The following issues were found
security/keys/trusted-keys/trusted_tpm1.c
30 issues
Line: 119
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int keylen, unsigned char *h1,
unsigned char *h2, unsigned int h3, ...)
{
unsigned char paramdigest[SHA1_DIGEST_SIZE];
struct sdesc *sdesc;
unsigned int dlen;
unsigned char *data;
unsigned char c;
int ret;
Reported by FlawFinder.
Line: 183
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char *enonce;
unsigned char *continueflag;
unsigned char *authdata;
unsigned char testhmac[SHA1_DIGEST_SIZE];
unsigned char paramdigest[SHA1_DIGEST_SIZE];
struct sdesc *sdesc;
unsigned int dlen;
unsigned int dpos;
va_list argp;
Reported by FlawFinder.
Line: 184
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char *continueflag;
unsigned char *authdata;
unsigned char testhmac[SHA1_DIGEST_SIZE];
unsigned char paramdigest[SHA1_DIGEST_SIZE];
struct sdesc *sdesc;
unsigned int dlen;
unsigned int dpos;
va_list argp;
int ret;
Reported by FlawFinder.
Line: 273
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char *enonce2;
unsigned char *continueflag2;
unsigned char *authdata2;
unsigned char testhmac1[SHA1_DIGEST_SIZE];
unsigned char testhmac2[SHA1_DIGEST_SIZE];
unsigned char paramdigest[SHA1_DIGEST_SIZE];
struct sdesc *sdesc;
unsigned int dlen;
unsigned int dpos;
Reported by FlawFinder.
Line: 274
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char *continueflag2;
unsigned char *authdata2;
unsigned char testhmac1[SHA1_DIGEST_SIZE];
unsigned char testhmac2[SHA1_DIGEST_SIZE];
unsigned char paramdigest[SHA1_DIGEST_SIZE];
struct sdesc *sdesc;
unsigned int dlen;
unsigned int dpos;
va_list argp;
Reported by FlawFinder.
Line: 275
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char *authdata2;
unsigned char testhmac1[SHA1_DIGEST_SIZE];
unsigned char testhmac2[SHA1_DIGEST_SIZE];
unsigned char paramdigest[SHA1_DIGEST_SIZE];
struct sdesc *sdesc;
unsigned int dlen;
unsigned int dpos;
va_list argp;
int ret;
Reported by FlawFinder.
Line: 394
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int osap(struct tpm_buf *tb, struct osapsess *s,
const unsigned char *key, uint16_t type, uint32_t handle)
{
unsigned char enonce[TPM_NONCE_SIZE];
unsigned char ononce[TPM_NONCE_SIZE];
int ret;
ret = tpm_get_random(chip, ononce, TPM_NONCE_SIZE);
if (ret < 0)
Reported by FlawFinder.
Line: 395
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const unsigned char *key, uint16_t type, uint32_t handle)
{
unsigned char enonce[TPM_NONCE_SIZE];
unsigned char ononce[TPM_NONCE_SIZE];
int ret;
ret = tpm_get_random(chip, ononce, TPM_NONCE_SIZE);
if (ret < 0)
return ret;
Reported by FlawFinder.
Line: 415
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
s->handle = LOAD32(tb->data, TPM_DATA_OFFSET);
memcpy(s->enonce, &(tb->data[TPM_DATA_OFFSET + sizeof(uint32_t)]),
TPM_NONCE_SIZE);
memcpy(enonce, &(tb->data[TPM_DATA_OFFSET + sizeof(uint32_t) +
TPM_NONCE_SIZE]), TPM_NONCE_SIZE);
return TSS_rawhmac(s->secret, key, SHA1_DIGEST_SIZE, TPM_NONCE_SIZE,
enonce, TPM_NONCE_SIZE, ononce, 0, 0);
Reported by FlawFinder.
Line: 417
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->handle = LOAD32(tb->data, TPM_DATA_OFFSET);
memcpy(s->enonce, &(tb->data[TPM_DATA_OFFSET + sizeof(uint32_t)]),
TPM_NONCE_SIZE);
memcpy(enonce, &(tb->data[TPM_DATA_OFFSET + sizeof(uint32_t) +
TPM_NONCE_SIZE]), TPM_NONCE_SIZE);
return TSS_rawhmac(s->secret, key, SHA1_DIGEST_SIZE, TPM_NONCE_SIZE,
enonce, TPM_NONCE_SIZE, ononce, 0, 0);
}
Reported by FlawFinder.
drivers/comedi/drivers/ni_routing/tools/csv_collection.py
29 issues
Line: 1
Column: 1
# SPDX-License-Identifier: GPL-2.0+
import os, csv, glob
class CSVCollection(dict):
delimiter=';'
quotechar='"'
source_column_name = 'Sources / Destinations'
Reported by Pylint.
