The following issues were found
drivers/char/tpm/eventlog/tpm1.c
6 issues
Line: 148
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
const char *name = "";
/* 41 so there is room for 40 data and 1 nul */
char data[41] = "";
int i, n_len = 0, d_len = 0;
struct tcpa_pc_event *pc_event;
switch (do_endian_conversion(event->event_type)) {
case PREBOOT:
Reported by FlawFinder.
Line: 207
Column: 14
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(pc_event->event_id)];
n_len = strlen(name);
for (i = 0; i < 20; i++)
d_len += sprintf(&data[2*i], "%02x",
pc_event->event_data[i]);
break;
default:
break;
}
Reported by FlawFinder.
Line: 230
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
char *temp_ptr;
int i;
memcpy(&temp_event, event, sizeof(struct tcpa_event));
/* convert raw integers for endianness */
temp_event.pcr_index = do_endian_conversion(event->pcr_index);
temp_event.event_type = do_endian_conversion(event->event_type);
temp_event.event_size = do_endian_conversion(event->event_size);
Reported by FlawFinder.
Line: 170
Column: 11
CWE codes:
126
case NONHOST_INFO:
name = tcpa_event_type_strings[do_endian_conversion
(event->event_type)];
n_len = strlen(name);
break;
case SEPARATOR:
case ACTION:
if (MAX_TEXT_EVENT >
do_endian_conversion(event->event_size)) {
Reported by FlawFinder.
Line: 195
Column: 12
CWE codes:
126
case S_CRTM_VERSION:
name = tcpa_pc_event_id_strings[do_endian_conversion
(pc_event->event_id)];
n_len = strlen(name);
break;
/* hash data */
case POST_BIOS_ROM:
case ESCD:
case OPTION_ROM_MICROCODE:
Reported by FlawFinder.
Line: 205
Column: 12
CWE codes:
126
case POST_CONTENTS:
name = tcpa_pc_event_id_strings[do_endian_conversion
(pc_event->event_id)];
n_len = strlen(name);
for (i = 0; i < 20; i++)
d_len += sprintf(&data[2*i], "%02x",
pc_event->event_data[i]);
break;
default:
Reported by FlawFinder.
drivers/clk/zynq/clkc.c
6 issues
Line: 220
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret;
char *clk_name;
unsigned int fclk_enable = 0;
const char *clk_output_name[clk_max];
const char *cpu_parents[4];
const char *periph_parents[4];
const char *swdt_ext_clk_mux_parents[2];
const char *can_mio_mux_parents[NUM_MIO_PINS];
const char *dummy_nm = "dummy_name";
Reported by FlawFinder.
Line: 221
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *clk_name;
unsigned int fclk_enable = 0;
const char *clk_output_name[clk_max];
const char *cpu_parents[4];
const char *periph_parents[4];
const char *swdt_ext_clk_mux_parents[2];
const char *can_mio_mux_parents[NUM_MIO_PINS];
const char *dummy_nm = "dummy_name";
Reported by FlawFinder.
Line: 222
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int fclk_enable = 0;
const char *clk_output_name[clk_max];
const char *cpu_parents[4];
const char *periph_parents[4];
const char *swdt_ext_clk_mux_parents[2];
const char *can_mio_mux_parents[NUM_MIO_PINS];
const char *dummy_nm = "dummy_name";
pr_info("Zynq clock init\n");
Reported by FlawFinder.
Line: 223
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *clk_output_name[clk_max];
const char *cpu_parents[4];
const char *periph_parents[4];
const char *swdt_ext_clk_mux_parents[2];
const char *can_mio_mux_parents[NUM_MIO_PINS];
const char *dummy_nm = "dummy_name";
pr_info("Zynq clock init\n");
Reported by FlawFinder.
