The following issues were found
drivers/net/ethernet/xilinx/ll_temac_main.c
6 issues
Line: 1257
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int i, len = 0;
for (i = 0; i < 0x11; i++)
len += sprintf(buf + len, "%.8x%s", lp->dma_in(lp, i),
(i % 8) == 7 ? "\n" : " ");
len += sprintf(buf + len, "\n");
return len;
}
Reported by FlawFinder.
Line: 1583
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (lp->phy_node)
dev_dbg(lp->dev, "using PHY node %pOF\n", temac_np);
} else if (pdata) {
snprintf(lp->phy_name, sizeof(lp->phy_name),
PHY_ID_FMT, lp->mii_bus->id, pdata->phy_addr);
lp->phy_interface = pdata->phy_interface;
}
/* Add the device attributes */
Reported by FlawFinder.
Line: 441
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static int temac_init_mac_address(struct net_device *ndev, const void *address)
{
memcpy(ndev->dev_addr, address, ETH_ALEN);
if (!is_valid_ether_addr(ndev->dev_addr))
eth_hw_addr_random(ndev);
temac_do_set_mac_address(ndev);
return 0;
}
Reported by FlawFinder.
Line: 454
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(addr->sa_data))
return -EADDRNOTAVAIL;
memcpy(ndev->dev_addr, addr->sa_data, ETH_ALEN);
temac_do_set_mac_address(ndev);
return 0;
}
static void temac_set_multicast_list(struct net_device *ndev)
Reported by FlawFinder.
Line: 1166
Column: 13
CWE codes:
126
return -ENODEV;
}
phy_start(phydev);
} else if (strlen(lp->phy_name) > 0) {
phydev = phy_connect(lp->ndev, lp->phy_name, temac_adjust_link,
lp->phy_interface);
if (IS_ERR(phydev)) {
dev_err(lp->dev, "phy_connect() failed\n");
return PTR_ERR(phydev);
Reported by FlawFinder.
Line: 1259
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < 0x11; i++)
len += sprintf(buf + len, "%.8x%s", lp->dma_in(lp, i),
(i % 8) == 7 ? "\n" : " ");
len += sprintf(buf + len, "\n");
return len;
}
static DEVICE_ATTR(llink_regs, 0440, temac_show_llink_regs, NULL);
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c
6 issues
Line: 712
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
out:
memcpy(&bridge_port->flags, &flags.val, sizeof(flags.val));
return 0;
}
static int mlxsw_sp_ageing_set(struct mlxsw_sp *mlxsw_sp, u32 ageing_time)
{
Reported by FlawFinder.
Line: 718
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mlxsw_sp_ageing_set(struct mlxsw_sp *mlxsw_sp, u32 ageing_time)
{
char sfdat_pl[MLXSW_REG_SFDAT_LEN];
int err;
mlxsw_reg_sfdat_pack(sfdat_pl, ageing_time);
err = mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(sfdat), sfdat_pl);
if (err)
Reported by FlawFinder.
Line: 1256
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 fid_index)
{
bool lagged = bridge_port->lagged;
char sfdf_pl[MLXSW_REG_SFDF_LEN];
u16 system_port;
system_port = lagged ? bridge_port->lag_id : bridge_port->system_port;
mlxsw_reg_sfdf_pack(sfdf_pl, mlxsw_sp_fdb_flush_type(lagged));
mlxsw_reg_sfdf_fid_set(sfdf_pl, fid_index);
Reported by FlawFinder.
Line: 2529
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_sp_bridge_port *bridge_port;
struct mlxsw_sp_port *mlxsw_sp_port;
enum switchdev_notifier_type type;
char mac[ETH_ALEN];
u8 local_port;
u16 vid, fid;
bool do_notification = true;
int err;
Reported by FlawFinder.
Line: 2593
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_sp_bridge_port *bridge_port;
struct mlxsw_sp_port *mlxsw_sp_port;
enum switchdev_notifier_type type;
char mac[ETH_ALEN];
u16 lag_vid = 0;
u16 lag_id;
u16 vid, fid;
bool do_notification = true;
int err;
Reported by FlawFinder.