Line: 3
Column: 1
# SPDX-License-Identifier: GPL-2.0+
import os, csv, glob
class CSVCollection(dict):
delimiter=';'
quotechar='"'
source_column_name = 'Sources / Destinations'
Reported by Pylint.
Line: 5
Column: 1
import os, csv, glob
class CSVCollection(dict):
delimiter=';'
quotechar='"'
source_column_name = 'Sources / Destinations'
"""
Reported by Pylint.
Line: 6
Column: 1
import os, csv, glob
class CSVCollection(dict):
delimiter=';'
quotechar='"'
source_column_name = 'Sources / Destinations'
"""
This class is a dictionary representation of the collection of sheets that
Reported by Pylint.
Line: 7
Column: 1
class CSVCollection(dict):
delimiter=';'
quotechar='"'
source_column_name = 'Sources / Destinations'
"""
This class is a dictionary representation of the collection of sheets that
exist in a given .ODS file.
Reported by Pylint.
Line: 8
Column: 1
class CSVCollection(dict):
delimiter=';'
quotechar='"'
source_column_name = 'Sources / Destinations'
"""
This class is a dictionary representation of the collection of sheets that
exist in a given .ODS file.
"""
Reported by Pylint.
Line: 10
Column: 1
quotechar='"'
source_column_name = 'Sources / Destinations'
"""
This class is a dictionary representation of the collection of sheets that
exist in a given .ODS file.
"""
def __init__(self, pattern, skip_commented_lines=True, strip_lines=True):
super(CSVCollection, self).__init__()
Reported by Pylint.
Line: 14
Column: 1
This class is a dictionary representation of the collection of sheets that
exist in a given .ODS file.
"""
def __init__(self, pattern, skip_commented_lines=True, strip_lines=True):
super(CSVCollection, self).__init__()
self.pattern = pattern
C = '#' if skip_commented_lines else 'blahblahblah'
if strip_lines:
Reported by Pylint.
Line: 15
Column: 5
exist in a given .ODS file.
"""
def __init__(self, pattern, skip_commented_lines=True, strip_lines=True):
super(CSVCollection, self).__init__()
self.pattern = pattern
C = '#' if skip_commented_lines else 'blahblahblah'
if strip_lines:
strip = lambda s:s.strip()
Reported by Pylint.
Line: 15
Column: 1
exist in a given .ODS file.
"""
def __init__(self, pattern, skip_commented_lines=True, strip_lines=True):
super(CSVCollection, self).__init__()
self.pattern = pattern
C = '#' if skip_commented_lines else 'blahblahblah'
if strip_lines:
strip = lambda s:s.strip()
Reported by Pylint.
net/core/net-sysfs.c
29 issues
Line: 773
CWE codes:
685
for (i = 0; i < map->len; i++)
cpumask_set_cpu(map->cpus[i], mask);
len = snprintf(buf, PAGE_SIZE, "%*pb\n", cpumask_pr_args(mask));
rcu_read_unlock();
free_cpumask_var(mask);
return len < PAGE_SIZE ? len : -EINVAL;
}
Reported by Cppcheck.
Line: 60
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
#define NETDEVICE_SHOW(field, format_string) \
static ssize_t format_##field(const struct net_device *dev, char *buf) \
{ \
return sprintf(buf, format_string, dev->field); \
} \
static ssize_t field##_show(struct device *dev, \
struct device_attribute *attr, char *buf) \
{ \
return netdev_show(dev, attr, buf, format_##field); \
Reported by FlawFinder.
Line: 119
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
{
struct net_device *ndev = to_net_dev(dev);
return sprintf(buf, fmt_dec, dev_get_iflink(ndev));
}
static DEVICE_ATTR_RO(iflink);
static ssize_t format_name_assign_type(const struct net_device *dev, char *buf)
{
Reported by FlawFinder.
Line: 125
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
static ssize_t format_name_assign_type(const struct net_device *dev, char *buf)
{
return sprintf(buf, fmt_dec, dev->name_assign_type);
}
static ssize_t name_assign_type_show(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 187
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
struct net_device *netdev = to_net_dev(dev);
if (netif_running(netdev))
return sprintf(buf, fmt_dec, !!netif_carrier_ok(netdev));
return -EINVAL;
}
static DEVICE_ATTR_RW(carrier);
Reported by FlawFinder.
