The following issues were found
arch/mips/fw/cfe/cfe_api.c
5 issues
Line: 192
Column: 40
CWE codes:
126
xiocb.xiocb_psize = sizeof(struct xiocb_buffer);
xiocb.plist.xiocb_buffer.buf_offset = 0;
xiocb.plist.xiocb_buffer.buf_ptr = XPTR_FROM_NATIVE(name);
xiocb.plist.xiocb_buffer.buf_length = strlen(name);
cfe_iocb_dispatch(&xiocb);
if (xiocb.xiocb_status < 0)
return xiocb.xiocb_status;
Reported by FlawFinder.
Line: 214
Column: 41
CWE codes:
126
xiocb.xiocb_psize = sizeof(struct xiocb_envbuf);
xiocb.plist.xiocb_envbuf.enum_idx = 0;
xiocb.plist.xiocb_envbuf.name_ptr = XPTR_FROM_NATIVE(name);
xiocb.plist.xiocb_envbuf.name_length = strlen(name);
xiocb.plist.xiocb_envbuf.val_ptr = XPTR_FROM_NATIVE(dest);
xiocb.plist.xiocb_envbuf.val_length = destlen;
cfe_iocb_dispatch(&xiocb);
Reported by FlawFinder.
Line: 337
Column: 40
CWE codes:
126
xiocb.xiocb_psize = sizeof(struct xiocb_buffer);
xiocb.plist.xiocb_buffer.buf_offset = 0;
xiocb.plist.xiocb_buffer.buf_ptr = XPTR_FROM_NATIVE(name);
xiocb.plist.xiocb_buffer.buf_length = strlen(name);
cfe_iocb_dispatch(&xiocb);
if (xiocb.xiocb_status < 0)
return xiocb.xiocb_status;
Reported by FlawFinder.
Line: 382
Column: 41
CWE codes:
126
xiocb.xiocb_psize = sizeof(struct xiocb_envbuf);
xiocb.plist.xiocb_envbuf.enum_idx = 0;
xiocb.plist.xiocb_envbuf.name_ptr = XPTR_FROM_NATIVE(name);
xiocb.plist.xiocb_envbuf.name_length = strlen(name);
xiocb.plist.xiocb_envbuf.val_ptr = XPTR_FROM_NATIVE(val);
xiocb.plist.xiocb_envbuf.val_length = strlen(val);
cfe_iocb_dispatch(&xiocb);
Reported by FlawFinder.
Line: 384
Column: 40
CWE codes:
126
xiocb.plist.xiocb_envbuf.name_ptr = XPTR_FROM_NATIVE(name);
xiocb.plist.xiocb_envbuf.name_length = strlen(name);
xiocb.plist.xiocb_envbuf.val_ptr = XPTR_FROM_NATIVE(val);
xiocb.plist.xiocb_envbuf.val_length = strlen(val);
cfe_iocb_dispatch(&xiocb);
return xiocb.xiocb_status;
}
Reported by FlawFinder.
arch/powerpc/boot/string.h
5 issues
Line: 6
Column: 14
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
#define _PPC_BOOT_STRING_H_
#include <stddef.h>
extern char *strcpy(char *dest, const char *src);
extern char *strncpy(char *dest, const char *src, size_t n);
extern char *strcat(char *dest, const char *src);
extern char *strchr(const char *s, int c);
extern char *strrchr(const char *s, int c);
extern int strcmp(const char *s1, const char *s2);
Reported by FlawFinder.
Line: 8
Column: 14
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
extern char *strcpy(char *dest, const char *src);
extern char *strncpy(char *dest, const char *src, size_t n);
extern char *strcat(char *dest, const char *src);
extern char *strchr(const char *s, int c);
extern char *strrchr(const char *s, int c);
extern int strcmp(const char *s1, const char *s2);
extern int strncmp(const char *s1, const char *s2, size_t n);
extern size_t strlen(const char *s);
Reported by FlawFinder.
Line: 18
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
extern void *memset(void *s, int c, size_t n);
extern void *memmove(void *dest, const void *src, unsigned long n);
extern void *memcpy(void *dest, const void *src, unsigned long n);
extern void *memchr(const void *s, int c, size_t n);
extern int memcmp(const void *s1, const void *s2, size_t n);
#endif /* _PPC_BOOT_STRING_H_ */
Reported by FlawFinder.