Line: 2709
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct net_device *nve_dev;
union mlxsw_sp_l3addr addr;
struct mlxsw_sp_fid *fid;
char mac[ETH_ALEN];
u16 fid_index, vid;
__be32 vni;
u32 uip;
int err;
Reported by FlawFinder.
drivers/net/wireless/broadcom/b43legacy/debugfs.c
6 issues
Line: 362
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct b43legacy_dfsentry *e;
struct b43legacy_txstatus_log *log;
char devdir[16];
B43legacy_WARN_ON(!dev);
e = kzalloc(sizeof(*e), GFP_KERNEL);
if (!e) {
b43legacyerr(dev->wl, "debugfs: add device OOM\n");
Reported by FlawFinder.
Line: 439
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
i = 0;
log->end = i;
cur = &(log->log[i]);
memcpy(cur, status, sizeof(*cur));
spin_unlock(&log->lock);
}
void b43legacy_debugfs_init(void)
{
Reported by FlawFinder.
Line: 32
Column: 12
CWE codes:
120
20
static struct dentry *rootdir;
struct b43legacy_debugfs_fops {
ssize_t (*read)(struct b43legacy_wldev *dev, char *buf, size_t bufsize);
int (*write)(struct b43legacy_wldev *dev, const char *buf, size_t count);
struct file_operations fops;
/* Offset of struct b43legacy_dfs_file in struct b43legacy_dfsentry */
size_t file_struct_offset;
/* Take wl->irq_lock before calling read/write? */
Reported by FlawFinder.
Line: 213
Column: 14
CWE codes:
120
20
dfops = container_of(debugfs_real_fops(file),
struct b43legacy_debugfs_fops, fops);
if (!dfops->read) {
err = -ENOSYS;
goto out_unlock;
}
dfile = fops_to_dfs_file(dev, dfops);
Reported by FlawFinder.
Line: 228
Column: 17
CWE codes:
120
20
memset(buf, 0, bufsize);
if (dfops->take_irqlock) {
spin_lock_irq(&dev->wl->irq_lock);
ret = dfops->read(dev, buf, bufsize);
spin_unlock_irq(&dev->wl->irq_lock);
} else
ret = dfops->read(dev, buf, bufsize);
if (ret <= 0) {
free_pages((unsigned long)buf, buforder);
Reported by FlawFinder.
Line: 231
Column: 17
CWE codes:
120
20
ret = dfops->read(dev, buf, bufsize);
spin_unlock_irq(&dev->wl->irq_lock);
} else
ret = dfops->read(dev, buf, bufsize);
if (ret <= 0) {
free_pages((unsigned long)buf, buforder);
err = ret;
goto out_unlock;
}
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun.c
6 issues
Line: 258
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
m_neigh.family = attr.n->ops->family;
memcpy(&m_neigh.dst_ip, attr.n->primary_key, attr.n->tbl->key_len);
e->out_dev = attr.out_dev;
e->route_dev_ifindex = attr.route_dev->ifindex;
/* It's important to add the neigh to the hash table before checking
* the neigh validity state. So if we'll get a notification, in case the
Reported by FlawFinder.
Line: 524
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
m_neigh.family = attr.n->ops->family;
memcpy(&m_neigh.dst_ip, attr.n->primary_key, attr.n->tbl->key_len);
e->out_dev = attr.out_dev;
e->route_dev_ifindex = attr.route_dev->ifindex;
/* It's importent to add the neigh to the hash table before checking
* the neigh validity state. So if we'll get a notification, in case the
Reported by FlawFinder.
Line: 854
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct flow_match_ipv6_addrs match;
flow_rule_match_enc_ipv6_addrs(rule, &match);
memcpy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_c,
src_ipv4_src_ipv6.ipv6_layout.ipv6),
&match.mask->src, MLX5_FLD_SZ_BYTES(ipv6_layout,
ipv6));
memcpy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_v,
src_ipv4_src_ipv6.ipv6_layout.ipv6),
Reported by FlawFinder.
Line: 858
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src_ipv4_src_ipv6.ipv6_layout.ipv6),
&match.mask->src, MLX5_FLD_SZ_BYTES(ipv6_layout,
ipv6));
memcpy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_v,
src_ipv4_src_ipv6.ipv6_layout.ipv6),
&match.key->src, MLX5_FLD_SZ_BYTES(ipv6_layout,
ipv6));
memcpy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_c,
Reported by FlawFinder.