Line: 206
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
struct ethtool_link_ksettings cmd;
if (!__ethtool_get_link_ksettings(netdev, &cmd))
ret = sprintf(buf, fmt_dec, cmd.base.speed);
}
rtnl_unlock();
return ret;
}
static DEVICE_ATTR_RO(speed);
Reported by FlawFinder.
Line: 239
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
duplex = "unknown";
break;
}
ret = sprintf(buf, "%s\n", duplex);
}
}
rtnl_unlock();
return ret;
}
Reported by FlawFinder.
Line: 253
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
struct net_device *netdev = to_net_dev(dev);
if (netif_running(netdev))
return sprintf(buf, fmt_dec, !!netif_testing(netdev));
return -EINVAL;
}
static DEVICE_ATTR_RO(testing);
Reported by FlawFinder.
Line: 265
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
struct net_device *netdev = to_net_dev(dev);
if (netif_running(netdev))
return sprintf(buf, fmt_dec, !!netif_dormant(netdev));
return -EINVAL;
}
static DEVICE_ATTR_RO(dormant);
Reported by FlawFinder.
Line: 296
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (operstate >= ARRAY_SIZE(operstates))
return -EINVAL; /* should not happen */
return sprintf(buf, "%s\n", operstates[operstate]);
}
static DEVICE_ATTR_RO(operstate);
static ssize_t carrier_changes_show(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
drivers/net/ethernet/chelsio/cxgb4/t4_hw.c
29 issues
Line: 239
Column: 11
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
*/
static void t4_record_mbox(struct adapter *adapter,
const __be64 *cmd, unsigned int size,
int access, int execute)
{
struct mbox_cmd_log *log = adapter->mbox_log;
struct mbox_cmd *entry;
int i;
Reported by FlawFinder.
Line: 255
Column: 18
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
entry->cmd[i++] = 0;
entry->timestamp = jiffies;
entry->seqno = log->seqno++;
entry->access = access;
entry->execute = execute;
}
/**
* t4_wr_mbox_meat_timeout - send a command to FW through the given mailbox
Reported by FlawFinder.
Line: 341
Column: 36
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
list_del(&entry.list);
spin_unlock_bh(&adap->mbox_lock);
ret = (pcie_fw & PCIE_FW_ERR_F) ? -ENXIO : -EBUSY;
t4_record_mbox(adap, cmd, size, access, ret);
return ret;
}
/* If we're at the head, break out and start the mailbox
* protocol.
Reported by FlawFinder.
Line: 374
Column: 35
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
list_del(&entry.list);
spin_unlock_bh(&adap->mbox_lock);
ret = (v == MBOX_OWNER_FW) ? -EBUSY : -ETIMEDOUT;
t4_record_mbox(adap, cmd, size, access, ret);
return ret;
}
/* Copy in the new mailbox command and send it on its way ... */
t4_record_mbox(adap, cmd, size, access, 0);
Reported by FlawFinder.
Line: 379
Column: 34
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
/* Copy in the new mailbox command and send it on its way ... */
t4_record_mbox(adap, cmd, size, access, 0);
for (i = 0; i < size; i += 8)
t4_write_reg64(adap, data_reg + i, be64_to_cpu(*p++));
t4_write_reg(adap, ctl_reg, MBMSGVALID_F | MBOWNER_V(MBOX_OWNER_FW));
t4_read_reg(adap, ctl_reg); /* flush write */
Reported by FlawFinder.
Line: 422
Column: 22
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
execute = i + ms;
t4_record_mbox(adap, cmd_rpl,
MBOX_LEN, access, execute);
spin_lock_bh(&adap->mbox_lock);
list_del(&entry.list);
spin_unlock_bh(&adap->mbox_lock);
return -FW_CMD_RETVAL_G((int)res);
}
Reported by FlawFinder.
Line: 431
Column: 34
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
ret = (pcie_fw & PCIE_FW_ERR_F) ? -ENXIO : -ETIMEDOUT;
t4_record_mbox(adap, cmd, size, access, ret);
dev_err(adap->pdev_dev, "command %#x in mailbox %d timed out\n",
*(const u8 *)cmd, mbox);
t4_report_fw_error(adap);
spin_lock_bh(&adap->mbox_lock);
list_del(&entry.list);
Reported by FlawFinder.
Line: 415
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fw_asrt(adap, data_reg);
res = FW_CMD_RETVAL_V(EIO);
} else if (rpl) {
memcpy(rpl, cmd_rpl, size);
}
t4_write_reg(adap, ctl_reg, 0);
execute = i + ms;
Reported by FlawFinder.
