The following issues were found
drivers/net/ethernet/mellanox/mlxsw/spectrum1_mr_tcam.c
6 issues
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_sp_mr_route_key *key,
struct mlxsw_afa_block *afa_block)
{
char rmft2_pl[MLXSW_REG_RMFT2_LEN];
switch (key->proto) {
case MLXSW_SP_L3_PROTO_IPV4:
mlxsw_reg_rmft2_ipv4_pack(rmft2_pl, true, parman_item->index,
key->vrid,
Reported by FlawFinder.
Line: 65
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_sp_mr_route_key *key)
{
struct in6_addr zero_addr = IN6ADDR_ANY_INIT;
char rmft2_pl[MLXSW_REG_RMFT2_LEN];
switch (key->proto) {
case MLXSW_SP_L3_PROTO_IPV4:
mlxsw_reg_rmft2_ipv4_pack(rmft2_pl, false, parman_item->index,
key->vrid, 0, 0, 0, 0, 0, 0, NULL);
Reported by FlawFinder.
Line: 179
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
mlxsw_sp1_mr_tcam_region_alloc(struct mlxsw_sp1_mr_tcam_region *mr_tcam_region)
{
struct mlxsw_sp *mlxsw_sp = mr_tcam_region->mlxsw_sp;
char rtar_pl[MLXSW_REG_RTAR_LEN];
mlxsw_reg_rtar_pack(rtar_pl, MLXSW_REG_RTAR_OP_ALLOCATE,
mr_tcam_region->rtar_key_type,
MLXSW_SP1_MR_TCAM_REGION_BASE_COUNT);
return mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(rtar), rtar_pl);
Reported by FlawFinder.
Line: 191
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
mlxsw_sp1_mr_tcam_region_free(struct mlxsw_sp1_mr_tcam_region *mr_tcam_region)
{
struct mlxsw_sp *mlxsw_sp = mr_tcam_region->mlxsw_sp;
char rtar_pl[MLXSW_REG_RTAR_LEN];
mlxsw_reg_rtar_pack(rtar_pl, MLXSW_REG_RTAR_OP_DEALLOCATE,
mr_tcam_region->rtar_key_type, 0);
mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(rtar), rtar_pl);
}
Reported by FlawFinder.
Line: 203
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mlxsw_sp1_mr_tcam_region *mr_tcam_region = priv;
struct mlxsw_sp *mlxsw_sp = mr_tcam_region->mlxsw_sp;
char rtar_pl[MLXSW_REG_RTAR_LEN];
u64 max_tcam_rules;
max_tcam_rules = MLXSW_CORE_RES_GET(mlxsw_sp->core, ACL_MAX_TCAM_RULES);
if (new_count > max_tcam_rules)
return -EINVAL;
Reported by FlawFinder.
Line: 221
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mlxsw_sp1_mr_tcam_region *mr_tcam_region = priv;
struct mlxsw_sp *mlxsw_sp = mr_tcam_region->mlxsw_sp;
char rrcr_pl[MLXSW_REG_RRCR_LEN];
mlxsw_reg_rrcr_pack(rrcr_pl, MLXSW_REG_RRCR_OP_MOVE,
from_index, count,
mr_tcam_region->rtar_key_type, to_index);
mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(rrcr), rrcr_pl);
Reported by FlawFinder.
drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c
6 issues
Line: 376
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < MAX_FW_IMAGES; i++) {
if (brcms_firmwares[i] == NULL)
break;
sprintf(fw_name, "%s-%d.fw", brcms_firmwares[i],
UCODE_LOADER_API_VER);
status = request_firmware(&wl->fw.fw_bin[i], fw_name, device);
if (status) {
wiphy_err(wl->wiphy, "%s: fail to load firmware %s\n",
KBUILD_MODNAME, fw_name);
Reported by FlawFinder.
Line: 384
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
KBUILD_MODNAME, fw_name);
return status;
}
sprintf(fw_name, "%s_hdr-%d.fw", brcms_firmwares[i],
UCODE_LOADER_API_VER);
status = request_firmware(&wl->fw.fw_hdr[i], fw_name, device);
if (status) {
wiphy_err(wl->wiphy, "%s: fail to load firmware %s\n",
KBUILD_MODNAME, fw_name);
Reported by FlawFinder.