Line: 863
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
&match.key->src, MLX5_FLD_SZ_BYTES(ipv6_layout,
ipv6));
memcpy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_c,
dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
&match.mask->dst, MLX5_FLD_SZ_BYTES(ipv6_layout,
ipv6));
memcpy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_v,
dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
Reported by FlawFinder.
Line: 867
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
&match.mask->dst, MLX5_FLD_SZ_BYTES(ipv6_layout,
ipv6));
memcpy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_v,
dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
&match.key->dst, MLX5_FLD_SZ_BYTES(ipv6_layout,
ipv6));
key_basic.n_proto = htons(ETH_P_IPV6);
Reported by FlawFinder.
drivers/net/ethernet/freescale/dpaa/dpaa_eth_sysfs.c
6 issues
Line: 96
Column: 14
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (prev && (abs(fq->fqid - prev->fqid) != 1 ||
str != prevstr)) {
if (last_fqid == first_fqid)
bytes += sprintf(buf + bytes,
"%s: %d\n", prevstr, prev->fqid);
else
bytes += sprintf(buf + bytes,
"%s: %d - %d\n", prevstr,
first_fqid, last_fqid);
Reported by FlawFinder.
Line: 99
Column: 14
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
bytes += sprintf(buf + bytes,
"%s: %d\n", prevstr, prev->fqid);
else
bytes += sprintf(buf + bytes,
"%s: %d - %d\n", prevstr,
first_fqid, last_fqid);
}
if (prev && abs(fq->fqid - prev->fqid) == 1 &&
Reported by FlawFinder.
Line: 119
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (prev) {
if (last_fqid == first_fqid)
bytes += sprintf(buf + bytes, "%s: %d\n", prevstr,
prev->fqid);
else
bytes += sprintf(buf + bytes, "%s: %d - %d\n", prevstr,
first_fqid, last_fqid);
}
Reported by FlawFinder.
Line: 122
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
bytes += sprintf(buf + bytes, "%s: %d\n", prevstr,
prev->fqid);
else
bytes += sprintf(buf + bytes, "%s: %d - %d\n", prevstr,
first_fqid, last_fqid);
}
return bytes;
}
Reported by FlawFinder.
Line: 46
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct mac_device *mac_dev = priv->mac_dev;
if (mac_dev)
return sprintf(buf, "%llx",
(unsigned long long)mac_dev->res->start);
else
return sprintf(buf, "none");
}
Reported by FlawFinder.
Line: 49
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "%llx",
(unsigned long long)mac_dev->res->start);
else
return sprintf(buf, "none");
}
static ssize_t dpaa_eth_show_fqids(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/en_accel/tls.c
6 issues
Line: 44
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct inet_sock *inet = inet_sk(sk);
MLX5_SET(tls_flow, flow, ipv6, 0);
memcpy(MLX5_ADDR_OF(tls_flow, flow, dst_ipv4_dst_ipv6.ipv4_layout.ipv4),
&inet->inet_daddr, MLX5_FLD_SZ_BYTES(ipv4_layout, ipv4));
memcpy(MLX5_ADDR_OF(tls_flow, flow, src_ipv4_src_ipv6.ipv4_layout.ipv4),
&inet->inet_rcv_saddr, MLX5_FLD_SZ_BYTES(ipv4_layout, ipv4));
}
Reported by FlawFinder.
Line: 46
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_SET(tls_flow, flow, ipv6, 0);
memcpy(MLX5_ADDR_OF(tls_flow, flow, dst_ipv4_dst_ipv6.ipv4_layout.ipv4),
&inet->inet_daddr, MLX5_FLD_SZ_BYTES(ipv4_layout, ipv4));
memcpy(MLX5_ADDR_OF(tls_flow, flow, src_ipv4_src_ipv6.ipv4_layout.ipv4),
&inet->inet_rcv_saddr, MLX5_FLD_SZ_BYTES(ipv4_layout, ipv4));
}
#if IS_ENABLED(CONFIG_IPV6)
static void mlx5e_tls_set_ipv6_flow(void *flow, struct sock *sk)
Reported by FlawFinder.
