The following issues were found
sound/pci/als300.c
6 issues
Line: 763
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
sprintf(card->shortname, "ALS300 (Rev. %c)", 'A' +
chip->revision - 1);
sprintf(card->longname, "%s at 0x%lx irq %i",
card->shortname, chip->port, chip->irq);
err = snd_card_register(card);
if (err < 0) {
snd_card_free(card);
Reported by FlawFinder.
Line: 91
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_LICENSE("GPL");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX;
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR;
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP;
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for ALS300 sound card.");
module_param_array(id, charp, NULL, 0444);
Reported by FlawFinder.
Line: 564
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
return err;
pcm->private_data = chip;
strcpy(pcm->name, "ALS300");
chip->pcm = pcm;
/* set operators */
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK,
&snd_als300_playback_ops);
Reported by FlawFinder.
Line: 755
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
card->private_data = chip;
strcpy(card->driver, "ALS300");
if (chip->chip_type == DEVICE_ALS300_PLUS)
/* don't know much about ALS300+ yet
* print revision number for now */
sprintf(card->shortname, "ALS300+ (Rev. %d)", chip->revision);
else
Reported by FlawFinder.
Line: 759
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (chip->chip_type == DEVICE_ALS300_PLUS)
/* don't know much about ALS300+ yet
* print revision number for now */
sprintf(card->shortname, "ALS300+ (Rev. %d)", chip->revision);
else
sprintf(card->shortname, "ALS300 (Rev. %c)", 'A' +
chip->revision - 1);
sprintf(card->longname, "%s at 0x%lx irq %i",
card->shortname, chip->port, chip->irq);
Reported by FlawFinder.
Line: 761
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* print revision number for now */
sprintf(card->shortname, "ALS300+ (Rev. %d)", chip->revision);
else
sprintf(card->shortname, "ALS300 (Rev. %c)", 'A' +
chip->revision - 1);
sprintf(card->longname, "%s at 0x%lx irq %i",
card->shortname, chip->port, chip->irq);
err = snd_card_register(card);
Reported by FlawFinder.
samples/connector/ucon.c
6 issues
Line: 38
Column: 23
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define CN_TEST_VAL 0x456
#ifdef DEBUG
#define ulog(f, a...) fprintf(stdout, f, ##a)
#else
#define ulog(f, a...) do {} while (0)
#endif
static int need_exit;
Reported by FlawFinder.
Line: 110
Column: 14
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
struct pollfd pfd;
bool send_msgs = false;
while ((s = getopt(argc, argv, "hs")) != -1) {
switch (s) {
case 's':
send_msgs = true;
break;
Reported by FlawFinder.
Line: 51
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nlmsghdr *nlh;
unsigned int size;
int err;
char buf[128];
struct cn_msg *m;
size = NLMSG_SPACE(sizeof(struct cn_msg) + msg->len);
nlh = (struct nlmsghdr *)buf;
Reported by FlawFinder.
Line: 68
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ulog("%s: [%08x.%08x] len=%u, seq=%u, ack=%u.\n",
__func__, msg->id.idx, msg->id.val, msg->len, msg->seq, msg->ack);
#endif
memcpy(m, msg, sizeof(*m) + msg->len);
err = send(s, nlh, size, 0);
if (err == -1)
ulog("Failed to send: %s [%d].\n",
strerror(errno), errno);
Reported by FlawFinder.
Line: 100
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int main(int argc, char *argv[])
{
int s;
char buf[1024];
int len;
struct nlmsghdr *reply;
struct sockaddr_nl l_local;
struct cn_msg *data;
FILE *out;
Reported by FlawFinder.
Line: 128
Column: 9
CWE codes:
362
}
if (argc != optind) {
out = fopen(argv[optind], "a+");
if (!out) {
ulog("Unable to open %s for writing: %s\n",
argv[1], strerror(errno));
out = stdout;
}
Reported by FlawFinder.
net/rxrpc/rxkad.c
6 issues
Line: 66
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (prep->datalen != 8)
return -EINVAL;
memcpy(&prep->payload.data[2], prep->data, 8);
ci = crypto_alloc_skcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(ci)) {
_leave(" = %ld", PTR_ERR(ci));
return PTR_ERR(ci);
Reported by FlawFinder.
