The following issues were found
net/ipv4/ipmr.c
6 issues
Line: 456
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p.iph.version = 4;
p.iph.ihl = 5;
p.iph.protocol = IPPROTO_IPIP;
sprintf(p.name, "dvmrp%d", v->vifc_vifi);
if (!tunnel_dev->netdev_ops->ndo_tunnel_ctl)
goto out;
err = tunnel_dev->netdev_ops->ndo_tunnel_ctl(tunnel_dev, &p,
SIOCADDTUNNEL);
Reported by FlawFinder.
Line: 541
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct net_device *ipmr_reg_vif(struct net *net, struct mr_table *mrt)
{
struct net_device *dev;
char name[IFNAMSIZ];
if (mrt->id == RT_TABLE_DEFAULT)
sprintf(name, "pimreg");
else
sprintf(name, "pimreg%u", mrt->id);
Reported by FlawFinder.
Line: 544
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char name[IFNAMSIZ];
if (mrt->id == RT_TABLE_DEFAULT)
sprintf(name, "pimreg");
else
sprintf(name, "pimreg%u", mrt->id);
dev = alloc_netdev(0, name, NET_NAME_UNKNOWN, reg_vif_setup);
Reported by FlawFinder.
Line: 546
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (mrt->id == RT_TABLE_DEFAULT)
sprintf(name, "pimreg");
else
sprintf(name, "pimreg%u", mrt->id);
dev = alloc_netdev(0, name, NET_NAME_UNKNOWN, reg_vif_setup);
if (!dev)
return NULL;
Reported by FlawFinder.
Line: 887
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err = dev_get_port_parent_id(dev, &ppid, true);
if (err == 0) {
memcpy(v->dev_parent_id.id, ppid.id, ppid.id_len);
v->dev_parent_id.id_len = ppid.id_len;
} else {
v->dev_parent_id.id_len = 0;
}
Reported by FlawFinder.
Line: 1038
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_reset_network_header(skb);
skb_reset_transport_header(skb);
msg = (struct igmpmsg *)skb_network_header(skb);
memcpy(msg, skb_network_header(pkt), sizeof(struct iphdr));
msg->im_msgtype = assert;
msg->im_mbz = 0;
if (assert == IGMPMSG_WRVIFWHOLE) {
msg->im_vif = vifi;
msg->im_vif_hi = vifi >> 8;
Reported by FlawFinder.
net/nfc/nci/core.c
6 issues
Line: 228
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd.num_params = 1;
cmd.param.id = param->id;
cmd.param.len = param->len;
memcpy(cmd.param.val, param->val, param->len);
nci_send_cmd(ndev, NCI_OP_CORE_SET_CONFIG_CMD, (3 + param->len), &cmd);
}
struct nci_rf_discover_param {
Reported by FlawFinder.
Line: 483
Column: 17
CWE codes:
362
goto done;
}
if (ndev->ops->open(ndev)) {
rc = -EIO;
goto done;
}
atomic_set(&ndev->cmd_cnt, 1);
Reported by FlawFinder.
Line: 710
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data.cmd = cmd;
if (params) {
memcpy(cmd->params, params, params_len);
if (params->length > 0)
memcpy(&ndev->cur_params,
¶ms->value[DEST_SPEC_PARAMS_ID_INDEX],
sizeof(struct dest_spec_params));
else
Reported by FlawFinder.
Line: 712
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (params) {
memcpy(cmd->params, params, params_len);
if (params->length > 0)
memcpy(&ndev->cur_params,
¶ms->value[DEST_SPEC_PARAMS_ID_INDEX],
sizeof(struct dest_spec_params));
else
ndev->cur_params.id = 0;
} else {
Reported by FlawFinder.
Line: 1140
Column: 12
CWE codes:
362
pr_debug("supported_protocols 0x%x\n", supported_protocols);
if (!ops->open || !ops->close || !ops->send)
return NULL;
if (!supported_protocols)
return NULL;
Reported by FlawFinder.