Line: 56
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct ipv6_pinfo *np = inet6_sk(sk);
MLX5_SET(tls_flow, flow, ipv6, 1);
memcpy(MLX5_ADDR_OF(tls_flow, flow, dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
&sk->sk_v6_daddr, MLX5_FLD_SZ_BYTES(ipv6_layout, ipv6));
memcpy(MLX5_ADDR_OF(tls_flow, flow, src_ipv4_src_ipv6.ipv6_layout.ipv6),
&np->saddr, MLX5_FLD_SZ_BYTES(ipv6_layout, ipv6));
}
#endif
Reported by FlawFinder.
Line: 58
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_SET(tls_flow, flow, ipv6, 1);
memcpy(MLX5_ADDR_OF(tls_flow, flow, dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
&sk->sk_v6_daddr, MLX5_FLD_SZ_BYTES(ipv6_layout, ipv6));
memcpy(MLX5_ADDR_OF(tls_flow, flow, src_ipv4_src_ipv6.ipv6_layout.ipv6),
&np->saddr, MLX5_FLD_SZ_BYTES(ipv6_layout, ipv6));
}
#endif
static void mlx5e_tls_set_flow_tcp_ports(void *flow, struct sock *sk)
Reported by FlawFinder.
Line: 67
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct inet_sock *inet = inet_sk(sk);
memcpy(MLX5_ADDR_OF(tls_flow, flow, src_port), &inet->inet_sport,
MLX5_FLD_SZ_BYTES(tls_flow, src_port));
memcpy(MLX5_ADDR_OF(tls_flow, flow, dst_port), &inet->inet_dport,
MLX5_FLD_SZ_BYTES(tls_flow, dst_port));
}
Reported by FlawFinder.
Line: 69
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(MLX5_ADDR_OF(tls_flow, flow, src_port), &inet->inet_sport,
MLX5_FLD_SZ_BYTES(tls_flow, src_port));
memcpy(MLX5_ADDR_OF(tls_flow, flow, dst_port), &inet->inet_dport,
MLX5_FLD_SZ_BYTES(tls_flow, dst_port));
}
static int mlx5e_tls_set_flow(void *flow, struct sock *sk, u32 caps)
{
Reported by FlawFinder.
drivers/net/ethernet/netronome/nfp/bpf/cmsg.c
6 issues
Line: 235
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
if (op == NFP_CCM_TYPE_BPF_MAP_LOOKUP)
memcpy(out_value, nfp_bpf_ctrl_reply_val(bpf, reply, i),
map->value_size);
if (op == NFP_CCM_TYPE_BPF_MAP_GETNEXT) {
if (i + 1 == count)
break;
Reported by FlawFinder.
Line: 241
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (i + 1 == count)
break;
memcpy(out_key,
nfp_bpf_ctrl_reply_key(bpf, reply, i + 1),
map->key_size);
}
n_entries = 0;
Reported by FlawFinder.
Line: 328
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy inputs */
if (key)
memcpy(nfp_bpf_ctrl_req_key(bpf, req, 0), key, map->key_size);
if (value)
memcpy(nfp_bpf_ctrl_req_val(bpf, req, 0), value,
map->value_size);
skb = nfp_ccm_communicate(&bpf->ccm, skb, op, 0);
Reported by FlawFinder.
Line: 330
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (key)
memcpy(nfp_bpf_ctrl_req_key(bpf, req, 0), key, map->key_size);
if (value)
memcpy(nfp_bpf_ctrl_req_val(bpf, req, 0), value,
map->value_size);
skb = nfp_ccm_communicate(&bpf->ccm, skb, op, 0);
if (IS_ERR(skb)) {
err = PTR_ERR(skb);
Reported by FlawFinder.
Line: 367
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy outputs */
if (out_key)
memcpy(out_key, nfp_bpf_ctrl_reply_key(bpf, reply, 0),
map->key_size);
if (out_value)
memcpy(out_value, nfp_bpf_ctrl_reply_val(bpf, reply, 0),
map->value_size);
Reported by FlawFinder.