Line: 81
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__le32 idx;
};
static const char * const brcms_firmwares[MAX_FW_IMAGES] = {
"brcm/bcm43xx",
NULL
};
static int n_adapters_found;
Reported by FlawFinder.
Line: 369
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int status;
struct device *device = &pdev->dev;
char fw_name[100];
int i;
memset(&wl->fw, 0, sizeof(struct brcms_firmware));
for (i = 0; i < MAX_FW_IMAGES; i++) {
if (brcms_firmwares[i] == NULL)
Reported by FlawFinder.
Line: 1185
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
brcms_c_regd_init(wl->wlc);
memcpy(perm, &wl->pub->cur_etheraddr, ETH_ALEN);
if (WARN_ON(!is_valid_ether_addr(perm)))
goto fail;
SET_IEEE80211_PERM_ADDR(hw, perm);
err = ieee80211_register_hw(hw);
Reported by FlawFinder.
Line: 1614
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*pbuf = kvmalloc(len, GFP_KERNEL);
if (*pbuf == NULL)
goto fail;
memcpy(*pbuf, pdata, len);
return 0;
}
}
}
brcms_err(wl->wlc->hw->d11core,
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/mvm/ftm-responder.c
6 issues
Line: 136
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return err;
}
memcpy(cmd.bssid, vif->addr, ETH_ALEN);
return iwl_mvm_send_cmd_pdu(mvm, iwl_cmd_id(TOF_RESPONDER_CONFIG_CMD,
LOCATION_GROUP, 0),
0, sizeof(cmd), &cmd);
}
Reported by FlawFinder.
Line: 177
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pos[0] = WLAN_EID_MEASURE_REPORT;
pos[1] = params->lci_len;
memcpy(pos + 2, params->lci, params->lci_len);
pos += aligned_lci_len;
pos[0] = WLAN_EID_MEASURE_REPORT;
pos[1] = params->civicloc_len;
memcpy(pos + 2, params->civicloc, params->civicloc_len);
Reported by FlawFinder.
Line: 182
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pos += aligned_lci_len;
pos[0] = WLAN_EID_MEASURE_REPORT;
pos[1] = params->civicloc_len;
memcpy(pos + 2, params->civicloc, params->civicloc_len);
hcmd.len[1] = aligned_lci_len + aligned_civicloc_len;
return iwl_mvm_send_cmd(mvm, &hcmd);
}
Reported by FlawFinder.
Line: 220
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd.lci_buf[0] = WLAN_EID_MEASURE_REPORT;
cmd.lci_buf[1] = params->lci_len;
memcpy(cmd.lci_buf + 2, params->lci, params->lci_len);
cmd.lci_len = params->lci_len + 2;
cmd.civic_buf[0] = WLAN_EID_MEASURE_REPORT;
cmd.civic_buf[1] = params->civicloc_len;
memcpy(cmd.civic_buf + 2, params->civicloc,
Reported by FlawFinder.
Line: 225
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd.civic_buf[0] = WLAN_EID_MEASURE_REPORT;
cmd.civic_buf[1] = params->civicloc_len;
memcpy(cmd.civic_buf + 2, params->civicloc,
params->civicloc_len);
cmd.civic_len = params->civicloc_len + 2;
cmd.valid_flags |= IWL_RESPONDER_DYN_CFG_VALID_LCI |
IWL_RESPONDER_DYN_CFG_VALID_CIVIC;
Reported by FlawFinder.
Line: 325
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
}
memcpy(sta->addr, addr, ETH_ALEN);
list_add_tail(&sta->list, &mvm->resp_pasn_list);
}
ret = iwl_mvm_ftm_responder_dyn_cfg_v3(mvm, vif, NULL, &hltk_data);
if (ret && sta)
Reported by FlawFinder.
drivers/net/ethernet/ibm/ibmveth.c
6 issues
Line: 77
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"Use old large send method on firmware that supports the new method");
struct ibmveth_stat {
char name[ETH_GSTRING_LEN];
int offset;
};
#define IBMVETH_STAT_OFF(stat) offsetof(struct ibmveth_adapter, stat)
#define IBMVETH_GET_STAT(a, off) *((u64 *)(((unsigned long)(a)) + off))
Reported by FlawFinder.