Line: 224
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *cpu_parents[4];
const char *periph_parents[4];
const char *swdt_ext_clk_mux_parents[2];
const char *can_mio_mux_parents[NUM_MIO_PINS];
const char *dummy_nm = "dummy_name";
pr_info("Zynq clock init\n");
/* get clock output names from DT */
Reported by FlawFinder.
Line: 428
Column: 8
CWE codes:
126
"gem1_emio_mux", CLK_SET_RATE_PARENT,
SLCR_GEM1_CLK_CTRL, 0, 0, &gem1clk_lock);
tmp = strlen("mio_clk_00x");
clk_name = kmalloc(tmp, GFP_KERNEL);
for (i = 0; i < NUM_MIO_PINS; i++) {
int idx;
snprintf(clk_name, tmp, "mio_clk_%2.2d", i);
Reported by FlawFinder.
drivers/clk/ti/clk-3xxx.c
6 issues
Line: 59
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *idlest_bit,
u8 *idlest_val)
{
memcpy(idlest_reg, &clk->enable_reg, sizeof(*idlest_reg));
idlest_reg->offset &= ~0xf0;
idlest_reg->offset |= 0x20;
*idlest_bit = OMAP3430ES2_ST_SSI_IDLE_SHIFT;
*idlest_val = OMAP34XX_CM_IDLEST_VAL;
}
Reported by FlawFinder.
Line: 92
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct clk_omap_reg *idlest_reg,
u8 *idlest_bit, u8 *idlest_val)
{
memcpy(idlest_reg, &clk->enable_reg, sizeof(*idlest_reg));
idlest_reg->offset &= ~0xf0;
idlest_reg->offset |= 0x20;
/* USBHOST_IDLE has same shift */
*idlest_bit = OMAP3430ES2_ST_DSS_IDLE_SHIFT;
Reported by FlawFinder.
Line: 130
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *idlest_bit,
u8 *idlest_val)
{
memcpy(idlest_reg, &clk->enable_reg, sizeof(*idlest_reg));
idlest_reg->offset &= ~0xf0;
idlest_reg->offset |= 0x20;
*idlest_bit = OMAP3430ES2_ST_HSOTGUSB_IDLE_SHIFT;
*idlest_val = OMAP34XX_CM_IDLEST_VAL;
}
Reported by FlawFinder.
Line: 160
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *idlest_bit,
u8 *idlest_val)
{
memcpy(idlest_reg, &clk->enable_reg, sizeof(*idlest_reg));
*idlest_bit = clk->enable_bit + AM35XX_IPSS_ICK_EN_ACK_OFFSET;
*idlest_val = AM35XX_IPSS_CLK_IDLEST_VAL;
}
/**
Reported by FlawFinder.
Line: 183
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct clk_omap_reg *other_reg,
u8 *other_bit)
{
memcpy(other_reg, &clk->enable_reg, sizeof(*other_reg));
if (clk->enable_bit & AM35XX_IPSS_ICK_MASK)
*other_bit = clk->enable_bit + AM35XX_IPSS_ICK_FCK_OFFSET;
else
*other_bit = clk->enable_bit - AM35XX_IPSS_ICK_FCK_OFFSET;
}
Reported by FlawFinder.
Line: 211
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *idlest_bit,
u8 *idlest_val)
{
memcpy(idlest_reg, &clk->enable_reg, sizeof(*idlest_reg));
idlest_reg->offset &= ~0xf0;
idlest_reg->offset |= 0x20;
*idlest_bit = AM35XX_ST_IPSS_SHIFT;
*idlest_val = OMAP34XX_CM_IDLEST_VAL;
Reported by FlawFinder.
crypto/camellia_generic.c
6 issues
Line: 794
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void camellia_setup192(const unsigned char *key, u32 *subkey)
{
unsigned char kk[32];
u32 krll, krlr, krrl, krrr;
memcpy(kk, key, 24);
memcpy((unsigned char *)&krll, key+16, 4);
memcpy((unsigned char *)&krlr, key+20, 4);
Reported by FlawFinder.