Line: 278
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data_size |= (u32)check << 16;
hdr.data_size = htonl(data_size);
memcpy(skb->head, &hdr, sizeof(hdr));
pad = sizeof(struct rxkad_level1_hdr) + data_size;
pad = RXKAD_ALIGN - pad;
pad &= RXKAD_ALIGN - 1;
if (pad)
Reported by FlawFinder.
Line: 326
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rxkhdr.data_size = htonl(data_size | (u32)check << 16);
rxkhdr.checksum = 0;
memcpy(skb->head, &rxkhdr, sizeof(rxkhdr));
pad = sizeof(struct rxkad_level2_hdr) + data_size;
pad = RXKAD_ALIGN - pad;
pad &= RXKAD_ALIGN - 1;
if (pad)
Reported by FlawFinder.
Line: 1066
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&key, p, sizeof(key));
p += 8;
_debug("KIV KEY : %08x %08x", ntohl(key.n[0]), ntohl(key.n[1]));
memcpy(_session_key, &key, sizeof(key));
/* get the ticket's lifetime */
life = *p++ * 5 * 60;
_debug("KIV LIFE : %u", life);
Reported by FlawFinder.
Line: 1075
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* get the issue time of the ticket */
if (little_endian) {
__le32 stamp;
memcpy(&stamp, p, 4);
issue = rxrpc_u32_to_time64(le32_to_cpu(stamp));
} else {
__be32 stamp;
memcpy(&stamp, p, 4);
issue = rxrpc_u32_to_time64(be32_to_cpu(stamp));
Reported by FlawFinder.
Line: 1079
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
issue = rxrpc_u32_to_time64(le32_to_cpu(stamp));
} else {
__be32 stamp;
memcpy(&stamp, p, 4);
issue = rxrpc_u32_to_time64(be32_to_cpu(stamp));
}
p += 4;
now = ktime_get_real_seconds();
_debug("KIV ISSUE: %llx [%llx]", issue, now);
Reported by FlawFinder.
sound/usb/line6/midibuf.c
6 issues
Line: 110
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (length < length1) {
/* no buffer wraparound */
memcpy(this->buf + this->pos_write, data, length);
this->pos_write += length;
} else {
/* buffer wraparound */
length2 = length - length1;
memcpy(this->buf + this->pos_write, data, length1);
Reported by FlawFinder.
Line: 115
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
/* buffer wraparound */
length2 = length - length1;
memcpy(this->buf + this->pos_write, data, length1);
memcpy(this->buf, data + length1, length2);
this->pos_write = length2;
}
if (this->pos_write == this->pos_read)
Reported by FlawFinder.
Line: 116
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* buffer wraparound */
length2 = length - length1;
memcpy(this->buf + this->pos_write, data, length1);
memcpy(this->buf, data + length1, length2);
this->pos_write = length2;
}
if (this->pos_write == this->pos_read)
this->full = 1;
Reported by FlawFinder.
Line: 215
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (length < length1) {
/* no buffer wraparound */
memcpy(data + repeat, this->buf + this->pos_read, length);
this->pos_read += length;
} else {
/* buffer wraparound */
length2 = length - length1;
memcpy(data + repeat, this->buf + this->pos_read, length1);
Reported by FlawFinder.
Line: 220
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
/* buffer wraparound */
length2 = length - length1;
memcpy(data + repeat, this->buf + this->pos_read, length1);
memcpy(data + repeat + length1, this->buf, length2);
this->pos_read = length2;
}
if (repeat)
Reported by FlawFinder.
Line: 221
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* buffer wraparound */
length2 = length - length1;
memcpy(data + repeat, this->buf + this->pos_read, length1);
memcpy(data + repeat + length1, this->buf, length2);
this->pos_read = length2;
}
if (repeat)
data[0] = this->command_prev;
Reported by FlawFinder.
net/wireless/util.c
6 issues
Line: 572
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* 1 0 BSSID SA DA n/a
* 1 1 RA TA DA SA
*/
memcpy(tmp.h_dest, ieee80211_get_DA(hdr), ETH_ALEN);
memcpy(tmp.h_source, ieee80211_get_SA(hdr), ETH_ALEN);
if (iftype == NL80211_IFTYPE_MESH_POINT)
skb_copy_bits(skb, hdrlen, &mesh_flags, 1);
Reported by FlawFinder.