Line: 578
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
union {
u32 word;
char byte[4];
} last;
unsigned char *bp;
int i;
if (dir == T4_MEMORY_READ) {
Reported by FlawFinder.
Line: 2820
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
FIND_VPD_KW(na, "NA");
#undef FIND_VPD_KW
memcpy(p->id, vpd + PCI_VPD_LRDT_TAG_SIZE, id_len);
strim(p->id);
memcpy(p->ec, vpd + ec, EC_LEN);
strim(p->ec);
i = pci_vpd_info_field_size(vpd + sn - PCI_VPD_INFO_FLD_HDR_SIZE);
memcpy(p->sn, vpd + sn, min(i, SERNUM_LEN));
Reported by FlawFinder.
sound/usb/mixer_scarlett_gen2.c
29 issues
Line: 1914
Column: 36
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static void scarlett2_sw_hw_ctl_ro(struct scarlett2_data *private, int index)
{
private->sw_hw_ctls[index]->vd[0].access &=
~SNDRV_CTL_ELEM_ACCESS_WRITE;
}
static void scarlett2_sw_hw_ctl_rw(struct scarlett2_data *private, int index)
{
Reported by FlawFinder.
Line: 1920
Column: 36
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static void scarlett2_sw_hw_ctl_rw(struct scarlett2_data *private, int index)
{
private->sw_hw_ctls[index]->vd[0].access |=
SNDRV_CTL_ELEM_ACCESS_WRITE;
}
static int scarlett2_sw_hw_enum_ctl_info(struct snd_kcontrol *kctl,
struct snd_ctl_elem_info *uinfo)
Reported by FlawFinder.
Line: 1953
Column: 35
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
/* Set/Clear write bits */
if (value) {
private->vol_ctls[index]->vd[0].access |=
SNDRV_CTL_ELEM_ACCESS_WRITE;
private->mute_ctls[index]->vd[0].access |=
SNDRV_CTL_ELEM_ACCESS_WRITE;
} else {
private->vol_ctls[index]->vd[0].access &=
Reported by FlawFinder.
Line: 1955
Column: 36
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (value) {
private->vol_ctls[index]->vd[0].access |=
SNDRV_CTL_ELEM_ACCESS_WRITE;
private->mute_ctls[index]->vd[0].access |=
SNDRV_CTL_ELEM_ACCESS_WRITE;
} else {
private->vol_ctls[index]->vd[0].access &=
~SNDRV_CTL_ELEM_ACCESS_WRITE;
private->mute_ctls[index]->vd[0].access &=
Reported by FlawFinder.
Line: 1958
Column: 35
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
private->mute_ctls[index]->vd[0].access |=
SNDRV_CTL_ELEM_ACCESS_WRITE;
} else {
private->vol_ctls[index]->vd[0].access &=
~SNDRV_CTL_ELEM_ACCESS_WRITE;
private->mute_ctls[index]->vd[0].access &=
~SNDRV_CTL_ELEM_ACCESS_WRITE;
}
Reported by FlawFinder.
Line: 1960
Column: 36
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
} else {
private->vol_ctls[index]->vd[0].access &=
~SNDRV_CTL_ELEM_ACCESS_WRITE;
private->mute_ctls[index]->vd[0].access &=
~SNDRV_CTL_ELEM_ACCESS_WRITE;
}
/* Notify of write bit and possible value change */
snd_ctl_notify(card,
Reported by FlawFinder.
Line: 3053
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* Add input level (line/inst) controls */
for (i = 0; i < info->level_input_count; i++) {
snprintf(s, sizeof(s), fmt, i + 1 + info->level_input_first,
"Level", "Enum");
err = scarlett2_add_new_ctl(mixer, &scarlett2_level_enum_ctl,
i, 1, s, &private->level_ctls[i]);
if (err < 0)
return err;
Reported by FlawFinder.
Line: 3063
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* Add input pad controls */
for (i = 0; i < info->pad_input_count; i++) {
snprintf(s, sizeof(s), fmt, i + 1, "Pad", "Switch");
err = scarlett2_add_new_ctl(mixer, &scarlett2_pad_ctl,
i, 1, s, &private->pad_ctls[i]);
if (err < 0)
return err;
}
Reported by FlawFinder.
Line: 3072
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* Add input air controls */
for (i = 0; i < info->air_input_count; i++) {
snprintf(s, sizeof(s), fmt, i + 1, "Air", "Switch");
err = scarlett2_add_new_ctl(mixer, &scarlett2_air_ctl,
i, 1, s, &private->air_ctls[i]);
if (err < 0)
return err;
}
Reported by FlawFinder.
