The following issues were found
tools/testing/selftests/landlock/ptrace_test.c
6 issues
Line: 45
Column: 22
CWE codes:
134
Suggestion:
Use a constant for the format specification
char procenv_path[sizeof(path_template) + 10];
int procenv_path_size, fd;
procenv_path_size = snprintf(procenv_path, sizeof(procenv_path),
path_template, pid);
if (procenv_path_size >= sizeof(procenv_path))
return E2BIG;
fd = open(procenv_path, O_RDONLY | O_CLOEXEC);
Reported by FlawFinder.
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int test_ptrace_read(const pid_t pid)
{
static const char path_template[] = "/proc/%d/environ";
char procenv_path[sizeof(path_template) + 10];
int procenv_path_size, fd;
procenv_path_size = snprintf(procenv_path, sizeof(procenv_path),
path_template, pid);
if (procenv_path_size >= sizeof(procenv_path))
Reported by FlawFinder.
Line: 50
Column: 7
CWE codes:
362
if (procenv_path_size >= sizeof(procenv_path))
return E2BIG;
fd = open(procenv_path, O_RDONLY | O_CLOEXEC);
if (fd < 0)
return errno;
/*
* Mixing error codes from close(2) and open(2) should not lead to any
* (access type) confusion for this test.
Reported by FlawFinder.
Line: 243
Column: 16
CWE codes:
120
20
create_domain(_metadata);
/* Waits for the parent to be in a domain, if any. */
ASSERT_EQ(1, read(pipe_parent[0], &buf_child, 1));
/* Tests PTRACE_ATTACH and PTRACE_MODE_READ on the parent. */
err_proc_read = test_ptrace_read(parent);
ret = ptrace(PTRACE_ATTACH, parent, NULL, 0);
if (variant->domain_child) {
Reported by FlawFinder.
Line: 282
Column: 16
CWE codes:
120
20
}
/* Waits for the parent PTRACE_ATTACH test. */
ASSERT_EQ(1, read(pipe_parent[0], &buf_child, 1));
_exit(_metadata->passed ? EXIT_SUCCESS : EXIT_FAILURE);
return;
}
ASSERT_EQ(0, close(pipe_child[1]));
Reported by FlawFinder.
Line: 299
Column: 15
CWE codes:
120
20
* Waits for the child to test PTRACE_ATTACH on the parent and start
* testing PTRACE_TRACEME.
*/
ASSERT_EQ(1, read(pipe_child[0], &buf_parent, 1));
/* Tests child PTRACE_TRACEME. */
if (!variant->domain_parent) {
ASSERT_EQ(child, waitpid(child, &status, 0));
ASSERT_EQ(1, WIFSTOPPED(status));
Reported by FlawFinder.
tools/testing/selftests/netfilter/nf-queue.c
6 issues
Line: 332
Column: 14
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
{
int c;
while ((c = getopt(argc, argv, "chvt:q:Q:d:G")) != -1) {
switch (c) {
case 'c':
opts.count_packets = true;
break;
case 'h':
Reported by FlawFinder.
Line: 209
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mnl_socket *open_queue(void)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
unsigned int queue_num;
struct mnl_socket *nl;
struct nlmsghdr *nlh;
struct timeval tv;
uint32_t flags;
Reported by FlawFinder.
Line: 342
Column: 21
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
exit(0);
break;
case 'q':
opts.queue_num = atoi(optarg);
if (opts.queue_num > 0xffff)
opts.queue_num = 0;
break;
case 'Q':
opts.verdict = atoi(optarg);
Reported by FlawFinder.
Line: 347
Column: 19
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
opts.queue_num = 0;
break;
case 'Q':
opts.verdict = atoi(optarg);
if (opts.verdict > 0xffff) {
fprintf(stderr, "Expected destination queue number\n");
exit(1);
}
Reported by FlawFinder.
Line: 357
Column: 20
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
opts.verdict |= NF_QUEUE;
break;
case 'd':
opts.delay_ms = atoi(optarg);
if (opts.delay_ms == 0) {
fprintf(stderr, "Expected nonzero delay (in milliseconds)\n");
exit(1);
}
break;
Reported by FlawFinder.
Line: 364
Column: 19
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
}
break;
case 't':
opts.timeout = atoi(optarg);
break;
case 'G':
opts.gso_enabled = false;
break;
case 'v':
Reported by FlawFinder.
tools/testing/selftests/powerpc/stringloops/strlen.c
6 issues
Line: 62
Column: 2
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
exit(1);
}
srandom(1);
memset(s, 0, SIZE);
for (i = 0; i < SIZE; i++) {
char c;
Reported by FlawFinder.