Line: 573
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* 1 1 RA TA DA SA
*/
memcpy(tmp.h_dest, ieee80211_get_DA(hdr), ETH_ALEN);
memcpy(tmp.h_source, ieee80211_get_SA(hdr), ETH_ALEN);
if (iftype == NL80211_IFTYPE_MESH_POINT)
skb_copy_bits(skb, hdrlen, &mesh_flags, 1);
mesh_flags &= MESH_FLAGS_AE;
Reported by FlawFinder.
Line: 646
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!ehdr)
ehdr = skb_push(skb, sizeof(struct ethhdr));
memcpy(ehdr, &tmp, sizeof(tmp));
return 0;
}
EXPORT_SYMBOL(ieee80211_data_to_8023_exthdr);
Reported by FlawFinder.
Line: 816
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_pull(frame, ETH_ALEN + 2);
}
memcpy(skb_push(frame, sizeof(eth)), ð, sizeof(eth));
__skb_queue_tail(list, frame);
}
if (!reuse_skb)
dev_kfree_skb(skb);
Reported by FlawFinder.
Line: 1488
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (copy && desired_attr) {
desired_len += copy;
if (out) {
memcpy(out, iedata, min(bufsize, copy));
out += min(bufsize, copy);
bufsize -= min(bufsize, copy);
}
Reported by FlawFinder.
Line: 1521
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (desired_attr) {
desired_len += copy;
if (out) {
memcpy(out, iedata, min(bufsize, copy));
out += min(bufsize, copy);
bufsize -= min(bufsize, copy);
}
if (copy == attr_len)
Reported by FlawFinder.
scripts/kconfig/util.c
6 issues
Line: 61
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
gs->s = xrealloc(gs->s, l);
gs->len = l;
}
strcat(gs->s, s);
}
}
/* Append printf formatted string to growable string */
void str_printf(struct gstr *gs, const char *fmt, ...)
Reported by FlawFinder.
Line: 71
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list ap;
char s[10000]; /* big enough... */
va_start(ap, fmt);
vsnprintf(s, sizeof(s), fmt, ap);
str_append(gs, s);
va_end(ap);
}
/* Retrieve value of growable string */
Reported by FlawFinder.
Line: 69
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void str_printf(struct gstr *gs, const char *fmt, ...)
{
va_list ap;
char s[10000]; /* big enough... */
va_start(ap, fmt);
vsnprintf(s, sizeof(s), fmt, ap);
str_append(gs, s);
va_end(ap);
}
Reported by FlawFinder.
Line: 38
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
gs.s = xmalloc(sizeof(char) * 64);
gs.len = 64;
gs.max_width = 0;
strcpy(gs.s, "\0");
return gs;
}
/* Free storage for growable string */
void str_free(struct gstr *gs)
Reported by FlawFinder.
Line: 56
Column: 23
CWE codes:
126
{
size_t l;
if (s) {
l = strlen(gs->s) + strlen(s) + 1;
if (l > gs->len) {
gs->s = xrealloc(gs->s, l);
gs->len = l;
}
strcat(gs->s, s);
Reported by FlawFinder.
Line: 56
Column: 7
CWE codes:
126
{
size_t l;
if (s) {
l = strlen(gs->s) + strlen(s) + 1;
if (l > gs->len) {
gs->s = xrealloc(gs->s, l);
gs->len = l;
}
strcat(gs->s, s);
Reported by FlawFinder.
sound/pci/asihpi/hpi6000.c
6 issues
Line: 611
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
phr->u.ax.assert.p2 = 0;
phr->u.ax.assert.count = 1; /* assert count */
phr->u.ax.assert.dsp_index = -1; /* "dsp index" */
strcpy(phr->u.ax.assert.sz_message, "PCI2040 error");
phr->u.ax.assert.dsp_msg_addr = 0;
gw_pci_read_asserts = 0;
gw_pci_write_asserts = 0;
phr->error = 0;
} else
Reported by FlawFinder.