Line: 3082
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* Add input phantom controls */
if (info->inputs_per_phantom == 1) {
for (i = 0; i < info->phantom_count; i++) {
snprintf(s, sizeof(s), fmt, i + 1,
"Phantom Power", "Switch");
err = scarlett2_add_new_ctl(
mixer, &scarlett2_phantom_ctl,
i, 1, s, &private->phantom_ctls[i]);
if (err < 0)
Reported by FlawFinder.
drivers/usb/gadget/function/uvc_configfs.c
29 issues
Line: 157
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
opts = to_f_uvc_opts(opts_item); \
\
mutex_lock(&opts->lock); \
result = sprintf(page, "%u\n", le##bits##_to_cpu(ch->desc.aname));\
mutex_unlock(&opts->lock); \
\
mutex_unlock(su_mutex); \
return result; \
} \
Reported by FlawFinder.
Line: 277
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
pd = &opts->uvc_processing; \
\
mutex_lock(&opts->lock); \
result = sprintf(page, "%u\n", le##bits##_to_cpu(pd->aname)); \
mutex_unlock(&opts->lock); \
\
mutex_unlock(su_mutex); \
return result; \
} \
Reported by FlawFinder.
Line: 312
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_lock(&opts->lock);
for (result = 0, i = 0; i < pd->bControlSize; ++i) {
result += sprintf(pg, "%u\n", pd->bmControls[i]);
pg = page + result;
}
mutex_unlock(&opts->lock);
mutex_unlock(su_mutex);
Reported by FlawFinder.
Line: 381
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
cd = &opts->uvc_camera_terminal; \
\
mutex_lock(&opts->lock); \
result = sprintf(page, "%u\n", le##bits##_to_cpu(cd->aname)); \
mutex_unlock(&opts->lock); \
\
mutex_unlock(su_mutex); \
\
return result; \
Reported by FlawFinder.
Line: 424
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_lock(&opts->lock);
for (result = 0, i = 0; i < cd->bControlSize; ++i) {
result += sprintf(pg, "%u\n", cd->bmControls[i]);
pg = page + result;
}
mutex_unlock(&opts->lock);
mutex_unlock(su_mutex);
Reported by FlawFinder.
Line: 495
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
cd = &opts->uvc_output_terminal; \
\
mutex_lock(&opts->lock); \
result = sprintf(page, "%u\n", le##bits##_to_cpu(cd->aname)); \
mutex_unlock(&opts->lock); \
\
mutex_unlock(su_mutex); \
\
return result; \
Reported by FlawFinder.
Line: 731
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
opts = to_f_uvc_opts(opts_item);
mutex_lock(&opts->lock);
result += sprintf(page, "%u\n", opts->control_interface);
mutex_unlock(&opts->lock);
mutex_unlock(su_mutex);
return result;
Reported by FlawFinder.
Line: 804
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
opts = to_f_uvc_opts(opts_item);
mutex_lock(&opts->lock);
result = sprintf(pg, "0x");
pg += result;
for (i = 0; i < UVCG_STREAMING_CONTROL_SIZE; ++i) {
result += sprintf(pg, "%x\n", f->bmaControls[i]);
pg = page + result;
}
Reported by FlawFinder.
Line: 807
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
result = sprintf(pg, "0x");
pg += result;
for (i = 0; i < UVCG_STREAMING_CONTROL_SIZE; ++i) {
result += sprintf(pg, "%x\n", f->bmaControls[i]);
pg = page + result;
}
mutex_unlock(&opts->lock);
mutex_unlock(su_mutex);
Reported by FlawFinder.
Line: 993
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
opts = to_f_uvc_opts(opts_item); \
\
mutex_lock(&opts->lock); \
result = sprintf(page, "%u\n", le##bits##_to_cpu(sh->desc.aname));\
mutex_unlock(&opts->lock); \
\
mutex_unlock(su_mutex); \
return result; \
} \
Reported by FlawFinder.
drivers/regulator/core.c
29 issues
Line: 614
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct regulator_dev *rdev = dev_get_drvdata(dev);
return sprintf(buf, "%s\n", rdev_get_name(rdev));
}
static DEVICE_ATTR_RO(name);
static const char *regulator_opmode_to_str(int mode)
{
Reported by FlawFinder.