Line: 1208
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int rc;
struct device *dev = &ndev->nfc_dev->dev;
char name[32];
ndev->flags = 0;
INIT_WORK(&ndev->cmd_work, nci_cmd_work);
snprintf(name, sizeof(name), "%s_nci_cmd_wq", dev_name(dev));
Reported by FlawFinder.
include/rdma/ib_verbs.h
6 issues
Line: 1418
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct ib_send_wr wr;
struct ib_mr *mr;
u32 key;
int access;
};
static inline const struct ib_reg_wr *reg_wr(const struct ib_send_wr *wr)
{
return container_of(wr, struct ib_reg_wr, wr);
Reported by FlawFinder.
Line: 693
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ib_device_modify {
u64 sys_image_guid;
char node_desc[IB_DEVICE_NODE_DESC_MAX];
};
enum ib_port_modify_flags {
IB_PORT_SHUTDOWN = 1,
IB_PORT_INIT_TYPE = (1<<2),
Reported by FlawFinder.
Line: 2665
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Do not access @dma_device directly from ULP nor from HW drivers. */
struct device *dma_device;
struct ib_device_ops ops;
char name[IB_DEVICE_NAME_MAX];
struct rcu_head rcu_head;
struct list_head event_handler_list;
/* Protects event_handler_list */
struct rw_semaphore event_handler_rwsem;
Reported by FlawFinder.
Line: 2702
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 uverbs_cmd_mask;
char node_desc[IB_DEVICE_NODE_DESC_MAX];
__be64 node_guid;
u32 local_dma_lkey;
u16 is_switch:1;
/* Indicates kernel verbs support, should not be used in drivers */
u16 kverbs_provider:1;
Reported by FlawFinder.
Line: 2744
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct xarray compat_devs;
/* Used by iWarp CM */
char iw_ifname[IFNAMSIZ];
u32 iw_driver_flags;
u32 lag_flags;
};
struct ib_client_nl_info;
Reported by FlawFinder.
Line: 4450
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct ib_global_route *grh = rdma_ah_retrieve_grh(attr);
memcpy(grh->dgid.raw, dgid, sizeof(grh->dgid));
}
static inline void rdma_ah_set_subnet_prefix(struct rdma_ah_attr *attr,
__be64 prefix)
{
Reported by FlawFinder.
net/packet/af_packet.c
6 issues
Line: 159
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int mr_ifindex;
unsigned short mr_type;
unsigned short mr_alen;
unsigned char mr_address[MAX_ADDR_LEN];
};
union tpacket_uhdr {
struct tpacket_hdr *h1;
struct tpacket2_hdr *h2;
Reported by FlawFinder.
Line: 3228
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int addr_len)
{
struct sock *sk = sock->sk;
char name[sizeof(uaddr->sa_data) + 1];
/*
* Check legality
*/
Reported by FlawFinder.
Line: 3239
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* uaddr->sa_data comes from the userspace, it's not guaranteed to be
* zero-terminated.
*/
memcpy(name, uaddr->sa_data, sizeof(uaddr->sa_data));
name[sizeof(uaddr->sa_data)] = 0;
return packet_do_bind(sk, name, 0, pkt_sk(sk)->num);
}
Reported by FlawFinder.
Line: 3456
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg->msg_namelen = sizeof(struct sockaddr_ll);
}
}
memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, copy_len);
}
if (pkt_sk(sk)->auxdata) {
struct tpacket_auxdata aux;
Reported by FlawFinder.
Line: 3539
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (dev) {
sll->sll_hatype = dev->type;
sll->sll_halen = dev->addr_len;
memcpy(sll->sll_addr, dev->dev_addr, dev->addr_len);
} else {
sll->sll_hatype = 0; /* Bad: we have no ARPHRD_UNSPEC */
sll->sll_halen = 0;
}
rcu_read_unlock();
Reported by FlawFinder.
Line: 3633
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
i->type = mreq->mr_type;
i->ifindex = mreq->mr_ifindex;
i->alen = mreq->mr_alen;
memcpy(i->addr, mreq->mr_address, i->alen);
memset(i->addr + i->alen, 0, sizeof(i->addr) - i->alen);
i->count = 1;
i->next = po->mclist;
po->mclist = i;
err = packet_dev_mc(dev, i, 1);
Reported by FlawFinder.
include/sound/ak4114.h
6 issues
Line: 167
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
atomic_t wq_processing;
struct mutex reinit_mutex;
spinlock_t lock;
unsigned char regmap[6];
unsigned char txcsb[5];
struct snd_kcontrol *kctls[AK4114_CONTROLS];
struct snd_pcm_substream *playback_substream;
struct snd_pcm_substream *capture_substream;
unsigned long errors[AK4114_NUM_ERRORS];
Reported by FlawFinder.