Line: 797
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned char kk[32];
u32 krll, krlr, krrl, krrr;
memcpy(kk, key, 24);
memcpy((unsigned char *)&krll, key+16, 4);
memcpy((unsigned char *)&krlr, key+20, 4);
krrl = ~krll;
krrr = ~krlr;
memcpy(kk+24, (unsigned char *)&krrl, 4);
Reported by FlawFinder.
Line: 798
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u32 krll, krlr, krrl, krrr;
memcpy(kk, key, 24);
memcpy((unsigned char *)&krll, key+16, 4);
memcpy((unsigned char *)&krlr, key+20, 4);
krrl = ~krll;
krrr = ~krlr;
memcpy(kk+24, (unsigned char *)&krrl, 4);
memcpy(kk+28, (unsigned char *)&krrr, 4);
Reported by FlawFinder.
Line: 799
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(kk, key, 24);
memcpy((unsigned char *)&krll, key+16, 4);
memcpy((unsigned char *)&krlr, key+20, 4);
krrl = ~krll;
krrr = ~krlr;
memcpy(kk+24, (unsigned char *)&krrl, 4);
memcpy(kk+28, (unsigned char *)&krrr, 4);
camellia_setup256(kk, subkey);
Reported by FlawFinder.
Line: 802
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy((unsigned char *)&krlr, key+20, 4);
krrl = ~krll;
krrr = ~krlr;
memcpy(kk+24, (unsigned char *)&krrl, 4);
memcpy(kk+28, (unsigned char *)&krrr, 4);
camellia_setup256(kk, subkey);
}
Reported by FlawFinder.
Line: 803
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
krrl = ~krll;
krrr = ~krlr;
memcpy(kk+24, (unsigned char *)&krrl, 4);
memcpy(kk+28, (unsigned char *)&krrr, 4);
camellia_setup256(kk, subkey);
}
/*
Reported by FlawFinder.
drivers/clk/ti/adpll.c
6 issues
Line: 175
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void __iomem *iobase;
void __iomem *regs;
spinlock_t lock; /* For ADPLL shared register access */
const char *parent_names[MAX_ADPLL_INPUTS];
struct clk *parent_clocks[MAX_ADPLL_INPUTS];
struct ti_adpll_clock *clocks;
struct clk_onecell_data outputs;
struct ti_adpll_dco_data dco;
};
Reported by FlawFinder.
Line: 212
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct clk_lookup *cl;
const char *postfix = NULL;
char con_id[ADPLL_MAX_CON_ID];
d->clocks[index].clk = clock;
d->clocks[index].unregister = unregister;
/* Separate con_id in format "pll040dcoclkldo" to fit MAX_CON_ID */
Reported by FlawFinder.
Line: 279
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 shift)
{
const char *child_name;
const char *parents[2];
struct clk *clock;
child_name = ti_adpll_clk_get_name(d, -ENODEV, name);
if (!child_name)
return -ENOMEM;
Reported by FlawFinder.
Line: 588
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ti_adpll_clkout_data *co;
struct clk_init_data init;
struct clk_ops *ops;
const char *parent_names[2];
const char *child_name;
struct clk *clock;
int err;
co = devm_kzalloc(d->dev, sizeof(*co), GFP_KERNEL);
Reported by FlawFinder.
Line: 219
Column: 17
CWE codes:
126
/* Separate con_id in format "pll040dcoclkldo" to fit MAX_CON_ID */
postfix = strrchr(name, '.');
if (postfix && strlen(postfix) > 1) {
if (strlen(postfix) > ADPLL_MAX_CON_ID)
dev_warn(d->dev, "clock %s con_id lookup may fail\n",
name);
snprintf(con_id, 16, "pll%03lx%s", d->pa & 0xfff, postfix + 1);
cl = clkdev_create(clock, con_id, NULL);
Reported by FlawFinder.