Line: 7
Column: 14
CWE codes:
120
#include <stddef.h>
extern char *strcpy(char *dest, const char *src);
extern char *strncpy(char *dest, const char *src, size_t n);
extern char *strcat(char *dest, const char *src);
extern char *strchr(const char *s, int c);
extern char *strrchr(const char *s, int c);
extern int strcmp(const char *s1, const char *s2);
extern int strncmp(const char *s1, const char *s2, size_t n);
Reported by FlawFinder.
Line: 13
Column: 15
CWE codes:
126
extern char *strrchr(const char *s, int c);
extern int strcmp(const char *s1, const char *s2);
extern int strncmp(const char *s1, const char *s2, size_t n);
extern size_t strlen(const char *s);
extern size_t strnlen(const char *s, size_t count);
extern void *memset(void *s, int c, size_t n);
extern void *memmove(void *dest, const void *src, unsigned long n);
extern void *memcpy(void *dest, const void *src, unsigned long n);
Reported by FlawFinder.
arch/powerpc/crypto/md5-glue.c
5 issues
Line: 54
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sctx->byte_count += len;
if (avail > len) {
memcpy((char *)sctx->block + offset, src, len);
return 0;
}
if (offset) {
memcpy((char *)sctx->block + offset, src, avail);
Reported by FlawFinder.
Line: 59
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (offset) {
memcpy((char *)sctx->block + offset, src, avail);
ppc_md5_transform(sctx->hash, (const u8 *)sctx->block, 1);
len -= avail;
src += avail;
}
Reported by FlawFinder.
Line: 71
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len &= 0x3f;
}
memcpy((char *)sctx->block, src, len);
return 0;
}
static int ppc_md5_final(struct shash_desc *desc, u8 *out)
{
Reported by FlawFinder.
Line: 111
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct md5_state *sctx = shash_desc_ctx(desc);
memcpy(out, sctx, sizeof(*sctx));
return 0;
}
static int ppc_md5_import(struct shash_desc *desc, const void *in)
{
Reported by FlawFinder.
Line: 119
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct md5_state *sctx = shash_desc_ctx(desc);
memcpy(sctx, in, sizeof(*sctx));
return 0;
}
static struct shash_alg alg = {
.digestsize = MD5_DIGEST_SIZE,
Reported by FlawFinder.
arch/powerpc/crypto/sha1-spe-glue.c
5 issues
Line: 83
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (avail > len) {
sctx->count += len;
memcpy((char *)sctx->buffer + offset, src, len);
return 0;
}
sctx->count += len;
Reported by FlawFinder.
Line: 90
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sctx->count += len;
if (offset) {
memcpy((char *)sctx->buffer + offset, src, avail);
spe_begin();
ppc_spe_sha1_transform(sctx->state, (const u8 *)sctx->buffer, 1);
spe_end();
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len -= bytes;
}
memcpy((char *)sctx->buffer, src, len);
return 0;
}
static int ppc_spe_sha1_final(struct shash_desc *desc, u8 *out)
{
Reported by FlawFinder.
Line: 157
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct sha1_state *sctx = shash_desc_ctx(desc);
memcpy(out, sctx, sizeof(*sctx));
return 0;
}
static int ppc_spe_sha1_import(struct shash_desc *desc, const void *in)
{
Reported by FlawFinder.
Line: 165
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct sha1_state *sctx = shash_desc_ctx(desc);
memcpy(sctx, in, sizeof(*sctx));
return 0;
}
static struct shash_alg alg = {
.digestsize = SHA1_DIGEST_SIZE,
Reported by FlawFinder.
arch/mips/cavium-octeon/crypto/octeon-sha256.c
5 issues
Line: 115
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((partial + len) >= SHA256_BLOCK_SIZE) {
if (partial) {
done = -partial;
memcpy(sctx->buf + partial, data,
done + SHA256_BLOCK_SIZE);
src = sctx->buf;
}
do {
Reported by FlawFinder.
Line: 128
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
partial = 0;
}
memcpy(sctx->buf + partial, src, len - done);
}
static int octeon_sha256_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
{
Reported by FlawFinder.
Line: 203
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
octeon_sha256_final(desc, D);
memcpy(hash, D, SHA224_DIGEST_SIZE);
memzero_explicit(D, SHA256_DIGEST_SIZE);
return 0;
}
Reported by FlawFinder.
Line: 213
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct sha256_state *sctx = shash_desc_ctx(desc);
memcpy(out, sctx, sizeof(*sctx));
return 0;
}
static int octeon_sha256_import(struct shash_desc *desc, const void *in)
{
Reported by FlawFinder.