Line: 168
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mutex reinit_mutex;
spinlock_t lock;
unsigned char regmap[6];
unsigned char txcsb[5];
struct snd_kcontrol *kctls[AK4114_CONTROLS];
struct snd_pcm_substream *playback_substream;
struct snd_pcm_substream *capture_substream;
unsigned long errors[AK4114_NUM_ERRORS];
unsigned char rcs0;
Reported by FlawFinder.
Line: 183
Column: 52
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int snd_ak4114_create(struct snd_card *card,
ak4114_read_t *read, ak4114_write_t *write,
const unsigned char pgm[6], const unsigned char txcsb[5],
void *private_data, struct ak4114 **r_ak4114);
void snd_ak4114_reg_write(struct ak4114 *ak4114, unsigned char reg, unsigned char mask, unsigned char val);
void snd_ak4114_reinit(struct ak4114 *ak4114);
int snd_ak4114_build(struct ak4114 *ak4114,
struct snd_pcm_substream *playback_substream,
Reported by FlawFinder.
Line: 183
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int snd_ak4114_create(struct snd_card *card,
ak4114_read_t *read, ak4114_write_t *write,
const unsigned char pgm[6], const unsigned char txcsb[5],
void *private_data, struct ak4114 **r_ak4114);
void snd_ak4114_reg_write(struct ak4114 *ak4114, unsigned char reg, unsigned char mask, unsigned char val);
void snd_ak4114_reinit(struct ak4114 *ak4114);
int snd_ak4114_build(struct ak4114 *ak4114,
struct snd_pcm_substream *playback_substream,
Reported by FlawFinder.
Line: 162
Column: 18
CWE codes:
120
20
struct ak4114 {
struct snd_card *card;
ak4114_write_t * write;
ak4114_read_t * read;
void * private_data;
atomic_t wq_processing;
struct mutex reinit_mutex;
spinlock_t lock;
unsigned char regmap[6];
Reported by FlawFinder.
Line: 182
Column: 24
CWE codes:
120
20
};
int snd_ak4114_create(struct snd_card *card,
ak4114_read_t *read, ak4114_write_t *write,
const unsigned char pgm[6], const unsigned char txcsb[5],
void *private_data, struct ak4114 **r_ak4114);
void snd_ak4114_reg_write(struct ak4114 *ak4114, unsigned char reg, unsigned char mask, unsigned char val);
void snd_ak4114_reinit(struct ak4114 *ak4114);
int snd_ak4114_build(struct ak4114 *ak4114,
Reported by FlawFinder.
net/decnet/dn_route.c
6 issues
Line: 95
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern struct neigh_table dn_neigh_table;
static unsigned char dn_hiord_addr[6] = {0xAA, 0x00, 0x04, 0x00, 0x00, 0x00};
static const int dn_rt_min_delay = 2 * HZ;
static const int dn_rt_max_delay = 10 * HZ;
static const int dn_rt_mtu_expires = 10 * 60 * HZ;
Reported by FlawFinder.
Line: 460
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dn_skb_cb *cb;
unsigned char *ptr;
unsigned char *src_addr, *dst_addr;
unsigned char tmp[ETH_ALEN];
/* Add back all headers */
skb_push(skb, skb->data - skb_network_header(skb));
skb = skb_unshare(skb, GFP_ATOMIC);
Reported by FlawFinder.
Line: 488
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*ptr = 0; /* Zero hop count */
/* Swap source and destination */
memcpy(tmp, src_addr, ETH_ALEN);
memcpy(src_addr, dst_addr, ETH_ALEN);
memcpy(dst_addr, tmp, ETH_ALEN);
skb->pkt_type = PACKET_OUTGOING;
dn_rt_finish_output(skb, dst_addr, src_addr);
Reported by FlawFinder.