Line: 220
Column: 7
CWE codes:
126
/* Separate con_id in format "pll040dcoclkldo" to fit MAX_CON_ID */
postfix = strrchr(name, '.');
if (postfix && strlen(postfix) > 1) {
if (strlen(postfix) > ADPLL_MAX_CON_ID)
dev_warn(d->dev, "clock %s con_id lookup may fail\n",
name);
snprintf(con_id, 16, "pll%03lx%s", d->pa & 0xfff, postfix + 1);
cl = clkdev_create(clock, con_id, NULL);
if (!cl)
Reported by FlawFinder.
crypto/md5.c
6 issues
Line: 150
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mctx->byte_count += len;
if (avail > len) {
memcpy((char *)mctx->block + (sizeof(mctx->block) - avail),
data, len);
return 0;
}
memcpy((char *)mctx->block + (sizeof(mctx->block) - avail),
Reported by FlawFinder.
Line: 155
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
}
memcpy((char *)mctx->block + (sizeof(mctx->block) - avail),
data, avail);
md5_transform_helper(mctx);
data += avail;
len -= avail;
Reported by FlawFinder.
Line: 169
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len -= sizeof(mctx->block);
}
memcpy(mctx->block, data, len);
return 0;
}
static int md5_final(struct shash_desc *desc, u8 *out)
Reported by FlawFinder.
Line: 196
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(u64)) / sizeof(u32));
md5_transform(mctx->hash, mctx->block);
cpu_to_le32_array(mctx->hash, sizeof(mctx->hash) / sizeof(u32));
memcpy(out, mctx->hash, sizeof(mctx->hash));
memset(mctx, 0, sizeof(*mctx));
return 0;
}
Reported by FlawFinder.
Line: 206
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct md5_state *ctx = shash_desc_ctx(desc);
memcpy(out, ctx, sizeof(*ctx));
return 0;
}
static int md5_import(struct shash_desc *desc, const void *in)
{
Reported by FlawFinder.
Line: 214
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct md5_state *ctx = shash_desc_ctx(desc);
memcpy(ctx, in, sizeof(*ctx));
return 0;
}
static struct shash_alg alg = {
.digestsize = MD5_DIGEST_SIZE,
Reported by FlawFinder.
drivers/clk/nxp/clk-lpc18xx-cgu.c
6 issues
Line: 75
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
CLK_SRC_MAX
};
static const char *clk_src_names[CLK_SRC_MAX] = {
[CLK_SRC_OSC32] = "osc32",
[CLK_SRC_IRC] = "irc",
[CLK_SRC_ENET_RX_CLK] = "enet_rx_clk",
[CLK_SRC_ENET_TX_CLK] = "enet_tx_clk",
[CLK_SRC_GP_CLKIN] = "gp_clkin",
Reported by FlawFinder.
Line: 92
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
[CLK_SRC_IDIVE] = "idive",
};
static const char *clk_base_names[BASE_CLK_MAX] = {
[BASE_SAFE_CLK] = "base_safe_clk",
[BASE_USB0_CLK] = "base_usb0_clk",
[BASE_PERIPH_CLK] = "base_periph_clk",
[BASE_USB1_CLK] = "base_usb1_clk",
[BASE_CPU_CLK] = "base_cpu_clk",
Reported by FlawFinder.
Line: 539
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
void __iomem *reg = base + LPC18XX_CGU_IDIV_CTRL(n);
const char *name = clk_src_names[clk->clk_id];
const char *parents[CLK_SRC_MAX];
clk->div.reg = reg;
clk->mux.reg = reg;
clk->gate.reg = reg;
Reported by FlawFinder.
Line: 559
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
void __iomem *reg = reg_base + LPC18XX_CGU_BASE_CLK(n);
const char *name = clk_base_names[clk->clk_id];
const char *parents[CLK_SRC_MAX];
if (clk->n_parents == 0)
return ERR_PTR(-ENOENT);
clk->mux.reg = reg;
Reported by FlawFinder.