Line: 370
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(out_key, nfp_bpf_ctrl_reply_key(bpf, reply, 0),
map->key_size);
if (out_value)
memcpy(out_value, nfp_bpf_ctrl_reply_val(bpf, reply, 0),
map->value_size);
nfp_bpf_ctrl_op_cache_put(nfp_map, op, skb, cache_gen);
return 0;
Reported by FlawFinder.
drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c
6 issues
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define ETHTOOL_DMA_OFFSET 55
struct stmmac_stats {
char stat_string[ETH_GSTRING_LEN];
int sizeof_stat;
int stat_offset;
};
#define STMMAC_STAT(m) \
Reported by FlawFinder.
Line: 440
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!priv->plat->has_xgmac) {
/* Copy DMA registers to where ethtool expects them */
memcpy(®_space[ETHTOOL_DMA_OFFSET],
®_space[DMA_BUS_MODE / 4],
NUM_DWMAC1000_DMA_REGS * 4);
}
}
Reported by FlawFinder.
Line: 609
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!stmmac_safety_feat_dump(priv,
&priv->sstats, i,
NULL, &desc)) {
memcpy(p, desc, ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
}
}
if (priv->dma_cap.rmon)
Reported by FlawFinder.
Line: 616
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (priv->dma_cap.rmon)
for (i = 0; i < STMMAC_MMC_STATS_LEN; i++) {
memcpy(p, stmmac_mmc[i].stat_string,
ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
for (i = 0; i < STMMAC_STATS_LEN; i++) {
memcpy(p, stmmac_gstrings_stats[i].stat_string,
Reported by FlawFinder.
Line: 621
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p += ETH_GSTRING_LEN;
}
for (i = 0; i < STMMAC_STATS_LEN; i++) {
memcpy(p, stmmac_gstrings_stats[i].stat_string,
ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
break;
case ETH_SS_TEST:
Reported by FlawFinder.
Line: 949
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (key)
memcpy(key, priv->rss.key, sizeof(priv->rss.key));
if (hfunc)
*hfunc = ETH_RSS_HASH_TOP;
return 0;
}
Reported by FlawFinder.
drivers/net/ethernet/netronome/nfp/crypto/tls.c
6 issues
Line: 170
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
id = atomic64_inc_return(&nn->ktls_conn_id_gen);
len = front->key_len - NFP_NET_TLS_NON_ADDR_KEY_LEN;
memcpy(front->l3_addrs, &id, sizeof(id));
memset(front->l3_addrs + sizeof(id), 0, len - sizeof(id));
}
static struct nfp_crypto_req_add_back *
nfp_net_tls_set_ipv4(struct nfp_net *nn, struct nfp_crypto_req_add_v4 *req,
Reported by FlawFinder.
Line: 338
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
back->tcp_seq = cpu_to_be32(start_offload_tcp_sn);
tls_ci = (struct tls12_crypto_info_aes_gcm_128 *)crypto_info;
memcpy(back->key, tls_ci->key, TLS_CIPHER_AES_GCM_128_KEY_SIZE);
memset(&back->key[TLS_CIPHER_AES_GCM_128_KEY_SIZE / 4], 0,
sizeof(back->key) - TLS_CIPHER_AES_GCM_128_KEY_SIZE);
memcpy(back->iv, tls_ci->iv, TLS_CIPHER_AES_GCM_128_IV_SIZE);
memcpy(&back->salt, tls_ci->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
memcpy(back->rec_no, tls_ci->rec_seq, sizeof(tls_ci->rec_seq));
Reported by FlawFinder.
Line: 341
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(back->key, tls_ci->key, TLS_CIPHER_AES_GCM_128_KEY_SIZE);
memset(&back->key[TLS_CIPHER_AES_GCM_128_KEY_SIZE / 4], 0,
sizeof(back->key) - TLS_CIPHER_AES_GCM_128_KEY_SIZE);
memcpy(back->iv, tls_ci->iv, TLS_CIPHER_AES_GCM_128_IV_SIZE);
memcpy(&back->salt, tls_ci->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
memcpy(back->rec_no, tls_ci->rec_seq, sizeof(tls_ci->rec_seq));
/* Get an extra ref on the skb so we can wipe the key after */
skb_get(skb);
Reported by FlawFinder.