Line: 489
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Swap source and destination */
memcpy(tmp, src_addr, ETH_ALEN);
memcpy(src_addr, dst_addr, ETH_ALEN);
memcpy(dst_addr, tmp, ETH_ALEN);
skb->pkt_type = PACKET_OUTGOING;
dn_rt_finish_output(skb, dst_addr, src_addr);
return NET_RX_SUCCESS;
Reported by FlawFinder.
Line: 490
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Swap source and destination */
memcpy(tmp, src_addr, ETH_ALEN);
memcpy(src_addr, dst_addr, ETH_ALEN);
memcpy(dst_addr, tmp, ETH_ALEN);
skb->pkt_type = PACKET_OUTGOING;
dn_rt_finish_output(skb, dst_addr, src_addr);
return NET_RX_SUCCESS;
}
Reported by FlawFinder.
Line: 1839
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int dn_rt_cache_seq_show(struct seq_file *seq, void *v)
{
struct dn_route *rt = v;
char buf1[DN_ASCBUF_LEN], buf2[DN_ASCBUF_LEN];
seq_printf(seq, "%-8s %-7s %-7s %04d %04d %04d\n",
rt->dst.dev ? rt->dst.dev->name : "*",
dn_addr2asc(le16_to_cpu(rt->rt_daddr), buf1),
dn_addr2asc(le16_to_cpu(rt->rt_saddr), buf2),
Reported by FlawFinder.
include/sound/snd_wavefront.h
6 issues
Line: 33
Column: 34
CWE codes:
362
struct snd_rawmidi_substream *substream_input[2];
struct timer_list timer;
snd_wavefront_card_t *timer_card;
spinlock_t open;
spinlock_t virtual; /* protects isvirtual */
};
#define OUTPUT_READY 0x40
#define INPUT_AVAIL 0x80
Reported by FlawFinder.
Line: 85
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char debug; /* debugging flags */
int freemem; /* installed RAM, in bytes */
char fw_version[2]; /* major = [0], minor = [1] */
char hw_version[2]; /* major = [0], minor = [1] */
char israw; /* needs Motorola microcode */
char has_fx; /* has FX processor (Tropez+) */
char fx_initialized; /* FX's register pages initialized */
char prog_status[WF_MAX_PROGRAM]; /* WF_SLOT_* */
Reported by FlawFinder.
Line: 86
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int freemem; /* installed RAM, in bytes */
char fw_version[2]; /* major = [0], minor = [1] */
char hw_version[2]; /* major = [0], minor = [1] */
char israw; /* needs Motorola microcode */
char has_fx; /* has FX processor (Tropez+) */
char fx_initialized; /* FX's register pages initialized */
char prog_status[WF_MAX_PROGRAM]; /* WF_SLOT_* */
char patch_status[WF_MAX_PATCH]; /* WF_SLOT_* */
Reported by FlawFinder.
Line: 90
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char israw; /* needs Motorola microcode */
char has_fx; /* has FX processor (Tropez+) */
char fx_initialized; /* FX's register pages initialized */
char prog_status[WF_MAX_PROGRAM]; /* WF_SLOT_* */
char patch_status[WF_MAX_PATCH]; /* WF_SLOT_* */
char sample_status[WF_MAX_SAMPLE]; /* WF_ST_* | WF_SLOT_* */
int samples_used; /* how many */
char interrupts_are_midi; /* h/w MPU interrupts enabled ? */
char rom_samples_rdonly; /* can we write on ROM samples */
Reported by FlawFinder.
Line: 91
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char has_fx; /* has FX processor (Tropez+) */
char fx_initialized; /* FX's register pages initialized */
char prog_status[WF_MAX_PROGRAM]; /* WF_SLOT_* */
char patch_status[WF_MAX_PATCH]; /* WF_SLOT_* */
char sample_status[WF_MAX_SAMPLE]; /* WF_ST_* | WF_SLOT_* */
int samples_used; /* how many */
char interrupts_are_midi; /* h/w MPU interrupts enabled ? */
char rom_samples_rdonly; /* can we write on ROM samples */
spinlock_t irq_lock;
Reported by FlawFinder.