Line: 586
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void __iomem *base)
{
const char *name = clk_src_names[clk->clk_id];
const char *parents[CLK_SRC_MAX];
clk->pll.reg = base;
clk->mux.reg = base + clk->reg_offset + LPC18XX_CGU_PLL_CTRL_OFFSET;
clk->gate.reg = base + clk->reg_offset + LPC18XX_CGU_PLL_CTRL_OFFSET;
Reported by FlawFinder.
Line: 603
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init lpc18xx_cgu_register_source_clks(struct device_node *np,
void __iomem *base)
{
const char *parents[CLK_SRC_MAX];
struct clk *clk;
int i;
/* Register the internal 12 MHz RC oscillator (IRC) */
clk = clk_register_fixed_rate(NULL, clk_src_names[CLK_SRC_IRC],
Reported by FlawFinder.
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c
6 issues
Line: 116
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdcp_cmd = (struct ta_hdcp_shared_memory *)psp->hdcp_context.hdcp_shared_buf;
memset(hdcp_cmd, 0, sizeof(struct ta_hdcp_shared_memory));
memcpy(hdcp_cmd->in_msg.hdcp_set_srm.srm_buf, srm, srm_size);
hdcp_cmd->in_msg.hdcp_set_srm.srm_buf_size = srm_size;
hdcp_cmd->cmd_id = TA_HDCP_COMMAND__HDCP_SET_SRM;
psp_hdcp_invoke(psp, hdcp_cmd->cmd_id);
Reported by FlawFinder.
Line: 181
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mod_hdcp_query_display(&hdcp_w->hdcp, aconnector->base.index, &query);
if (query.display != NULL) {
memcpy(display, query.display, sizeof(struct mod_hdcp_display));
mod_hdcp_remove_display(&hdcp_w->hdcp, aconnector->base.index, &hdcp_w->output);
hdcp_w->link.adjust.hdcp2.force_type = MOD_HDCP_FORCE_TYPE_0;
if (enable_encryption) {
Reported by FlawFinder.
Line: 545
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
work = container_of(bin_attr, struct hdcp_workqueue, attr);
link_lock(work, true);
memcpy(work->srm_temp + pos, buffer, count);
if (!psp_set_srm(work->hdcp.config.psp.handle, work->srm_temp, pos + count, &srm_version)) {
DRM_DEBUG_DRIVER("HDCP SRM SET version 0x%X", srm_version);
memcpy(work->srm, work->srm_temp, pos + count);
work->srm_size = pos + count;
Reported by FlawFinder.
Line: 549
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!psp_set_srm(work->hdcp.config.psp.handle, work->srm_temp, pos + count, &srm_version)) {
DRM_DEBUG_DRIVER("HDCP SRM SET version 0x%X", srm_version);
memcpy(work->srm, work->srm_temp, pos + count);
work->srm_size = pos + count;
work->srm_version = srm_version;
}
Reported by FlawFinder.
Line: 584
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = 0;
if (srm_size - pos < count) {
memcpy(buffer, srm + pos, srm_size - pos);
ret = srm_size - pos;
goto ret;
}
memcpy(buffer, srm + pos, count);
Reported by FlawFinder.
Line: 589
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto ret;
}
memcpy(buffer, srm + pos, count);
ret:
link_lock(work, false);
return ret;
}
Reported by FlawFinder.
drivers/firewire/net.c
6 issues
Line: 233
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (daddr) {
memcpy(h->h_dest, daddr, net->addr_len);
return net->hard_header_len;
}
return -net->hard_header_len;
Reported by FlawFinder.
Line: 252
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
net = neigh->dev;
h = (struct fwnet_header *)((u8 *)hh->hh_data + HH_DATA_OFF(sizeof(*h)));
h->h_proto = type;
memcpy(h->h_dest, neigh->ha, net->addr_len);
/* Pairs with the READ_ONCE() in neigh_resolve_output(),
* neigh_hh_output() and neigh_update_hhs().