Line: 951
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
for (i = 0; i < ARRAY_SIZE(ibmveth_stats); i++, data += ETH_GSTRING_LEN)
memcpy(data, ibmveth_stats[i].name, ETH_GSTRING_LEN);
}
static int ibmveth_get_sset_count(struct net_device *dev, int sset)
{
switch (sset) {
Reported by FlawFinder.
Line: 1730
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
netdev->min_mtu = IBMVETH_MIN_MTU;
netdev->max_mtu = ETH_MAX_MTU - IBMVETH_BUFF_OH;
memcpy(netdev->dev_addr, mac_addr_p, ETH_ALEN);
if (firmware_has_feature(FW_FEATURE_CMO))
memcpy(pool_count, pool_count_cmo, sizeof(pool_count));
for (i = 0; i < IBMVETH_NUM_BUFF_POOLS; i++) {
Reported by FlawFinder.
Line: 1793
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
kobj);
if (attr == &veth_active_attr)
return sprintf(buf, "%d\n", pool->active);
else if (attr == &veth_num_attr)
return sprintf(buf, "%d\n", pool->size);
else if (attr == &veth_size_attr)
return sprintf(buf, "%d\n", pool->buff_size);
return 0;
Reported by FlawFinder.
Line: 1795
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (attr == &veth_active_attr)
return sprintf(buf, "%d\n", pool->active);
else if (attr == &veth_num_attr)
return sprintf(buf, "%d\n", pool->size);
else if (attr == &veth_size_attr)
return sprintf(buf, "%d\n", pool->buff_size);
return 0;
}
Reported by FlawFinder.
Line: 1797
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else if (attr == &veth_num_attr)
return sprintf(buf, "%d\n", pool->size);
else if (attr == &veth_size_attr)
return sprintf(buf, "%d\n", pool->buff_size);
return 0;
}
static ssize_t veth_pool_store(struct kobject *kobj, struct attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
drivers/net/wireless/admtek/adm8211.c
6 issues
Line: 297
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct adm8211_priv *priv = dev->priv;
memcpy(stats, &priv->stats, sizeof(*stats));
return 0;
}
static void adm8211_interrupt_tci(struct ieee80211_hw *dev)
Reported by FlawFinder.
Line: 332
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ieee80211_tx_info_clear_status(txi);
skb_pull(skb, sizeof(struct adm8211_tx_hdr));
memcpy(skb_push(skb, info->hdrlen), skb->cb, info->hdrlen);
if (!(txi->flags & IEEE80211_TX_CTL_NO_ACK) &&
!(status & TDES0_STATUS_ES))
txi->flags |= IEEE80211_TX_STAT_ACK;
ieee80211_tx_status_irqsafe(dev, skb);
Reported by FlawFinder.
Line: 446
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rx_status.freq = adm8211_channels[priv->channel - 1].center_freq;
rx_status.band = NL80211_BAND_2GHZ;
memcpy(IEEE80211_SKB_RXCB(skb), &rx_status, sizeof(rx_status));
ieee80211_rx_irqsafe(dev, skb);
}
entry = (++priv->cur_rx) % priv->rx_ring_size;
}
Reported by FlawFinder.
Line: 1323
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!ether_addr_equal(conf->bssid, priv->bssid)) {
adm8211_set_bssid(dev, conf->bssid);
memcpy(priv->bssid, conf->bssid, ETH_ALEN);
}
}
static u64 adm8211_prepare_multicast(struct ieee80211_hw *hw,
struct netdev_hw_addr_list *mc_list)
Reported by FlawFinder.
Line: 1690
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdr = (struct ieee80211_hdr *)skb->data;
hdrlen = ieee80211_hdrlen(hdr->frame_control);
memcpy(skb->cb, skb->data, hdrlen);
hdr = (struct ieee80211_hdr *)skb->cb;
skb_pull(skb, hdrlen);
payload_len = skb->len;
txhdr = skb_push(skb, sizeof(*txhdr));
Reported by FlawFinder.
