by FlawFinder.
Line: 344
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* EMAC TX Host Error description strings */
static char *emac_txhost_errcodes[16] = {
"No error", "SOP error", "Ownership bit not set in SOP buffer",
"Zero Next Buffer Descriptor Pointer Without EOP",
"Zero Buffer Pointer", "Zero Buffer Length", "Packet Length Error",
"Reserved", "Reserved", "Reserved", "Reserved", "Reserved",
"Reserved", "Reserved", "Reserved", "Reserved"
Reported by FlawFinder.
Line: 353
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* EMAC RX Host Error description strings */
static char *emac_rxhost_errcodes[16] = {
"No error", "Reserved", "Ownership bit not set in input buffer",
"Reserved", "Zero Buffer Pointer", "Reserved", "Reserved",
"Reserved", "Reserved", "Reserved", "Reserved", "Reserved",
"Reserved", "Reserved", "Reserved", "Reserved"
};
Reported by FlawFinder.
Line: 1126
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EADDRNOTAVAIL;
/* Store mac addr in priv and rx channel and set it in EMAC hw */
memcpy(priv->mac_addr, sa->sa_data, ndev->addr_len);
memcpy(ndev->dev_addr, sa->sa_data, ndev->addr_len);
/* MAC address is configured only after the interface is enabled. */
if (netif_running(ndev)) {
emac_setmac(priv, EMAC_DEF_RX_CH, priv->mac_addr);
Reported by FlawFinder.
Line: 1127
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Store mac addr in priv and rx channel and set it in EMAC hw */
memcpy(priv->mac_addr, sa->sa_data, ndev->addr_len);
memcpy(ndev->dev_addr, sa->sa_data, ndev->addr_len);
/* MAC address is configured only after the interface is enabled. */
if (netif_running(ndev)) {
emac_setmac(priv, EMAC_DEF_RX_CH, priv->mac_addr);
}
Reported by FlawFinder.
Line: 1806
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* MAC addr and PHY mask , RMII enable info from platform_data */
memcpy(priv->mac_addr, pdata->mac_addr, ETH_ALEN);
priv->phy_id = pdata->phy_id;
priv->rmii_en = pdata->rmii_en;
priv->version = pdata->version;
priv->int_enable = pdata->interrupt_enable;
priv->int_disable = pdata->interrupt_disable;
Reported by FlawFinder.
Line: 1899
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(priv->mac_addr)) {
/* Use random MAC if still none obtained. */
eth_hw_addr_random(ndev);
memcpy(priv->mac_addr, ndev->dev_addr, ndev->addr_len);
dev_warn(&pdev->dev, "using random MAC addr: %pM\n",
priv->mac_addr);
}
ndev->netdev_ops = &emac_netdev_ops;
Reported by FlawFinder.
drivers/net/hamradio/scc.c
7 issues
Line: 1795
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (chan = 0; chan < 2; chan++)
{
sprintf(device_name, "%s%i", SCC_DriverName, 2*Nchips+chan);
SCC_Info[2*Nchips+chan].special = hwcfg.special;
SCC_Info[2*Nchips+chan].clock = hwcfg.clock;
SCC_Info[2*Nchips+chan].brand = hwcfg.brand;
SCC_Info[2*Nchips+chan].option = hwcfg.option;
Reported by FlawFinder.
Line: 2100
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
printk(banner);
sprintf(devname,"%s0", SCC_DriverName);
rtnl_lock();
if (scc_net_alloc(devname, SCC_Info)) {
rtnl_unlock();
printk(KERN_ERR "z8530drv: cannot initialize module\n");
Reported by FlawFinder.
Line: 1565
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev->netdev_ops = &scc_netdev_ops;
dev->header_ops = &ax25_header_ops;
memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
dev->flags = 0;
dev->type = ARPHRD_AX25;
Reported by FlawFinder.
Line: 1566
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev->header_ops = &ax25_header_ops;
memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
dev->flags = 0;
dev->type = ARPHRD_AX25;
dev->hard_header_len = AX25_MAX_HEADER_LEN + AX25_BPQ_HEADER_LEN;
Reported by FlawFinder.
Line: 1714
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct scc_calibrate cal;
struct scc_channel *scc = (struct scc_channel *) dev->ml_priv;
int chan;
unsigned char device_name[IFNAMSIZ];
void __user *arg = ifr->ifr_data;
if (!Driver_Initialized)
{
Reported by FlawFinder.
Line: 1951
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static int scc_net_set_mac_address(struct net_device *dev, void *addr)
{
struct sockaddr *sa = (struct sockaddr *) addr;
memcpy(dev->dev_addr, sa->sa_data, dev->addr_len);
return 0;
}
/* ----> get statistics <---- */
Reported by FlawFinder.