Line: 635
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t regulator_print_opmode(char *buf, int mode)
{
return sprintf(buf, "%s\n", regulator_opmode_to_str(mode));
}
static ssize_t opmode_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 714
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -ERANGE;
}
return sprintf(buf, "%s\n", label);
}
static DEVICE_ATTR_RO(status);
static ssize_t min_microamps_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 910
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
report = "disabled";
return sprintf(buf, "%s\n", report);
}
static DEVICE_ATTR_RO(bypass);
/* Calculate the new optimum regulator operating mode based on the new total
* consumer load. All locks held by caller
Reported by FlawFinder.
Line: 400
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct device_node *of_get_regulator(struct device *dev, const char *supply)
{
struct device_node *regnode = NULL;
char prop_name[64]; /* 64 is max size of property name */
dev_dbg(dev, "Looking up %s-supply from device tree\n", supply);
snprintf(prop_name, 64, "%s-supply", supply);
regnode = of_parse_phandle(dev->of_node, prop_name, 0);
Reported by FlawFinder.
Line: 596
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (uV < 0)
return uV;
return sprintf(buf, "%d\n", uV);
}
static DEVICE_ATTR_RO(microvolts);
static ssize_t microamps_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 605
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct regulator_dev *rdev = dev_get_drvdata(dev);
return sprintf(buf, "%d\n", _regulator_get_current_limit(rdev));
}
static DEVICE_ATTR_RO(microamps);
static ssize_t name_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 650
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t regulator_print_state(char *buf, int state)
{
if (state > 0)
return sprintf(buf, "enabled\n");
else if (state == 0)
return sprintf(buf, "disabled\n");
else
return sprintf(buf, "unknown\n");
}
Reported by FlawFinder.
Line: 652
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (state > 0)
return sprintf(buf, "enabled\n");
else if (state == 0)
return sprintf(buf, "disabled\n");
else
return sprintf(buf, "unknown\n");
}
static ssize_t state_show(struct device *dev,
Reported by FlawFinder.
Line: 654
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else if (state == 0)
return sprintf(buf, "disabled\n");
else
return sprintf(buf, "unknown\n");
}
static ssize_t state_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
drivers/net/wireless/intersil/hostap/hostap_80211_rx.c
29 issues
Line: 650
Column: 32
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
/* Called only as a tasklet (software IRQ) */
static int
hostap_rx_frame_decrypt(local_info_t *local, struct sk_buff *skb,
struct lib80211_crypt_data *crypt)
{
struct ieee80211_hdr *hdr;
int res, hdrlen;
if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL)
Reported by FlawFinder.
Line: 688
Column: 49
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
/* Called only as a tasklet (software IRQ) */
static int
hostap_rx_frame_decrypt_msdu(local_info_t *local, struct sk_buff *skb,
int keyidx, struct lib80211_crypt_data *crypt)
{
struct ieee80211_hdr *hdr;
int res, hdrlen;
if (crypt == NULL || crypt->ops->decrypt_msdu == NULL)
Reported by FlawFinder.
Line: 784
Column: 29
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
int idx = 0;
if (skb->len >= hdrlen + 3)
idx = skb->data[hdrlen + 3] >> 6;
crypt = local->crypt_info.crypt[idx];
sta = NULL;
/* Use station specific key to override default keys if the
* receiver address is a unicast address ("individual RA"). If
* bcrx_sta_key parameter is set, station specific key is used
Reported by FlawFinder.
Line: 795
Column: 49
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
* stations that do not support WEP key mapping). */
if (!(hdr->addr1[0] & 0x01) || local->bcrx_sta_key)
(void) hostap_handle_sta_crypto(local, hdr, &crypt,
&sta);
/* allow NULL decrypt to indicate an station specific override
* for default encryption */
if (crypt && (crypt->ops == NULL ||
Reported by FlawFinder.
Line: 800
Column: 7
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
/* allow NULL decrypt to indicate an station specific override
* for default encryption */
if (crypt && (crypt->ops == NULL ||
crypt->ops->decrypt_mpdu == NULL))
crypt = NULL;
if (!crypt && (fc & IEEE80211_FCTL_PROTECTED)) {
#if 0
Reported by FlawFinder.
Line: 804
Column: 8
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
crypt->ops->decrypt_mpdu == NULL))
crypt = NULL;
if (!crypt && (fc & IEEE80211_FCTL_PROTECTED)) {
#if 0
/* This seems to be triggered by some (multicast?)
* frames from other than current BSS, so just drop the
* frames silently instead of filling system log with
* these reports. */
Reported by FlawFinder.