Line: 1697
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
txhdr = skb_push(skb, sizeof(*txhdr));
memset(txhdr, 0, sizeof(*txhdr));
memcpy(txhdr->da, ieee80211_get_DA(hdr), ETH_ALEN);
txhdr->signal = plcp_signal;
txhdr->frame_body_size = cpu_to_le16(payload_len);
txhdr->frame_control = hdr->frame_control;
len = hdrlen + payload_len + FCS_LEN;
Reported by FlawFinder.
drivers/net/ethernet/intel/e1000e/phy.c
6 issues
Line: 8
Column: 24
CWE codes:
120
20
static s32 e1000_wait_autoneg(struct e1000_hw *hw);
static s32 e1000_access_phy_wakeup_reg_bm(struct e1000_hw *hw, u32 offset,
u16 *data, bool read, bool page_set);
static u32 e1000_get_phy_addr_for_hv_page(u32 page);
static s32 e1000_access_phy_debug_regs_hv(struct e1000_hw *hw, u32 offset,
u16 *data, bool read);
/* Cable length tables */
Reported by FlawFinder.
Line: 11
Column: 24
CWE codes:
120
20
u16 *data, bool read, bool page_set);
static u32 e1000_get_phy_addr_for_hv_page(u32 page);
static s32 e1000_access_phy_debug_regs_hv(struct e1000_hw *hw, u32 offset,
u16 *data, bool read);
/* Cable length tables */
static const u16 e1000_m88_cable_length_table[] = {
0, 50, 80, 110, 140, 140, E1000_CABLE_LENGTH_UNDEFINED
};
Reported by FlawFinder.
Line: 2637
Column: 24
CWE codes:
120
20
* is responsible for calls to e1000_[enable|disable]_phy_wakeup_reg_bm()).
**/
static s32 e1000_access_phy_wakeup_reg_bm(struct e1000_hw *hw, u32 offset,
u16 *data, bool read, bool page_set)
{
s32 ret_val;
u16 reg = BM_PHY_REG_NUM(offset);
u16 page = BM_PHY_REG_PAGE(offset);
u16 phy_reg = 0;
Reported by FlawFinder.
Line: 2668
Column: 6
CWE codes:
120
20
return ret_val;
}
if (read) {
/* Read the Wakeup register page value using opcode 0x12 */
ret_val = e1000e_read_phy_reg_mdic(hw, BM_WUC_DATA_OPCODE,
data);
} else {
/* Write the Wakeup register page value using opcode 0x12 */
Reported by FlawFinder.
Line: 2987
Column: 24
CWE codes:
120
20
* These accesses done with PHY address 2 and without using pages.
**/
static s32 e1000_access_phy_debug_regs_hv(struct e1000_hw *hw, u32 offset,
u16 *data, bool read)
{
s32 ret_val;
u32 addr_reg;
u32 data_reg;
Reported by FlawFinder.
Line: 3009
Column: 6
CWE codes:
120
20
}
/* Read or write the data value next */
if (read)
ret_val = e1000e_read_phy_reg_mdic(hw, data_reg, data);
else
ret_val = e1000e_write_phy_reg_mdic(hw, data_reg, *data);
if (ret_val)
Reported by FlawFinder.
drivers/net/veth.c
6 issues
Line: 1492
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
nla_strscpy(ifname, tbp[IFLA_IFNAME], IFNAMSIZ);
name_assign_type = NET_NAME_USER;
} else {
snprintf(ifname, IFNAMSIZ, DRV_NAME "%%d");
name_assign_type = NET_NAME_ENUM;
}
net = rtnl_link_get_net(src_net, tbp);
if (IS_ERR(net))
Reported by FlawFinder.
Line: 1545
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (tb[IFLA_IFNAME])
nla_strscpy(dev->name, tb[IFLA_IFNAME], IFNAMSIZ);
else
snprintf(dev->name, IFNAMSIZ, DRV_NAME "%%d");
err = register_netdevice(dev);
if (err < 0)
goto err_register_dev;
Reported by FlawFinder.