Line: 2096
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int __init scc_init_driver (void)
{
char devname[IFNAMSIZ];
printk(banner);
sprintf(devname,"%s0", SCC_DriverName);
Reported by FlawFinder.
drivers/net/hyperv/netvsc_drv.c
7 issues
Line: 759
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Copy the RNDIS indicate status into nvchan->recv_buf */
memcpy(indicate, data + RNDIS_HEADER_SIZE, sizeof(*indicate));
/* Update the physical link speed when changing to another vSwitch */
if (indicate->status == RNDIS_STATUS_LINK_SPEED_CHANGE) {
u32 speed;
Reported by FlawFinder.
Line: 1020
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_info->recv_sections = nvdev->recv_section_cnt;
dev_info->recv_section_size = nvdev->recv_section_size;
memcpy(dev_info->rss_key, nvdev->extension->rss_key,
NETVSC_HASH_KEYLEN);
prog = netvsc_xdp_get(nvdev);
if (prog) {
bpf_prog_inc(prog);
Reported by FlawFinder.
Line: 1464
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
eth_commit_mac_addr_change(ndev, p);
} else if (vf_netdev) {
/* rollback change on VF */
memcpy(addr->sa_data, ndev->dev_addr, ETH_ALEN);
dev_set_mac_address(vf_netdev, addr, NULL);
}
return err;
}
Reported by FlawFinder.
Line: 1472
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
static const struct {
char name[ETH_GSTRING_LEN];
u16 offset;
} netvsc_stats[] = {
{ "tx_scattered", offsetof(struct netvsc_ethtool_stats, tx_scattered) },
{ "tx_no_memory", offsetof(struct netvsc_ethtool_stats, tx_no_memory) },
{ "tx_no_space", offsetof(struct netvsc_ethtool_stats, tx_no_space) },
Reported by FlawFinder.
Line: 1799
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (key)
memcpy(key, rndis_dev->rss_key, NETVSC_HASH_KEYLEN);
return 0;
}
static int netvsc_set_rxfh(struct net_device *dev, const u32 *indir,
Reported by FlawFinder.
Line: 1996
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* increase the version, if buffer format is changed. */
regs->version = 1;
memcpy(regs_buff, ndc->tx_table, VRSS_SEND_TAB_SIZE * sizeof(u32));
}
static u32 netvsc_get_msglevel(struct net_device *ndev)
{
struct net_device_context *ndev_ctx = netdev_priv(ndev);
Reported by FlawFinder.
Line: 2539
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto rndis_failed;
}
memcpy(net->dev_addr, device_info->mac_adr, ETH_ALEN);
/* We must get rtnl lock before scheduling nvdev->subchan_work,
* otherwise netvsc_subchan_work() can get rtnl lock first and wait
* all subchannels to show up, but that may not happen because
* netvsc_probe() can't get rtnl lock and as a result vmbus_onoffer()
Reported by FlawFinder.
drivers/net/plip/plip.c
7 issues
Line: 1276
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!dev)
return;
strcpy(dev->name, name);
dev->irq = port->irq;
dev->base_addr = port->base;
if (port->irq == -1) {
printk(KERN_INFO "plip: %s has no IRQ. Using IRQ-less mode,"
Reported by FlawFinder.
Line: 1015
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Any address will do - we take the first */
const struct in_ifaddr *ifa = rcu_dereference(in_dev->ifa_list);
if (ifa) {
memcpy(eth->h_source, dev->dev_addr, ETH_ALEN);
memset(eth->h_dest, 0xfc, 2);
memcpy(eth->h_dest+2, &ifa->ifa_address, 4);
}
}
rcu_read_unlock();
Reported by FlawFinder.
Line: 1017
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ifa) {
memcpy(eth->h_source, dev->dev_addr, ETH_ALEN);
memset(eth->h_dest, 0xfc, 2);
memcpy(eth->h_dest+2, &ifa->ifa_address, 4);
}
}
rcu_read_unlock();
}
Reported by FlawFinder.
Line: 1110
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
plip_init_dev(). */
const struct in_ifaddr *ifa = rcu_dereference(in_dev->ifa_list);
if (ifa != NULL) {
memcpy(dev->dev_addr+2, &ifa->ifa_local, 4);
}
}
netif_start_queue (dev);
Reported by FlawFinder.
Line: 1261
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int unit;
struct net_device *dev;
struct net_local *nl;
char name[IFNAMSIZ];
struct pardev_cb plip_cb;
if ((parport[0] == -1 && (!timid || !port->devices)) ||
plip_searchfor(parport, port->number)) {
if (unit == PLIP_MAX) {
Reported by FlawFinder.
Line: 1271
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return;
}
sprintf(name, "plip%d", unit);
dev = alloc_etherdev(sizeof(struct net_local));
if (!dev)
return;
strcpy(dev->name, name);
Reported by FlawFinder.