Line: 1049
Column: 8
CWE codes:
120
20
&& hpi6000_check_PCI2040_error_flag(pao,
H6READ));
if (read)
break;
/* The following is a workaround for bug #94:
* Bluescreen on install and subsequent boots on a
* DELL PowerEdge 600SC PC with 1.8GHz P4 and
* ServerWorks chipset. Without this delay the system
Reported by FlawFinder.
Line: 1110
Column: 8
CWE codes:
120
20
hpi_write_word(pdo, PLD_BASE_ADDRESS + 4L, test_data);
read = hpi_read_word(pdo,
PLD_BASE_ADDRESS + 4L) & mask;
if (read != test_data) {
HPI_DEBUG_LOG(ERROR, "PLD %x %x\n", test_data,
read);
return HPI6000_ERROR_INIT_PLDTEST1;
}
test_data = 0x55555500L & mask;
Reported by FlawFinder.
Line: 1112
Column: 6
CWE codes:
120
20
PLD_BASE_ADDRESS + 4L) & mask;
if (read != test_data) {
HPI_DEBUG_LOG(ERROR, "PLD %x %x\n", test_data,
read);
return HPI6000_ERROR_INIT_PLDTEST1;
}
test_data = 0x55555500L & mask;
hpi_write_word(pdo, PLD_BASE_ADDRESS + 4L, test_data);
read = hpi_read_word(pdo,
Reported by FlawFinder.
Line: 1119
Column: 8
CWE codes:
120
20
hpi_write_word(pdo, PLD_BASE_ADDRESS + 4L, test_data);
read = hpi_read_word(pdo,
PLD_BASE_ADDRESS + 4L) & mask;
if (read != test_data) {
HPI_DEBUG_LOG(ERROR, "PLD %x %x\n", test_data,
read);
return HPI6000_ERROR_INIT_PLDTEST2;
}
}
Reported by FlawFinder.
Line: 1121
Column: 6
CWE codes:
120
20
PLD_BASE_ADDRESS + 4L) & mask;
if (read != test_data) {
HPI_DEBUG_LOG(ERROR, "PLD %x %x\n", test_data,
read);
return HPI6000_ERROR_INIT_PLDTEST2;
}
}
} /* for numDSP */
return 0;
Reported by FlawFinder.
security/keys/trusted-keys/trusted_tpm2.c
6 issues
Line: 57
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
asn1_oid_len(tpm2key_oid));
if (options->blobauth_len == 0) {
unsigned char bool[3], *w = bool;
/* tag 0 is emptyAuth */
w = asn1_encode_boolean(w, w + sizeof(bool), true);
if (WARN(IS_ERR(w), "BUG: Boolean failed to encode"))
return PTR_ERR(w);
work = asn1_encode_tag(work, end_work, 0, bool, w - bool);
Reported by FlawFinder.
Line: 121
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*buf = blob;
options->keyhandle = ctx.parent;
memcpy(blob, ctx.priv, ctx.priv_len);
blob += ctx.priv_len;
memcpy(blob, ctx.pub, ctx.pub_len);
return 0;
Reported by FlawFinder.
Line: 124
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(blob, ctx.priv, ctx.priv_len);
blob += ctx.priv_len;
memcpy(blob, ctx.pub, ctx.pub_len);
return 0;
}
int tpm2_key_parent(void *context, size_t hdrlen,
Reported by FlawFinder.
Line: 153
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum OID oid = look_up_OID(value, vlen);
if (oid != OID_TPMSealedData) {
char buffer[50];
sprint_oid(value, vlen, buffer, sizeof(buffer));
pr_debug("OID is \"%s\" which is not TPMSealedData\n",
buffer);
return -EINVAL;
Reported by FlawFinder.
Line: 501
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (payload->old_format) {
/* migratable flag is at the end of the key */
memcpy(payload->key, data, data_len - 1);
payload->key_len = data_len - 1;
payload->migratable = data[data_len - 1];
} else {
/*
* migratable flag already collected from key
Reported by FlawFinder.