Line: 69
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
char c;
do {
c = random() & 0x7f;
} while (!c);
s[i] = c;
test_one(s);
}
Reported by FlawFinder.
Line: 82
Column: 9
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
char c;
do {
c = random() & 0x7f;
} while (!c);
s[j] = c;
}
for (j = 0; j < sizeof(long); j++) {
s[SIZE - 1 - j] = 0;
Reported by FlawFinder.
Line: 96
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
char c;
do {
c = random() & 0x7f;
} while (!c);
s[i] = c;
}
bench_test(s);
Reported by FlawFinder.
Line: 23
Column: 7
CWE codes:
126
int x, y;
unsigned long i;
y = strlen(s + offset);
x = test_strlen(s + offset);
if (x != y) {
printf("strlen() returned %d, should have returned %d (%p offset %ld)\n", x, y, s, offset);
Reported by FlawFinder.
Line: 56
Column: 6
CWE codes:
676
Suggestion:
Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient
char *s;
unsigned long i;
s = memalign(128, SIZE);
if (!s) {
perror("memalign");
exit(1);
}
Reported by FlawFinder.
tools/power/cpupower/utils/cpufreq-set.c
6 issues
Line: 214
Column: 9
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
/* parameter parsing */
do {
ret = getopt_long(argc, argv, "d:u:g:f:r", set_opts, NULL);
switch (ret) {
case '?':
print_unknown_arg();
return -EINVAL;
case -1:
Reported by FlawFinder.
Line: 64
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static unsigned long string_to_frequency(const char *str)
{
char normalized[NORM_FREQ_LEN];
const struct freq_units *unit;
const char *scan;
char *end;
unsigned long freq;
int power = 0, match_count = 0, i, cp, pad;
Reported by FlawFinder.
Line: 203
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret = 0, cont = 1;
int double_parm = 0, related = 0, policychange = 0;
unsigned long freq = 0;
char gov[20];
unsigned int cpu;
struct cpufreq_policy new_pol = {
.min = 0,
.max = 0,
Reported by FlawFinder.
Line: 260
Column: 33
CWE codes:
126
if (new_pol.governor)
double_parm++;
policychange++;
if ((strlen(optarg) < 3) || (strlen(optarg) > 18)) {
print_unknown_arg();
return -EINVAL;
}
if ((sscanf(optarg, "%19s", gov)) != 1) {
print_unknown_arg();
Reported by FlawFinder.
Line: 260
Column: 9
CWE codes:
126
if (new_pol.governor)
double_parm++;
policychange++;
if ((strlen(optarg) < 3) || (strlen(optarg) > 18)) {
print_unknown_arg();
return -EINVAL;
}
if ((sscanf(optarg, "%19s", gov)) != 1) {
print_unknown_arg();
Reported by FlawFinder.
Line: 264
Column: 9
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
print_unknown_arg();
return -EINVAL;
}
if ((sscanf(optarg, "%19s", gov)) != 1) {
print_unknown_arg();
return -EINVAL;
}
new_pol.governor = gov;
break;
Reported by FlawFinder.
tools/power/cpupower/utils/helpers/misc.c
6 issues
Line: 57
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!(cpupower_cpu_info.caps & CPUPOWER_CAP_PERF_BIAS))
return -1;
snprintf(path, sizeof(path), PATH_TO_CPU "cpu%u/power/energy_perf_bias", cpu);
if (cpupower_read_sysfs(path, linebuf, MAX_LINE_LEN) == 0)
return -1;
val = strtol(linebuf, &endp, 0);
Reported by FlawFinder.
Line: 77
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!(cpupower_cpu_info.caps & CPUPOWER_CAP_PERF_BIAS))
return -1;
snprintf(path, sizeof(path), PATH_TO_CPU "cpu%u/power/energy_perf_bias", cpu);
snprintf(linebuf, sizeof(linebuf), "%d", val);
if (cpupower_write_sysfs(path, linebuf, 3) <= 0)
return -1;
Reported by FlawFinder.
Line: 49
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cpupower_intel_get_perf_bias(unsigned int cpu)
{
char linebuf[MAX_LINE_LEN];
char path[SYSFS_PATH_MAX];
unsigned long val;
char *endp;
if (!(cpupower_cpu_info.caps & CPUPOWER_CAP_PERF_BIAS))
Reported by FlawFinder.