Line: 221
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct sha256_state *sctx = shash_desc_ctx(desc);
memcpy(sctx, in, sizeof(*sctx));
return 0;
}
static struct shash_alg octeon_sha256_algs[2] = { {
.digestsize = SHA256_DIGEST_SIZE,
Reported by FlawFinder.
arch/um/include/shared/net_kern.h
5 issues
Line: 31
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct work_struct work;
int fd;
unsigned char mac[ETH_ALEN];
int max_packet;
unsigned short (*protocol)(struct sk_buff *);
int (*open)(void *);
void (*close)(int, void *);
void (*remove)(void *);
Reported by FlawFinder.
Line: 34
Column: 8
CWE codes:
362
unsigned char mac[ETH_ALEN];
int max_packet;
unsigned short (*protocol)(struct sk_buff *);
int (*open)(void *);
void (*close)(int, void *);
void (*remove)(void *);
int (*read)(int, struct sk_buff *skb, struct uml_net_private *);
int (*write)(int, struct sk_buff *skb, struct uml_net_private *);
Reported by FlawFinder.
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void (*add_address)(unsigned char *, unsigned char *, void *);
void (*delete_address)(unsigned char *, unsigned char *, void *);
char user[0];
};
struct net_kern_info {
void (*init)(struct net_device *, void *);
unsigned short (*protocol)(struct sk_buff *);
Reported by FlawFinder.
Line: 37
Column: 8
CWE codes:
120
20
int (*open)(void *);
void (*close)(int, void *);
void (*remove)(void *);
int (*read)(int, struct sk_buff *skb, struct uml_net_private *);
int (*write)(int, struct sk_buff *skb, struct uml_net_private *);
void (*add_address)(unsigned char *, unsigned char *, void *);
void (*delete_address)(unsigned char *, unsigned char *, void *);
char user[0];
Reported by FlawFinder.
Line: 48
Column: 8
CWE codes:
120
20
struct net_kern_info {
void (*init)(struct net_device *, void *);
unsigned short (*protocol)(struct sk_buff *);
int (*read)(int, struct sk_buff *skb, struct uml_net_private *);
int (*write)(int, struct sk_buff *skb, struct uml_net_private *);
};
struct transport {
struct list_head list;
Reported by FlawFinder.
arch/powerpc/crypto/sha256-spe-glue.c
5 issues
Line: 104
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (avail > len) {
sctx->count += len;
memcpy((char *)sctx->buf + offset, src, len);
return 0;
}
sctx->count += len;
Reported by FlawFinder.
Line: 111
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sctx->count += len;
if (offset) {
memcpy((char *)sctx->buf + offset, src, avail);
spe_begin();
ppc_spe_sha256_transform(sctx->state, (const u8 *)sctx->buf, 1);
spe_end();
Reported by FlawFinder.
Line: 134
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len -= bytes;
}
memcpy((char *)sctx->buf, src, len);
return 0;
}
static int ppc_spe_sha256_final(struct shash_desc *desc, u8 *out)
{
Reported by FlawFinder.
Line: 203
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct sha256_state *sctx = shash_desc_ctx(desc);
memcpy(out, sctx, sizeof(*sctx));
return 0;
}
static int ppc_spe_sha256_import(struct shash_desc *desc, const void *in)
{
Reported by FlawFinder.
Line: 211
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct sha256_state *sctx = shash_desc_ctx(desc);
memcpy(sctx, in, sizeof(*sctx));
return 0;
}
static struct shash_alg algs[2] = { {
.digestsize = SHA256_DIGEST_SIZE,
Reported by FlawFinder.
arch/mips/txx9/generic/setup_tx4938.c
5 issues
Line: 434
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init tx4938_stop_unused_modules(void)
{
__u64 pcfg, rst = 0, ckd = 0;
char buf[128];
buf[0] = '\0';
local_irq_disable();
pcfg = ____raw_readq(&tx4938_ccfgptr->pcfg);
switch (txx9_pcode) {
Reported by FlawFinder.
Line: 444
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (!(pcfg & TX4938_PCFG_SEL2)) {
rst |= TX4938_CLKCTR_ACLRST;
ckd |= TX4938_CLKCTR_ACLCKD;
strcat(buf, " ACLC");
}
break;
case 0x4938:
if (!(pcfg & TX4938_PCFG_SEL2) ||
(pcfg & TX4938_PCFG_ETH0_SEL)) {
Reported by FlawFinder.