Line: 509
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* migratable flag already collected from key
* attributes
*/
memcpy(payload->key, data, data_len);
payload->key_len = data_len;
}
}
out:
Reported by FlawFinder.
net/wireless/mlme.c
6 issues
Line: 217
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *buf = kmalloc(128, gfp);
if (buf) {
sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
"keyid=%d %scast addr=%pM)", key_id,
key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni",
addr);
memset(&wrqu, 0, sizeof(wrqu));
wrqu.data.length = strlen(buf);
Reported by FlawFinder.
Line: 426
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!wdev->current_bss)
return;
memcpy(bssid, wdev->current_bss->pub.bssid, ETH_ALEN);
cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0,
WLAN_REASON_DEAUTH_LEAVING, false);
}
struct cfg80211_mgmt_registration {
Reported by FlawFinder.
Line: 577
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (update_multicast) {
kfree(nreg);
} else {
memcpy(nreg->match, match_data, match_len);
nreg->match_len = match_len;
nreg->nlportid = snd_portid;
nreg->frame_type = cpu_to_le16(frame_type);
nreg->wdev = wdev;
nreg->multicast_rx = multicast_rx;
Reported by FlawFinder.
Line: 924
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp);
memcpy(&rdev->radar_chandef, chandef, sizeof(struct cfg80211_chan_def));
queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
}
EXPORT_SYMBOL(cfg80211_radar_event);
void cfg80211_cac_event(struct net_device *netdev,
Reported by FlawFinder.
Line: 952
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msecs_to_jiffies(wdev->cac_time_ms);
WARN_ON(!time_after_eq(jiffies, timeout));
cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE);
memcpy(&rdev->cac_done_chandef, chandef,
sizeof(struct cfg80211_chan_def));
queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk);
cfg80211_sched_dfs_chan_update(rdev);
fallthrough;
case NL80211_RADAR_CAC_ABORTED:
Reported by FlawFinder.
Line: 222
Column: 22
CWE codes:
126
key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni",
addr);
memset(&wrqu, 0, sizeof(wrqu));
wrqu.data.length = strlen(buf);
wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
kfree(buf);
}
#endif
Reported by FlawFinder.
net/wireless/lib80211.c
6 issues
Line: 73
Column: 59
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
lib80211_crypt_deinit_entries(info, 1);
for (i = 0; i < NUM_WEP_KEYS; i++) {
struct lib80211_crypt_data *crypt = info->crypt[i];
if (crypt) {
if (crypt->ops) {
crypt->ops->deinit(crypt->priv);
module_put(crypt->ops->owner);
}
Reported by FlawFinder.
Line: 74
Column: 21
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
for (i = 0; i < NUM_WEP_KEYS; i++) {
struct lib80211_crypt_data *crypt = info->crypt[i];
if (crypt) {
if (crypt->ops) {
crypt->ops->deinit(crypt->priv);
module_put(crypt->ops->owner);
}
kfree(crypt);
Reported by FlawFinder.
Line: 79
Column: 31
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
crypt->ops->deinit(crypt->priv);
module_put(crypt->ops->owner);
}
kfree(crypt);
info->crypt[i] = NULL;
}
}
}
EXPORT_SYMBOL(lib80211_crypt_info_free);
Reported by FlawFinder.
Line: 80
Column: 31
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
module_put(crypt->ops->owner);
}
kfree(crypt);
info->crypt[i] = NULL;
}
}
}
EXPORT_SYMBOL(lib80211_crypt_info_free);
Reported by FlawFinder.
Line: 137
Column: 38
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
}
void lib80211_crypt_delayed_deinit(struct lib80211_crypt_info *info,
struct lib80211_crypt_data **crypt)
{
struct lib80211_crypt_data *tmp;
unsigned long flags;
if (*crypt == NULL)
Reported by FlawFinder.
Line: 145
Column: 9
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (*crypt == NULL)
return;
tmp = *crypt;
*crypt = NULL;
/* must not run ops->deinit() while there may be pending encrypt or
* decrypt operations. Use a list of delayed deinits to avoid needing
* locking. */
Reported by FlawFinder.