Line: 92
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char fx_initialized; /* FX's register pages initialized */
char prog_status[WF_MAX_PROGRAM]; /* WF_SLOT_* */
char patch_status[WF_MAX_PATCH]; /* WF_SLOT_* */
char sample_status[WF_MAX_SAMPLE]; /* WF_ST_* | WF_SLOT_* */
int samples_used; /* how many */
char interrupts_are_midi; /* h/w MPU interrupts enabled ? */
char rom_samples_rdonly; /* can we write on ROM samples */
spinlock_t irq_lock;
wait_queue_head_t interrupt_sleeper;
Reported by FlawFinder.
net/netlink/af_netlink.c
6 issues
Line: 2841
};
#if defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_PROC_FS)
BTF_ID_LIST(btf_netlink_sock_id)
BTF_ID(struct, netlink_sock)
static const struct bpf_iter_seq_info netlink_seq_info = {
.seq_ops = &netlink_seq_ops,
.init_seq_private = bpf_iter_init_seq_net,
Reported by Cppcheck.
Line: 95
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct lock_class_key nlk_cb_mutex_keys[MAX_LINKS];
static const char *const nlk_cb_mutex_key_strings[MAX_LINKS + 1] = {
"nlk_cb_mutex-ROUTE",
"nlk_cb_mutex-1",
"nlk_cb_mutex-USERSOCK",
"nlk_cb_mutex-FIREWALL",
"nlk_cb_mutex-SOCK_DIAG",
Reported by FlawFinder.
Line: 2134
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!new)
return -ENOMEM;
old = nl_deref_protected(tbl->listeners);
memcpy(new->masks, old->masks, NLGRPSZ(tbl->groups));
rcu_assign_pointer(tbl->listeners, new);
kfree_rcu(old, rcu);
}
tbl->groups = groups;
Reported by FlawFinder.
Line: 2211
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOBUFS;
nl_dump_check_consistent(cb, nlh);
memcpy(nlmsg_data(nlh), &nlk->dump_done_errno, sizeof(nlk->dump_done_errno));
if (extack->_msg && nlk->flags & NETLINK_F_EXT_ACK) {
nlh->nlmsg_flags |= NLM_F_ACK_TLVS;
if (!nla_put_string(skb, NLMSGERR_ATTR_MSG, extack->_msg))
nlmsg_end(skb, nlh);
Reported by FlawFinder.
Line: 2450
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
NLMSG_ERROR, payload, flags);
errmsg = nlmsg_data(rep);
errmsg->error = err;
memcpy(&errmsg->msg, nlh, payload > sizeof(*errmsg) ? nlh->nlmsg_len : sizeof(*nlh));
if (nlk_has_extack && extack) {
if (extack->_msg) {
WARN_ON(nla_put_string(skb, NLMSGERR_ATTR_MSG,
extack->_msg));
Reported by FlawFinder.
Line: 2423
Column: 28
CWE codes:
126
* requested.
*/
if (nlk_has_extack && extack && extack->_msg)
tlvlen += nla_total_size(strlen(extack->_msg) + 1);
if (err && !(nlk->flags & NETLINK_F_CAP_ACK))
payload += nlmsg_len(nlh);
else
flags |= NLM_F_CAPPED;
Reported by FlawFinder.
net/ceph/messenger_v2.c
6 issues
Line: 778
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
aead_request_set_callback(con->v2.gcm_req, CRYPTO_TFM_REQ_MAY_BACKLOG,
crypto_req_done, &con->v2.gcm_wait);
memcpy(&con->v2.in_gcm_nonce, con_secret + CEPH_GCM_KEY_LEN,
CEPH_GCM_IV_LEN);
memcpy(&con->v2.out_gcm_nonce,
con_secret + CEPH_GCM_KEY_LEN + CEPH_GCM_IV_LEN,
CEPH_GCM_IV_LEN);
return 0; /* auth_x, secure mode */
Reported by FlawFinder.
Line: 780
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&con->v2.in_gcm_nonce, con_secret + CEPH_GCM_KEY_LEN,
CEPH_GCM_IV_LEN);
memcpy(&con->v2.out_gcm_nonce,
con_secret + CEPH_GCM_KEY_LEN + CEPH_GCM_IV_LEN,
CEPH_GCM_IV_LEN);
return 0; /* auth_x, secure mode */
}
Reported by FlawFinder.