Line: 1338
Column: 12
CWE codes:
126
static int plip_probe(struct pardevice *par_dev)
{
struct device_driver *drv = par_dev->dev.driver;
int len = strlen(drv->name);
if (strncmp(par_dev->name, drv->name, len))
return -ENODEV;
return 0;
Reported by FlawFinder.
drivers/net/thunderbolt.c
7 issues
Line: 242
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tbnet_fill_header(&reply.hdr, route, sequence, xd->local_uuid,
xd->remote_uuid, TBIP_LOGIN_RESPONSE, sizeof(reply),
command_id);
memcpy(reply.receiver_mac, net->dev->dev_addr, ETH_ALEN);
reply.receiver_mac_len = ETH_ALEN;
return tb_xdomain_response(xd, &reply, sizeof(reply),
TB_CFG_PKG_XDOMAIN_RESP);
}
Reported by FlawFinder.
Line: 1082
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* full frame size then break and go to
* next frame
*/
memcpy(dest, src, size_left);
len -= size_left;
dest += size_left;
src += size_left;
break;
}
Reported by FlawFinder.
Line: 1089
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
}
memcpy(dest, src, len);
size_left -= len;
dest += len;
if (unmap) {
kunmap_atomic(src);
Reported by FlawFinder.
Line: 1127
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* In case the remaining data_len is smaller than a frame */
while (len < data_len) {
memcpy(dest, src, len);
data_len -= len;
dest += len;
if (unmap) {
kunmap_atomic(src);
Reported by FlawFinder.
Line: 1144
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(dest, src, data_len);
if (unmap)
kunmap_atomic(src);
if (!tbnet_xmit_csum_and_map(net, skb, frames, frame_index + 1))
Reported by FlawFinder.
Line: 1213
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Unicast and locally administered MAC */
dev->dev_addr[0] = phy_port << 4 | 0x02;
hash = jhash2((u32 *)xd->local_uuid, 4, 0);
memcpy(dev->dev_addr + 1, &hash, sizeof(hash));
hash = jhash2((u32 *)xd->local_uuid, 4, hash);
dev->dev_addr[5] = hash & 0xff;
}
static int tbnet_probe(struct tb_service *svc, const struct tb_service_id *id)
Reported by FlawFinder.
Line: 1244
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
tbnet_generate_mac(dev);
strcpy(dev->name, "thunderbolt%d");
dev->netdev_ops = &tbnet_netdev_ops;
/* ThunderboltIP takes advantage of TSO packets but instead of
* segmenting them we just split the packet into Thunderbolt
* frames (maximum payload size of each frame is 4084 bytes) and
Reported by FlawFinder.
drivers/net/usb/cx82310_eth.c
7 issues
Line: 67
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* create command packet */
buf[0] = cmd;
if (wdata)
memcpy(buf + 4, wdata, min_t(int, wlen, CMD_PACKET_SIZE - 4));
/* send command packet */
ret = usb_bulk_msg(udev, usb_sndbulkpipe(udev, CMD_EP), buf,
CMD_PACKET_SIZE, &actual_len, CMD_TIMEOUT);
if (ret < 0) {
Reported by FlawFinder.
Line: 112
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto end;
}
if (rdata)
memcpy(rdata, buf + 4,
min_t(int, rlen, CMD_PACKET_SIZE - 4));
}
end:
kfree(buf);
return ret;
Reported by FlawFinder.
Line: 144
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int cx82310_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret;
char buf[15];
struct usb_device *udev = dev->udev;
u8 link[3];
int timeout = 50;
struct cx82310_priv *priv;
Reported by FlawFinder.
Line: 258
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!skb2)
return 0;
skb_put(skb2, len);
memcpy(skb2->data, (void *)dev->partial_data,
dev->partial_len);
memcpy(skb2->data + dev->partial_len, skb->data,
dev->partial_rem);
usbnet_skb_return(dev, skb2);
skb_pull(skb, (dev->partial_rem + 1) & ~1);
Reported by FlawFinder.
Line: 260
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_put(skb2, len);
memcpy(skb2->data, (void *)dev->partial_data,
dev->partial_len);
memcpy(skb2->data + dev->partial_len, skb->data,
dev->partial_rem);
usbnet_skb_return(dev, skb2);
skb_pull(skb, (dev->partial_rem + 1) & ~1);
dev->partial_rem = 0;
if (skb->len < 2)
Reported by FlawFinder.
Line: 293
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len > skb->len) {
dev->partial_len = skb->len;
dev->partial_rem = len - skb->len;
memcpy((void *)dev->partial_data, skb->data,
dev->partial_len);
skb_pull(skb, skb->len);
break;
}
Reported by FlawFinder.
Line: 303
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!skb2)
return 0;
skb_put(skb2, len);
memcpy(skb2->data, skb->data, len);
/* process the packet */
usbnet_skb_return(dev, skb2);
skb_pull(skb, (len + 1) & ~1);
}
Reported by FlawFinder.