*/
smp_store_release(&hh->hh_len, FWNET_HLEN);
Reported by FlawFinder.
Line: 266
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void fwnet_header_cache_update(struct hh_cache *hh,
const struct net_device *net, const unsigned char *haddr)
{
memcpy((u8 *)hh->hh_data + HH_DATA_OFF(FWNET_HLEN), haddr, net->addr_len);
}
static int fwnet_header_parse(const struct sk_buff *skb, unsigned char *haddr)
{
memcpy(haddr, skb->dev->dev_addr, FWNET_ALEN);
Reported by FlawFinder.
Line: 271
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static int fwnet_header_parse(const struct sk_buff *skb, unsigned char *haddr)
{
memcpy(haddr, skb->dev->dev_addr, FWNET_ALEN);
return FWNET_ALEN;
}
static const struct header_ops fwnet_header_ops = {
Reported by FlawFinder.
Line: 385
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_reserve(new->skb, LL_RESERVED_SPACE(net));
new->pbuf = skb_put(new->skb, dg_size);
memcpy(new->pbuf + frag_off, frag_buf, frag_len);
list_add_tail(&new->pd_link, &peer->pd_list);
return new;
fail_w_fi:
Reported by FlawFinder.
Line: 430
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (fwnet_frag_new(pd, frag_off, frag_len) == NULL)
return false;
memcpy(pd->pbuf + frag_off, frag_buf, frag_len);
/*
* Move list entry to beginning of list so that oldest partial
* datagrams percolate to the end of the list
*/
Reported by FlawFinder.
drivers/crypto/ccp/ccp-crypto-aes.c
6 issues
Line: 32
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
if (ctx->u.aes.mode != CCP_AES_MODE_ECB)
memcpy(req->iv, rctx->iv, AES_BLOCK_SIZE);
return 0;
}
static int ccp_aes_setkey(struct crypto_skcipher *tfm, const u8 *key,
Reported by FlawFinder.
Line: 59
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ctx->u.aes.mode = alg->mode;
ctx->u.aes.key_len = key_len;
memcpy(ctx->u.aes.key, key, key_len);
sg_init_one(&ctx->u.aes.key_sg, ctx->u.aes.key, key_len);
return 0;
}
Reported by FlawFinder.
Line: 86
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!req->iv)
return -EINVAL;
memcpy(rctx->iv, req->iv, AES_BLOCK_SIZE);
iv_sg = &rctx->iv_sg;
iv_len = AES_BLOCK_SIZE;
sg_init_one(iv_sg, rctx->iv, iv_len);
}
Reported by FlawFinder.
Line: 155
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
key_len -= CTR_RFC3686_NONCE_SIZE;
memcpy(ctx->u.aes.nonce, key + key_len, CTR_RFC3686_NONCE_SIZE);
return ccp_aes_setkey(tfm, key, key_len);
}
static int ccp_aes_rfc3686_crypt(struct skcipher_request *req, bool encrypt)
Reported by FlawFinder.
Line: 169
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Initialize the CTR block */
iv = rctx->rfc3686_iv;
memcpy(iv, ctx->u.aes.nonce, CTR_RFC3686_NONCE_SIZE);
iv += CTR_RFC3686_NONCE_SIZE;
memcpy(iv, req->iv, CTR_RFC3686_IV_SIZE);
iv += CTR_RFC3686_IV_SIZE;
Reported by FlawFinder.
Line: 172
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(iv, ctx->u.aes.nonce, CTR_RFC3686_NONCE_SIZE);
iv += CTR_RFC3686_NONCE_SIZE;
memcpy(iv, req->iv, CTR_RFC3686_IV_SIZE);
iv += CTR_RFC3686_IV_SIZE;
*(__be32 *)iv = cpu_to_be32(1);
/* Point to the new IV */
Reported by FlawFinder.