Line: 342
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&back->key[TLS_CIPHER_AES_GCM_128_KEY_SIZE / 4], 0,
sizeof(back->key) - TLS_CIPHER_AES_GCM_128_KEY_SIZE);
memcpy(back->iv, tls_ci->iv, TLS_CIPHER_AES_GCM_128_IV_SIZE);
memcpy(&back->salt, tls_ci->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
memcpy(back->rec_no, tls_ci->rec_seq, sizeof(tls_ci->rec_seq));
/* Get an extra ref on the skb so we can wipe the key after */
skb_get(skb);
Reported by FlawFinder.
Line: 343
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(back->key) - TLS_CIPHER_AES_GCM_128_KEY_SIZE);
memcpy(back->iv, tls_ci->iv, TLS_CIPHER_AES_GCM_128_IV_SIZE);
memcpy(&back->salt, tls_ci->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
memcpy(back->rec_no, tls_ci->rec_seq, sizeof(tls_ci->rec_seq));
/* Get an extra ref on the skb so we can wipe the key after */
skb_get(skb);
err = nfp_ccm_mbox_communicate(nn, skb, NFP_CCM_TYPE_CRYPTO_ADD,
Reported by FlawFinder.
Line: 444
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
req->ep_id = 0;
req->opcode = nfp_tls_1_2_dir_to_opcode(direction);
memset(req->resv, 0, sizeof(req->resv));
memcpy(req->handle, ntls->fw_handle, sizeof(ntls->fw_handle));
req->tcp_seq = cpu_to_be32(seq);
memcpy(req->rec_no, rcd_sn, sizeof(req->rec_no));
type = NFP_CCM_TYPE_CRYPTO_UPDATE;
if (direction == TLS_OFFLOAD_CTX_DIR_TX) {
Reported by FlawFinder.
drivers/net/wireless/ath/key.c
6 issues
Line: 357
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (authenticator) {
memcpy(hk->kv_mic, key_txmic, sizeof(hk->kv_mic));
memcpy(hk->kv_txmic, key_txmic, sizeof(hk->kv_mic));
} else {
memcpy(hk->kv_mic, key_rxmic, sizeof(hk->kv_mic));
memcpy(hk->kv_txmic, key_rxmic, sizeof(hk->kv_mic));
}
return ath_hw_set_keycache_entry(common, keyix, hk, addr);
Reported by FlawFinder.
Line: 360
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(hk->kv_txmic, key_txmic, sizeof(hk->kv_mic));
} else {
memcpy(hk->kv_mic, key_rxmic, sizeof(hk->kv_mic));
memcpy(hk->kv_txmic, key_rxmic, sizeof(hk->kv_mic));
}
return ath_hw_set_keycache_entry(common, keyix, hk, addr);
}
if (common->crypt_caps & ATH_CRYPT_CAP_MIC_COMBINED) {
/* TX and RX keys share the same key cache entry. */
Reported by FlawFinder.
Line: 506
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hk.kv_len = key->keylen;
if (key->keylen)
memcpy(hk.kv_val, key->key, key->keylen);
if (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
switch (vif->type) {
case NL80211_IFTYPE_AP:
memcpy(gmac, vif->addr, ETH_ALEN);
Reported by FlawFinder.
Line: 511
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
switch (vif->type) {
case NL80211_IFTYPE_AP:
memcpy(gmac, vif->addr, ETH_ALEN);
gmac[0] |= 0x01;
mac = gmac;
idx = ath_reserve_key_cache_slot(common, key->cipher);
break;
case NL80211_IFTYPE_ADHOC:
Reported by FlawFinder.
Line: 521
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
idx = key->keyidx;
break;
}
memcpy(gmac, sta->addr, ETH_ALEN);
gmac[0] |= 0x01;
mac = gmac;
idx = ath_reserve_key_cache_slot(common, key->cipher);
break;
default:
Reported by FlawFinder.
Line: 25
Column: 34
CWE codes:
120
20
#include "ath.h"
#include "reg.h"
#define REG_READ (common->ops->read)
#define REG_WRITE(_ah, _reg, _val) (common->ops->write)(_ah, _val, _reg)
#define ENABLE_REGWRITE_BUFFER(_ah) \
if (common->ops->enable_write_buffer) \
common->ops->enable_write_buffer((_ah));
Reported by FlawFinder.