Line: 1293
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!authorizer_copy)
return -ENOMEM;
memcpy(authorizer_copy, authorizer, authorizer_len);
return __prepare_control(con, FRAME_TAG_AUTH_REQUEST, buf, ctrl_len,
authorizer_copy, authorizer_len, true);
}
Reported by FlawFinder.
Line: 1695
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
/* preserve preamble */
memcpy(buf, con->v2.in_buf, CEPH_PREAMBLE_LEN);
add_in_kvec(con, CTRL_BODY(buf), ctrl_len);
add_in_kvec(con, CTRL_BODY(buf) + ctrl_len, CEPH_CRC_LEN);
add_in_sign_kvec(con, buf, head_len);
} else {
Reported by FlawFinder.
Line: 1726
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!buf)
return -ENOMEM;
memcpy(buf, CTRL_BODY(con->v2.in_buf), CEPH_PREAMBLE_INLINE_LEN);
reset_in_kvecs(con);
add_in_kvec(con, buf + CEPH_PREAMBLE_INLINE_LEN, rem_len);
add_in_kvec(con, con->v2.in_buf,
padding_len(rem_len) + CEPH_GCM_TAG_LEN);
Reported by FlawFinder.
Line: 2690
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!buf)
return -ENOMEM;
memcpy(buf, con->v2.in_kvecs[0].iov_base, ctrl_len);
return __handle_control(con, buf);
}
return __handle_control(con, con->v2.in_kvecs[0].iov_base);
}
Reported by FlawFinder.
include/trace/define_trace.h
6 issues
Line: 84
Column: 48
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
#endif
#ifndef TRACE_INCLUDE_PATH
# define __TRACE_INCLUDE(system) <trace/events/system.h>
# define UNDEF_TRACE_INCLUDE_PATH
#else
# define __TRACE_INCLUDE(system) __stringify(TRACE_INCLUDE_PATH/system.h)
#endif
Reported by FlawFinder.
Line: 84
Column: 26
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
#endif
#ifndef TRACE_INCLUDE_PATH
# define __TRACE_INCLUDE(system) <trace/events/system.h>
# define UNDEF_TRACE_INCLUDE_PATH
#else
# define __TRACE_INCLUDE(system) __stringify(TRACE_INCLUDE_PATH/system.h)
#endif
Reported by FlawFinder.
Line: 87
Column: 65
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
# define __TRACE_INCLUDE(system) <trace/events/system.h>
# define UNDEF_TRACE_INCLUDE_PATH
#else
# define __TRACE_INCLUDE(system) __stringify(TRACE_INCLUDE_PATH/system.h)
#endif
# define TRACE_INCLUDE(system) __TRACE_INCLUDE(system)
/* Let the trace headers be reread */
Reported by FlawFinder.
Line: 87
Column: 26
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
# define __TRACE_INCLUDE(system) <trace/events/system.h>
# define UNDEF_TRACE_INCLUDE_PATH
#else
# define __TRACE_INCLUDE(system) __stringify(TRACE_INCLUDE_PATH/system.h)
#endif
# define TRACE_INCLUDE(system) __TRACE_INCLUDE(system)
/* Let the trace headers be reread */
Reported by FlawFinder.
Line: 90
Column: 48
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
# define __TRACE_INCLUDE(system) __stringify(TRACE_INCLUDE_PATH/system.h)
#endif
# define TRACE_INCLUDE(system) __TRACE_INCLUDE(system)
/* Let the trace headers be reread */
#define TRACE_HEADER_MULTI_READ
#include TRACE_INCLUDE(TRACE_INCLUDE_FILE)
Reported by FlawFinder.
Line: 90
Column: 24
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
# define __TRACE_INCLUDE(system) __stringify(TRACE_INCLUDE_PATH/system.h)
#endif
# define TRACE_INCLUDE(system) __TRACE_INCLUDE(system)
/* Let the trace headers be reread */
#define TRACE_HEADER_MULTI_READ
#include TRACE_INCLUDE(TRACE_INCLUDE_FILE)
Reported by FlawFinder.