The following issues were found
tools/testing/selftests/tc-testing/tdc.py
115 issues
Line: 194
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html
if args.verbose > 0:
print('command "{}"'.format(command))
proc = subprocess.Popen(command,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
env=ENVIR)
try:
Reported by Bandit.
Line: 132
Column: 51
except Exception as ee:
print('exception {} in call to pre_case for {} plugin'.
format(ee, pgn_inst.__class__))
print('test_ordinal is {}'.format(test_ordinal))
print('testid is {}'.format(caseinfo['id']))
raise
def call_post_case(self):
for pgn_inst in reversed(self.plugin_instances):
Reported by Pylint.
Line: 167
Column: 9
@staticmethod
def _make_argparser(args):
self.argparser = argparse.ArgumentParser(
description='Linux TC unit tests')
def replace_keywords(cmd):
"""
For a given executable command, substitute any known
Reported by Pylint.
Line: 693
Column: 13
if args.gen_id:
if (has_blank_ids(idlist)):
alltests = generate_case_ids(alltests)
else:
print("No empty ID fields found in test files.")
exit(0)
duplicate_ids = check_case_id(alltests)
Reported by Pylint.
Line: 22
Column: 1
from collections import OrderedDict
from string import Template
from tdc_config import *
from tdc_helper import *
import TdcPlugin
from TdcResults import *
Reported by Pylint.
Line: 22
Column: 1
from collections import OrderedDict
from string import Template
from tdc_config import *
from tdc_helper import *
import TdcPlugin
from TdcResults import *
Reported by Pylint.
Line: 22
Column: 1
from collections import OrderedDict
from string import Template
from tdc_config import *
from tdc_helper import *
import TdcPlugin
from TdcResults import *
Reported by Pylint.
Line: 23
Column: 1
from string import Template
from tdc_config import *
from tdc_helper import *
import TdcPlugin
from TdcResults import *
class PluginDependencyException(Exception):
Reported by Pylint.
Line: 23
Column: 1
from string import Template
from tdc_config import *
from tdc_helper import *
import TdcPlugin
from TdcResults import *
class PluginDependencyException(Exception):
Reported by Pylint.
Line: 23
Column: 1
from string import Template
from tdc_config import *
from tdc_helper import *
import TdcPlugin
from TdcResults import *
class PluginDependencyException(Exception):
Reported by Pylint.
drivers/md/md.c
113 issues
Line: 3407
struct list_head *tmp;
rcu_read_lock();
for_each_mddev(mddev, tmp) {
struct md_rdev *rdev2;
rdev_for_each(rdev2, mddev)
if (rdev->bdev == rdev2->bdev &&
rdev != rdev2 &&
Reported by Cppcheck.
Line: 2930
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (test_bit(Faulty, &flags) ||
(!test_bit(ExternalBbl, &flags) &&
rdev->badblocks.unacked_exist))
len += sprintf(page+len, "faulty%s", sep);
if (test_bit(In_sync, &flags))
len += sprintf(page+len, "in_sync%s", sep);
if (test_bit(Journal, &flags))
len += sprintf(page+len, "journal%s", sep);
if (test_bit(WriteMostly, &flags))
Reported by FlawFinder.
Line: 2932
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
rdev->badblocks.unacked_exist))
len += sprintf(page+len, "faulty%s", sep);
if (test_bit(In_sync, &flags))
len += sprintf(page+len, "in_sync%s", sep);
if (test_bit(Journal, &flags))
len += sprintf(page+len, "journal%s", sep);
if (test_bit(WriteMostly, &flags))
len += sprintf(page+len, "write_mostly%s", sep);
if (test_bit(Blocked, &flags) ||
Reported by FlawFinder.
Line: 2934
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (test_bit(In_sync, &flags))
len += sprintf(page+len, "in_sync%s", sep);
if (test_bit(Journal, &flags))
len += sprintf(page+len, "journal%s", sep);
if (test_bit(WriteMostly, &flags))
len += sprintf(page+len, "write_mostly%s", sep);
if (test_bit(Blocked, &flags) ||
(rdev->badblocks.unacked_exist
&& !test_bit(Faulty, &flags)))
Reported by FlawFinder.
Line: 2936
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (test_bit(Journal, &flags))
len += sprintf(page+len, "journal%s", sep);
if (test_bit(WriteMostly, &flags))
len += sprintf(page+len, "write_mostly%s", sep);
if (test_bit(Blocked, &flags) ||
(rdev->badblocks.unacked_exist
&& !test_bit(Faulty, &flags)))
len += sprintf(page+len, "blocked%s", sep);
if (!test_bit(Faulty, &flags) &&
Reported by FlawFinder.
Line: 2940
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (test_bit(Blocked, &flags) ||
(rdev->badblocks.unacked_exist
&& !test_bit(Faulty, &flags)))
len += sprintf(page+len, "blocked%s", sep);
if (!test_bit(Faulty, &flags) &&
!test_bit(Journal, &flags) &&
!test_bit(In_sync, &flags))
len += sprintf(page+len, "spare%s", sep);
if (test_bit(WriteErrorSeen, &flags))
Reported by FlawFinder.
Line: 2944
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!test_bit(Faulty, &flags) &&
!test_bit(Journal, &flags) &&
!test_bit(In_sync, &flags))
len += sprintf(page+len, "spare%s", sep);
if (test_bit(WriteErrorSeen, &flags))
len += sprintf(page+len, "write_error%s", sep);
if (test_bit(WantReplacement, &flags))
len += sprintf(page+len, "want_replacement%s", sep);
if (test_bit(Replacement, &flags))
Reported by FlawFinder.