Line: 50
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cpupower_intel_get_perf_bias(unsigned int cpu)
{
char linebuf[MAX_LINE_LEN];
char path[SYSFS_PATH_MAX];
unsigned long val;
char *endp;
if (!(cpupower_cpu_info.caps & CPUPOWER_CAP_PERF_BIAS))
return -1;
Reported by FlawFinder.
Line: 71
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cpupower_intel_set_perf_bias(unsigned int cpu, unsigned int val)
{
char path[SYSFS_PATH_MAX];
char linebuf[3] = {};
if (!(cpupower_cpu_info.caps & CPUPOWER_CAP_PERF_BIAS))
return -1;
Reported by FlawFinder.
Line: 72
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cpupower_intel_set_perf_bias(unsigned int cpu, unsigned int val)
{
char path[SYSFS_PATH_MAX];
char linebuf[3] = {};
if (!(cpupower_cpu_info.caps & CPUPOWER_CAP_PERF_BIAS))
return -1;
snprintf(path, sizeof(path), PATH_TO_CPU "cpu%u/power/energy_perf_bias", cpu);
Reported by FlawFinder.
tools/testing/selftests/arm64/mte/check_buffer_fill.c
6 issues
Line: 38
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
item = sizeof(sizes)/sizeof(int);
for (i = 0; i < item; i++) {
ptr = (char *)mte_allocate_memory(sizes[i], mem_type, 0, true);
if (check_allocated_memory(ptr, sizes[i], mem_type, true) != KSFT_PASS)
return KSFT_FAIL;
mte_initialize_current_context(mode, (uintptr_t)ptr, sizes[i]);
/* Set some value in tagged memory */
for (j = 0; j < sizes[i]; j++)
Reported by FlawFinder.
Line: 74
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
mte_switch_mode(mode, MTE_ALLOW_NON_ZERO_TAG);
item = sizeof(sizes)/sizeof(int);
for (i = 0; i < item; i++) {
ptr = (char *)mte_allocate_memory_tag_range(sizes[i], mem_type, 0,
underflow_range, 0);
if (check_allocated_memory_range(ptr, sizes[i], mem_type,
underflow_range, 0) != KSFT_PASS)
return KSFT_FAIL;
Reported by FlawFinder.
Line: 170
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
mte_switch_mode(mode, MTE_ALLOW_NON_ZERO_TAG);
item = sizeof(sizes)/sizeof(int);
for (i = 0; i < item; i++) {
ptr = (char *)mte_allocate_memory_tag_range(sizes[i], mem_type, 0,
0, overflow_range);
if (check_allocated_memory_range(ptr, sizes[i], mem_type,
0, overflow_range) != KSFT_PASS)
return KSFT_FAIL;
Reported by FlawFinder.
Line: 312
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mte_initialize_current_context(mode, (uintptr_t)dst, size);
/* Set some value in memory and copy*/
memset((void *)src, (int)'1', size);
memcpy((void *)dst, (void *)src, size);
mte_wait_after_trig();
if (cur_mte_cxt.fault_valid) {
result = KSFT_FAIL;
goto check_buffer_by_block_err;
}
Reported by FlawFinder.
Line: 374
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
mte_switch_mode(mode, MTE_ALLOW_NON_ZERO_TAG);
for (run = 0; run < total; run++) {
/* check initial tags for anonymous mmap */
ptr = (char *)mte_allocate_memory(sizes[run], mem_type, mapping, false);
if (check_allocated_memory(ptr, sizes[run], mem_type, false) != KSFT_PASS)
return KSFT_FAIL;
if (compare_memory_tags(ptr, sizes[run], 0) != KSFT_PASS) {
mte_free_memory((void *)ptr, sizes[run], mem_type, false);
return KSFT_FAIL;
Reported by FlawFinder.
Line: 387
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
fd = create_temp_file();
if (fd == -1)
return KSFT_FAIL;
ptr = (char *)mte_allocate_file_memory(sizes[run], mem_type, mapping, false, fd);
if (check_allocated_memory(ptr, sizes[run], mem_type, false) != KSFT_PASS) {
close(fd);
return KSFT_FAIL;
}
if (compare_memory_tags(ptr, sizes[run], 0) != KSFT_PASS) {
Reported by FlawFinder.
tools/perf/util/srcline.c
6 issues
Line: 421
Column: 7
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
scnprintf(cmd, sizeof(cmd), "addr2line -e %s %016"PRIx64,
dso_name, addr);
fp = popen(cmd, "r");
if (fp == NULL) {
pr_warning("popen failed for %s\n", dso_name);
return 0;
}
Reported by FlawFinder.