Line: 88
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct veth_q_stat_desc {
char desc[ETH_GSTRING_LEN];
size_t offset;
};
#define VETH_RQ_STAT(m) offsetof(struct veth_stats, m)
Reported by FlawFinder.
Line: 114
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define VETH_TQ_STATS_LEN ARRAY_SIZE(veth_tq_stats_desc)
static struct {
const char string[ETH_GSTRING_LEN];
} ethtool_stats_keys[] = {
{ "peer_ifindex" },
};
static int veth_get_link_ksettings(struct net_device *dev,
Reported by FlawFinder.
Line: 142
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch(stringset) {
case ETH_SS_STATS:
memcpy(p, ðtool_stats_keys, sizeof(ethtool_stats_keys));
p += sizeof(ethtool_stats_keys);
for (i = 0; i < dev->real_num_rx_queues; i++) {
for (j = 0; j < VETH_RQ_STATS_LEN; j++) {
snprintf(p, ETH_GSTRING_LEN,
"rx_queue_%u_%.18s",
Reported by FlawFinder.
Line: 1457
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int err;
struct net_device *peer;
struct veth_priv *priv;
char ifname[IFNAMSIZ];
struct nlattr *peer_tb[IFLA_MAX + 1], **tbp;
unsigned char name_assign_type;
struct ifinfomsg *ifmp;
struct net *net;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/spectrum_nve.c
6 issues
Line: 356
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum mlxsw_reg_tnumt_record_type type = mc_record->ops->type;
struct mlxsw_sp_nve_mc_list *mc_list = mc_record->mc_list;
struct mlxsw_sp *mlxsw_sp = mc_record->mlxsw_sp;
char tnumt_pl[MLXSW_REG_TNUMT_LEN];
unsigned int num_max_entries;
unsigned int num_entries = 0;
u32 next_kvdl_index = 0;
bool next_valid = false;
int i;
Reported by FlawFinder.
Line: 768
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void mlxsw_sp_nve_fdb_flush_by_fid(struct mlxsw_sp *mlxsw_sp,
u16 fid_index)
{
char sfdf_pl[MLXSW_REG_SFDF_LEN];
mlxsw_reg_sfdf_pack(sfdf_pl, MLXSW_REG_SFDF_FLUSH_PER_NVE_AND_FID);
mlxsw_reg_sfdf_fid_set(sfdf_pl, fid_index);
mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(sfdf), sfdf_pl);
}
Reported by FlawFinder.
Line: 870
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int mlxsw_sp_port_nve_init(struct mlxsw_sp_port *mlxsw_sp_port)
{
struct mlxsw_sp *mlxsw_sp = mlxsw_sp_port->mlxsw_sp;
char tnqdr_pl[MLXSW_REG_TNQDR_LEN];
mlxsw_reg_tnqdr_pack(tnqdr_pl, mlxsw_sp_port->local_port);
return mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(tnqdr), tnqdr_pl);
}
Reported by FlawFinder.
Line: 882
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mlxsw_sp_nve_qos_init(struct mlxsw_sp *mlxsw_sp)
{
char tnqcr_pl[MLXSW_REG_TNQCR_LEN];
mlxsw_reg_tnqcr_pack(tnqcr_pl);
return mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(tnqcr), tnqcr_pl);
}
Reported by FlawFinder.
Line: 895
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Iterate over inner ECN values */
for (i = INET_ECN_NOT_ECT; i <= INET_ECN_CE; i++) {
u8 outer_ecn = INET_ECN_encapsulate(0, i);
char tneem_pl[MLXSW_REG_TNEEM_LEN];
int err;
mlxsw_reg_tneem_pack(tneem_pl, i, outer_ecn);
err = mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(tneem),
tneem_pl);
Reported by FlawFinder.