Line: 823
Column: 53
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (type == IEEE80211_FTYPE_MGMT &&
stype == IEEE80211_STYPE_AUTH &&
fc & IEEE80211_FCTL_PROTECTED && local->host_decrypt &&
(keyidx = hostap_rx_frame_decrypt(local, skb, crypt)) < 0)
{
printk(KERN_DEBUG "%s: failed to decrypt mgmt::auth "
"from %pM\n", dev->name, hdr->addr2);
/* TODO: could inform hostapd about this so that it
* could send auth failure report */
Reported by FlawFinder.
Line: 912
Column: 52
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
/* skb: hdr + (possibly fragmented, possibly encrypted) payload */
if (local->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
(keyidx = hostap_rx_frame_decrypt(local, skb, crypt)) < 0)
goto rx_dropped;
hdr = (struct ieee80211_hdr *) skb->data;
/* skb: hdr + (possibly fragmented) plaintext payload */
Reported by FlawFinder.
Line: 976
Column: 55
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
* encrypted/authenticated */
if (local->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
hostap_rx_frame_decrypt_msdu(local, skb, keyidx, crypt))
goto rx_dropped;
hdr = (struct ieee80211_hdr *) skb->data;
if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !local->open_wep) {
if (local->ieee_802_1x &&
Reported by FlawFinder.
Line: 980
Column: 6
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
goto rx_dropped;
hdr = (struct ieee80211_hdr *) skb->data;
if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !local->open_wep) {
if (local->ieee_802_1x &&
hostap_is_eapol_frame(local, skb)) {
/* pass unencrypted EAPOL frames even if encryption is
* configured */
PDEBUG(DEBUG_EXTRA2, "%s: RX: IEEE 802.1X - passing "
Reported by FlawFinder.
tools/perf/util/build-id.c
29 issues
Line: 210
Column: 8
CWE codes:
362
20
Suggestion:
Reconsider approach
if (!linkname)
return NULL;
len = readlink(linkname, buf, sizeof(buf) - 1);
if (len <= 0)
goto out;
buf[len] = '\0';
/* The link should be "../..<origpath>/<sbuild_id>" */
Reported by FlawFinder.
Line: 763
Column: 9
CWE codes:
362
20
Suggestion:
Reconsider approach
char path[PATH_MAX];
ssize_t len;
len = readlink(linkname, path, sizeof(path) - 1);
if (len <= 0) {
pr_err("Cant read link: %s\n", linkname);
goto out_free;
}
path[len] = '\0';
Reported by FlawFinder.
Line: 853
Column: 6
CWE codes:
362
20
Suggestion:
Reconsider approach
if (access(linkname, F_OK))
goto out_free;
if (readlink(linkname, filename, size - 1) < 0)
goto out_free;
if (unlink(linkname))
goto out_free;
Reported by FlawFinder.
Line: 158
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_start(ap, fmt);
if (*strp)
ret = vsnprintf(*strp, size, fmt, ap);
else
ret = vasprintf(strp, fmt, ap);
va_end(ap);
return ret;
Reported by FlawFinder.
Line: 174
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
snprintf(bf, size, "%s/%s/%s/kallsyms",
buildid_dir, DSO__NAME_KALLSYMS, sbuild_id);
retry:
if (!access(bf, F_OK))
return bf;
if (retry_old) {
/* Try old style kallsyms cache */
snprintf(bf, size, "%s/%s/%s",
buildid_dir, DSO__NAME_KALLSYMS, sbuild_id);
Reported by FlawFinder.
Line: 652
Column: 18
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
nsinfo__mountns_enter(nsi, &nsc);
realname = realpath(debugfile, NULL);
if (realname && access(realname, R_OK))
zfree(&realname);
nsinfo__mountns_exit(&nsc);
#ifdef HAVE_DEBUGINFOD_SUPPORT
if (realname == NULL) {
Reported by FlawFinder.
Line: 705
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
goto out_free;
}
if (access(filename, F_OK)) {
if (is_kallsyms) {
if (copyfile("/proc/kallsyms", filename))
goto out_free;
} else if (nsi && nsi->need_setns) {
if (copyfile_ns(name, filename, nsi))
Reported by FlawFinder.
Line: 732
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
filename = NULL;
goto out_free;
}
if (access(filename, F_OK)) {
if (nsi && nsi->need_setns) {
if (copyfile_ns(debugfile, filename,
nsi))
goto out_free;
} else if (link(debugfile, filename) &&
Reported by FlawFinder.
Line: 750
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
tmp = strrchr(linkname, '/');
*tmp = '\0';
if (access(linkname, X_OK) && mkdir_p(linkname, 0755))
goto out_free;
*tmp = '/';
tmp = dir_name + strlen(buildid_dir) - 5;
memcpy(tmp, "../..", 5);
Reported by FlawFinder.