Line: 464
Column: 7
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
scnprintf(cmd, sizeof(cmd), "addr2line -e %s -i -f %016"PRIx64,
dso_name, addr);
fp = popen(cmd, "r");
if (fp == NULL) {
pr_err("popen failed for %s\n", dso_name);
return NULL;
}
Reported by FlawFinder.
Line: 413
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct symbol *sym __maybe_unused)
{
FILE *fp;
char cmd[PATH_MAX];
char *filename = NULL;
size_t len;
int ret = 0;
scnprintf(cmd, sizeof(cmd), "addr2line -e %s %016"PRIx64,
Reported by FlawFinder.
Line: 454
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct symbol *sym)
{
FILE *fp;
char cmd[PATH_MAX];
struct inline_node *node;
char *filename = NULL;
char *funcname = NULL;
size_t filelen, funclen;
unsigned int line_nr = 0;
Reported by FlawFinder.
Line: 228
Column: 24
CWE codes:
126
&a2l->filename, &a2l->funcname,
&a2l->line);
if (a2l->filename && !strlen(a2l->filename))
a2l->filename = NULL;
}
static struct a2l_data *addr2line_init(const char *path)
{
Reported by FlawFinder.
Line: 329
Column: 26
CWE codes:
126
&a2l->funcname, &a2l->line) &&
cnt++ < MAX_INLINE_NEST) {
if (a2l->filename && !strlen(a2l->filename))
a2l->filename = NULL;
if (node != NULL) {
if (inline_list__append_dso_a2l(dso, node, sym))
return 0;
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_varlen.c
6 issues
Line: 11
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MAX_LEN 256
char buf_in1[MAX_LEN] = {};
char buf_in2[MAX_LEN] = {};
int test_pid = 0;
bool capture = false;
Reported by FlawFinder.
Line: 12
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MAX_LEN 256
char buf_in1[MAX_LEN] = {};
char buf_in2[MAX_LEN] = {};
int test_pid = 0;
bool capture = false;
/* .bss */
Reported by FlawFinder.
Line: 21
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u64 payload1_len1 = 0;
__u64 payload1_len2 = 0;
__u64 total1 = 0;
char payload1[MAX_LEN + MAX_LEN] = {};
/* .data */
int payload2_len1 = -1;
int payload2_len2 = -1;
int total2 = -1;
Reported by FlawFinder.
Line: 27
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int payload2_len1 = -1;
int payload2_len2 = -1;
int total2 = -1;
char payload2[MAX_LEN + MAX_LEN] = { 1 };
int payload3_len1 = -1;
int payload3_len2 = -1;
int total3= -1;
char payload3[MAX_LEN + MAX_LEN] = { 1 };
Reported by FlawFinder.
Line: 32
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int payload3_len1 = -1;
int payload3_len2 = -1;
int total3= -1;
char payload3[MAX_LEN + MAX_LEN] = { 1 };
int payload4_len1 = -1;
int payload4_len2 = -1;
int total4= -1;
char payload4[MAX_LEN + MAX_LEN] = { 1 };
Reported by FlawFinder.
Line: 37
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int payload4_len1 = -1;
int payload4_len2 = -1;
int total4= -1;
char payload4[MAX_LEN + MAX_LEN] = { 1 };
SEC("raw_tp/sys_enter")
int handler64_unsigned(void *regs)
{
int pid = bpf_get_current_pid_tgid() >> 32;
Reported by FlawFinder.
tools/gpio/lsgpio.c
6 issues
Line: 81
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
for (i = 0; i < ARRAY_SIZE(flagnames); i++) {
if (info->flags & flagnames[i].mask) {
fprintf(stdout, field_format, flagnames[i].name);
field_format = ", %s";
}
}
if ((info->flags & GPIO_V2_LINE_FLAG_EDGE_RISING) &&
Reported by FlawFinder.
Line: 88
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if ((info->flags & GPIO_V2_LINE_FLAG_EDGE_RISING) &&
(info->flags & GPIO_V2_LINE_FLAG_EDGE_FALLING))
fprintf(stdout, field_format, "both-edges");
else if (info->flags & GPIO_V2_LINE_FLAG_EDGE_RISING)
fprintf(stdout, field_format, "rising-edge");
else if (info->flags & GPIO_V2_LINE_FLAG_EDGE_FALLING)
fprintf(stdout, field_format, "falling-edge");
Reported by FlawFinder.