Line: 911
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int __mlxsw_sp_nve_ecn_decap_init(struct mlxsw_sp *mlxsw_sp,
u8 inner_ecn, u8 outer_ecn)
{
char tndem_pl[MLXSW_REG_TNDEM_LEN];
u8 new_inner_ecn;
bool trap_en;
new_inner_ecn = mlxsw_sp_tunnel_ecn_decap(outer_ecn, inner_ecn,
&trap_en);
Reported by FlawFinder.
drivers/net/usb/sr9800.c
6 issues
Line: 95
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
skb_put(sr_skb, size);
memcpy(sr_skb->data, skb->data + offset, size);
usbnet_skb_return(dev, sr_skb);
offset += (size + 1) & 0xfffe;
}
Reported by FlawFinder.
Line: 506
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(addr->sa_data))
return -EADDRNOTAVAIL;
memcpy(net->dev_addr, addr->sa_data, ETH_ALEN);
/* We use the 20 byte dev->data
* for our 6 byte mac buffer
* to avoid allocating memory that
* is tricky to free later
Reported by FlawFinder.
Line: 513
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* to avoid allocating memory that
* is tricky to free later
*/
memcpy(data->mac_addr, addr->sa_data, ETH_ALEN);
sr_write_cmd_async(dev, SR_CMD_WRITE_NODE_ID, 0, 0, ETH_ALEN,
data->mac_addr);
return 0;
}
Reported by FlawFinder.
Line: 666
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
/* Rewrite MAC address */
memcpy(data->mac_addr, dev->net->dev_addr, ETH_ALEN);
ret = sr_write_cmd(dev, SR_CMD_WRITE_NODE_ID, 0, 0, ETH_ALEN,
data->mac_addr);
if (ret < 0)
goto out;
Reported by FlawFinder.
Line: 477
Column: 2
CWE codes:
120
{
/* Inherit standard device info */
usbnet_get_drvinfo(net, info);
strncpy(info->driver, DRIVER_NAME, sizeof(info->driver));
strncpy(info->version, DRIVER_VERSION, sizeof(info->version));
}
static u32 sr_get_link(struct net_device *net)
{
Reported by FlawFinder.
Line: 478
Column: 2
CWE codes:
120
/* Inherit standard device info */
usbnet_get_drvinfo(net, info);
strncpy(info->driver, DRIVER_NAME, sizeof(info->driver));
strncpy(info->version, DRIVER_VERSION, sizeof(info->version));
}
static u32 sr_get_link(struct net_device *net)
{
struct usbnet *dev = netdev_priv(net);
Reported by FlawFinder.
drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c
6 issues
Line: 496
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
orig_data = src->data + src_offset;
dst_data = pkt_next->data + dst_offset;
memcpy(dst_data, orig_data, req_sz);
src_offset += req_sz;
if (src_offset == src->len) {
src_offset = 0;
src = skb_peek_next(src, &local_list);
Reported by FlawFinder.
Line: 532
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err = brcmf_sdiod_recv_pkt(sdiodev, mypkt);
if (!err)
memcpy(buf, mypkt->data, nbytes);
brcmu_pkt_buf_free_skb(mypkt);
return err;
}
Reported by FlawFinder.
Line: 589
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto done;
skb_queue_walk(pktq, skb) {
memcpy(skb->data, glom_skb->data, skb->len);
skb_pull(glom_skb, skb->len);
}
} else
err = brcmf_sdiod_sglist_rw(sdiodev, sdiodev->func2, false,
addr, pktq);
Reported by FlawFinder.
Line: 615
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EIO;
}
memcpy(mypkt->data, buf, nbytes);
err = brcmf_sdiod_set_backplane_window(sdiodev, addr);
if (err)
goto out;
Reported by FlawFinder.
Line: 705
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_put(pkt, dsize);
if (write) {
memcpy(pkt->data, data, dsize);
err = brcmf_sdiod_skbuff_write(sdiodev, sdiodev->func1,
sdaddr, pkt);
} else {
err = brcmf_sdiod_skbuff_read(sdiodev, sdiodev->func1,
sdaddr, pkt);
Reported by FlawFinder.
Line: 718
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
}
if (!write)
memcpy(data, pkt->data, dsize);
skb_trim(pkt, 0);
/* Adjust for next transfer (if any) */
size -= dsize;
if (size) {
Reported by FlawFinder.