Line: 452
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
(pcfg & TX4938_PCFG_ETH0_SEL)) {
rst |= TX4938_CLKCTR_ACLRST;
ckd |= TX4938_CLKCTR_ACLCKD;
strcat(buf, " ACLC");
}
if ((pcfg &
(TX4938_PCFG_ATA_SEL | TX4938_PCFG_ISA_SEL |
TX4938_PCFG_NDF_SEL))
!= TX4938_PCFG_NDF_SEL) {
Reported by FlawFinder.
Line: 460
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
!= TX4938_PCFG_NDF_SEL) {
rst |= TX4938_CLKCTR_NDFRST;
ckd |= TX4938_CLKCTR_NDFCKD;
strcat(buf, " NDFMC");
}
if (!(pcfg & TX4938_PCFG_SPI_SEL)) {
rst |= TX4938_CLKCTR_SPIRST;
ckd |= TX4938_CLKCTR_SPICKD;
strcat(buf, " SPI");
Reported by FlawFinder.
Line: 465
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (!(pcfg & TX4938_PCFG_SPI_SEL)) {
rst |= TX4938_CLKCTR_SPIRST;
ckd |= TX4938_CLKCTR_SPICKD;
strcat(buf, " SPI");
}
break;
}
if (rst | ckd) {
txx9_set64(&tx4938_ccfgptr->clkctr, rst);
Reported by FlawFinder.
arch/sparc/prom/tree_64.c
5 issues
Line: 275
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return buffer;
}
if (oprop == buffer) {
strcpy (buf, oprop);
oprop = buf;
}
args[0] = (unsigned long) prom_nextprop_name;
args[1] = 3;
Reported by FlawFinder.
Line: 205
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
int prom_nodematch(phandle node, const char *name)
{
char namebuf[128];
prom_getproperty(node, "name", namebuf, sizeof(namebuf));
if (strcmp(namebuf, name) == 0)
return 1;
return 0;
}
Reported by FlawFinder.
Line: 219
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
phandle thisnode;
int error;
char promlib_buf[128];
for(thisnode = node_start; thisnode;
thisnode=prom_getsibling(thisnode)) {
error = prom_getproperty(thisnode, "name", promlib_buf,
sizeof(promlib_buf));
Reported by FlawFinder.
Line: 268
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *prom_nextprop(phandle node, const char *oprop, char *buffer)
{
unsigned long args[7];
char buf[32];
if ((s32)node == -1) {
*buffer = 0;
return buffer;
}
Reported by FlawFinder.
Line: 313
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int prom_node_has_property(phandle node, const char *prop)
{
char buf [32];
*buf = 0;
do {
prom_nextprop(node, buf, buf);
if (!strcmp(buf, prop))
Reported by FlawFinder.
arch/sparc/vdso/vdso2c.c
5 issues
Line: 83
Column: 23
CWE codes:
134
Suggestion:
Use a constant for the format specification
},
};
__attribute__((format(printf, 1, 2))) __attribute__((noreturn))
static void fail(const char *format, ...)
{
va_list ap;
va_start(ap, format);
Reported by FlawFinder.
Line: 90
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_start(ap, format);
fprintf(stderr, "Error: ");
vfprintf(stderr, format, ap);
if (outfilename)
unlink(outfilename);
exit(1);
va_end(ap);
}
Reported by FlawFinder.
Line: 163
Column: 11
CWE codes:
362
{
off_t tmp_len;
int fd = open(name, O_RDONLY);
if (fd == -1)
err(1, "%s", name);
tmp_len = lseek(fd, 0, SEEK_END);
Reported by FlawFinder.
Line: 217
Column: 12
CWE codes:
362
map_input(argv[2], &stripped_addr, &stripped_len, PROT_READ);
outfilename = argv[3];
outfile = fopen(outfilename, "w");
if (!outfile)
err(1, "%s", argv[2]);
go(raw_addr, raw_len, stripped_addr, stripped_len, outfile, name);
Reported by FlawFinder.
Line: 198
Column: 12
CWE codes:
126
* generate raw output insted.
*/
name = strdup(argv[3]);
namelen = strlen(name);
if (namelen >= 3 && !strcmp(name + namelen - 3, ".so")) {
name = NULL;
} else {
tmp = strrchr(name, '/');
if (tmp)
Reported by FlawFinder.