Line: 90
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
(info->flags & GPIO_V2_LINE_FLAG_EDGE_FALLING))
fprintf(stdout, field_format, "both-edges");
else if (info->flags & GPIO_V2_LINE_FLAG_EDGE_RISING)
fprintf(stdout, field_format, "rising-edge");
else if (info->flags & GPIO_V2_LINE_FLAG_EDGE_FALLING)
fprintf(stdout, field_format, "falling-edge");
for (i = 0; i < info->num_attrs; i++) {
if (info->attrs[i].id == GPIO_V2_LINE_ATTR_ID_DEBOUNCE)
Reported by FlawFinder.
Line: 92
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
else if (info->flags & GPIO_V2_LINE_FLAG_EDGE_RISING)
fprintf(stdout, field_format, "rising-edge");
else if (info->flags & GPIO_V2_LINE_FLAG_EDGE_FALLING)
fprintf(stdout, field_format, "falling-edge");
for (i = 0; i < info->num_attrs; i++) {
if (info->attrs[i].id == GPIO_V2_LINE_ATTR_ID_DEBOUNCE)
fprintf(stdout, ", debounce_period=%dusec",
info->attrs[0].debounce_period_us);
Reported by FlawFinder.
Line: 184
Column: 14
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
int ret;
int c;
while ((c = getopt(argc, argv, "n:")) != -1) {
switch (c) {
case 'n':
device_name = optarg;
break;
case '?':
Reported by FlawFinder.
Line: 113
Column: 7
CWE codes:
362
if (ret < 0)
return -ENOMEM;
fd = open(chrdev_name, 0);
if (fd == -1) {
ret = -errno;
fprintf(stderr, "Failed to open %s\n", chrdev_name);
goto exit_free_name;
}
Reported by FlawFinder.
tools/testing/selftests/net/udpgso_bench_tx.c
6 issues
Line: 425
Column: 14
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
int max_len, hdrlen;
int c;
while ((c = getopt(argc, argv, "46acC:D:Hl:mM:p:s:PS:tTuvz")) != -1) {
switch (c) {
case '4':
if (cfg_family != PF_UNSPEC)
error(1, 0, "Pass one of -4 or -6");
cfg_family = PF_INET;
Reported by FlawFinder.
Line: 87
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct sockaddr_storage cfg_dst_addr;
static bool interrupted;
static char buf[NUM_PKT][ETH_MAX_MTU];
static void sigint_handler(int signum)
{
if (signum == SIGINT)
interrupted = true;
Reported by FlawFinder.
Line: 211
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void flush_errqueue_recv(int fd)
{
char control[CMSG_SPACE(sizeof(struct scm_timestamping)) +
CMSG_SPACE(sizeof(struct sock_extended_err)) +
CMSG_SPACE(sizeof(struct sockaddr_in6))] = {0};
struct msghdr msg = {0};
struct cmsghdr *cmsg;
int ret;
Reported by FlawFinder.
Line: 311
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int send_udp_sendmmsg(int fd, char *data)
{
char control[CMSG_SPACE(sizeof(cfg_tx_ts))] = {0};
const int max_nr_msg = ETH_MAX_MTU / ETH_DATA_LEN;
struct mmsghdr mmsgs[max_nr_msg];
struct iovec iov[max_nr_msg];
unsigned int off = 0, left;
size_t msg_controllen = 0;
Reported by FlawFinder.
Line: 375
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int send_udp_segment(int fd, char *data)
{
char control[CMSG_SPACE(sizeof(cfg_gso_size)) +
CMSG_SPACE(sizeof(cfg_tx_ts))] = {0};
struct msghdr msg = {0};
struct iovec iov = {0};
size_t msg_controllen;
struct cmsghdr *cmsg;
Reported by FlawFinder.
Line: 623
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < sizeof(buf[0]); i++)
buf[0][i] = 'a' + (i % 26);
for (i = 1; i < NUM_PKT; i++)
memcpy(buf[i], buf[0], sizeof(buf[0]));
signal(SIGINT, sigint_handler);
fd = socket(cfg_family, cfg_tcp ? SOCK_STREAM : SOCK_DGRAM, 0);
if (fd == -1)
Reported by FlawFinder.