Line: 830
Column: 19
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
bool ret = false;
char *filename = build_id_cache__linkname(sbuild_id, NULL, 0);
if (filename && !access(filename, F_OK))
ret = true;
free(filename);
return ret;
}
Reported by FlawFinder.
drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c
29 issues
Line: 2507
result = smum_smc_table_manager(hwmgr, (uint8_t *)avfs_fuse_table,
AVFSFUSETABLE, false);
PP_ASSERT_WITH_CODE(!result,
"Failed to upload FuseOVerride!",
);
}
return result;
}
Reported by Cppcheck.
Line: 4557
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return ret);
size += sprintf(buf + size, "Current ppfeatures: 0x%016llx\n", features_enabled);
size += sprintf(buf + size, "%-19s %-22s %s\n",
output_title[0],
output_title[1],
output_title[2]);
for (i = 0; i < GNLD_FEATURES_MAX; i++) {
size += sprintf(buf + size, "%-19s 0x%016llx %6s\n",
Reported by FlawFinder.
Line: 4562
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
output_title[1],
output_title[2]);
for (i = 0; i < GNLD_FEATURES_MAX; i++) {
size += sprintf(buf + size, "%-19s 0x%016llx %6s\n",
ppfeature_name[i],
1ULL << i,
(features_enabled & (1ULL << i)) ? "Y" : "N");
}
Reported by FlawFinder.
Line: 4653
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
count = sclk_table->count;
for (i = 0; i < count; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, sclk_table->dpm_levels[i].value / 100,
(i == now) ? "*" : "");
break;
case PP_MCLK:
if (data->registry_data.mclk_dpm_key_disabled)
Reported by FlawFinder.
Line: 4664
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
smum_send_msg_to_smc(hwmgr, PPSMC_MSG_GetCurrentUclkIndex, &now);
for (i = 0; i < mclk_table->count; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, mclk_table->dpm_levels[i].value / 100,
(i == now) ? "*" : "");
break;
case PP_SOCCLK:
if (data->registry_data.socclk_dpm_key_disabled)
Reported by FlawFinder.
Line: 4675
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
smum_send_msg_to_smc(hwmgr, PPSMC_MSG_GetCurrentSocclkIndex, &now);
for (i = 0; i < soc_table->count; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, soc_table->dpm_levels[i].value / 100,
(i == now) ? "*" : "");
break;
case PP_DCEFCLK:
if (data->registry_data.dcefclk_dpm_key_disabled)
Reported by FlawFinder.
Line: 4687
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
PPSMC_MSG_GetClockFreqMHz, CLK_DCEFCLK, &now);
for (i = 0; i < dcef_table->count; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, dcef_table->dpm_levels[i].value / 100,
(dcef_table->dpm_levels[i].value / 100 == now) ?
"*" : "");
break;
case PP_PCIE:
Reported by FlawFinder.
Line: 4701
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
gen_speed = pptable->PcieGenSpeed[i];
lane_width = pptable->PcieLaneCount[i];
size += sprintf(buf + size, "%d: %s %s %s\n", i,
(gen_speed == 0) ? "2.5GT/s," :
(gen_speed == 1) ? "5.0GT/s," :
(gen_speed == 2) ? "8.0GT/s," :
(gen_speed == 3) ? "16.0GT/s," : "",
(lane_width == 1) ? "x1" :
Reported by FlawFinder.
Line: 4720
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case OD_SCLK:
if (hwmgr->od_enabled) {
size = sprintf(buf, "%s:\n", "OD_SCLK");
podn_vdd_dep = &data->odn_dpm_table.vdd_dep_on_sclk;
for (i = 0; i < podn_vdd_dep->count; i++)
size += sprintf(buf + size, "%d: %10uMhz %10umV\n",
i, podn_vdd_dep->entries[i].clk / 100,
podn_vdd_dep->entries[i].vddc);
Reported by FlawFinder.
Line: 4730
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break;
case OD_MCLK:
if (hwmgr->od_enabled) {
size = sprintf(buf, "%s:\n", "OD_MCLK");
podn_vdd_dep = &data->odn_dpm_table.vdd_dep_on_mclk;
for (i = 0; i < podn_vdd_dep->count; i++)
size += sprintf(buf + size, "%d: %10uMhz %10umV\n",
i, podn_vdd_dep->entries[i].clk/100,
podn_vdd_dep->entries[i].vddc);
Reported by FlawFinder.