Line: 2946
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
!test_bit(In_sync, &flags))
len += sprintf(page+len, "spare%s", sep);
if (test_bit(WriteErrorSeen, &flags))
len += sprintf(page+len, "write_error%s", sep);
if (test_bit(WantReplacement, &flags))
len += sprintf(page+len, "want_replacement%s", sep);
if (test_bit(Replacement, &flags))
len += sprintf(page+len, "replacement%s", sep);
if (test_bit(ExternalBbl, &flags))
Reported by FlawFinder.
Line: 2948
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (test_bit(WriteErrorSeen, &flags))
len += sprintf(page+len, "write_error%s", sep);
if (test_bit(WantReplacement, &flags))
len += sprintf(page+len, "want_replacement%s", sep);
if (test_bit(Replacement, &flags))
len += sprintf(page+len, "replacement%s", sep);
if (test_bit(ExternalBbl, &flags))
len += sprintf(page+len, "external_bbl%s", sep);
if (test_bit(FailFast, &flags))
Reported by FlawFinder.
Line: 2950
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (test_bit(WantReplacement, &flags))
len += sprintf(page+len, "want_replacement%s", sep);
if (test_bit(Replacement, &flags))
len += sprintf(page+len, "replacement%s", sep);
if (test_bit(ExternalBbl, &flags))
len += sprintf(page+len, "external_bbl%s", sep);
if (test_bit(FailFast, &flags))
len += sprintf(page+len, "failfast%s", sep);
Reported by FlawFinder.
drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
109 issues
Line: 1393
CWE codes:
908
}
memcpy(&ieee->current_network, net, sizeof(struct ieee80211_network));
strncpy(ieee->current_network.ssid, tmp_ssid, IW_ESSID_MAX_SIZE);
ieee->current_network.ssid_len = tmp_ssid_len;
netdev_info(ieee->dev,
"Linking with %s,channel:%d, qos:%d, myHT:%d, networkHT:%d\n",
ieee->current_network.ssid,
ieee->current_network.channel,
Reported by Cppcheck.
Line: 665
Column: 31
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
struct sk_buff *skb = NULL;
int encrypt;
int atim_len, erp_len;
struct ieee80211_crypt_data *crypt;
char *ssid = ieee->current_network.ssid;
int ssid_len = ieee->current_network.ssid_len;
int rate_len = ieee->current_network.rates_len + 2;
int rate_ex_len = ieee->current_network.rates_ex_len;
Reported by FlawFinder.
Line: 695
Column: 16
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
else
erp_len = 0;
crypt = ieee->crypt[ieee->tx_keyidx];
encrypt = ieee->host_encrypt && crypt && crypt->ops &&
((0 == strcmp(crypt->ops->name, "WEP") || wpa_ie_len));
/* HT ralated element */
tmp_ht_cap_buf = (u8 *)&ieee->pHTInfo->SelfHTCap;
Reported by FlawFinder.
Line: 697
Column: 34
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
crypt = ieee->crypt[ieee->tx_keyidx];
encrypt = ieee->host_encrypt && crypt && crypt->ops &&
((0 == strcmp(crypt->ops->name, "WEP") || wpa_ie_len));
/* HT ralated element */
tmp_ht_cap_buf = (u8 *)&ieee->pHTInfo->SelfHTCap;
tmp_ht_cap_len = sizeof(ieee->pHTInfo->SelfHTCap);
tmp_ht_info_buf = (u8 *)&ieee->pHTInfo->SelfHTInfo;
Reported by FlawFinder.
Line: 808
Column: 31
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
struct sk_buff *skb;
u8 *tag;
struct ieee80211_crypt_data *crypt;
struct ieee80211_assoc_response_frame *assoc;
short encrypt;
unsigned int rate_len = ieee80211_MFIE_rate_len(ieee);
int len = sizeof(struct ieee80211_assoc_response_frame) + rate_len + ieee->tx_headroom;
Reported by FlawFinder.
Line: 835
Column: 17
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
assoc->capability |= cpu_to_le16(WLAN_CAPABILITY_SHORT_SLOT);
if (ieee->host_encrypt)
crypt = ieee->crypt[ieee->tx_keyidx];
else
crypt = NULL;
encrypt = crypt && crypt->ops;
Reported by FlawFinder.
Line: 839
Column: 12
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
else
crypt = NULL;
encrypt = crypt && crypt->ops;
if (encrypt)
assoc->capability |= cpu_to_le16(WLAN_CAPABILITY_PRIVACY);
assoc->status = 0;
Reported by FlawFinder.
Line: 957
Column: 31
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
unsigned int ckip_ie_len = 0;
unsigned int ccxrm_ie_len = 0;
unsigned int cxvernum_ie_len = 0;
struct ieee80211_crypt_data *crypt;
int encrypt;
unsigned int rate_len = ieee80211_MFIE_rate_len(ieee);
unsigned int wmm_info_len = beacon->qos_data.supported ? 9 : 0;
#ifdef THOMAS_TURBO
Reported by FlawFinder.
Line: 968
Column: 16
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
int len = 0;
crypt = ieee->crypt[ieee->tx_keyidx];
encrypt = ieee->host_encrypt && crypt && crypt->ops && ((0 == strcmp(crypt->ops->name, "WEP") || wpa_ie_len));
/* Include High Throuput capability && Realtek proprietary */
if (ieee->pHTInfo->bCurrentHTSupport && ieee->pHTInfo->bEnableHT) {
ht_cap_buf = (u8 *)&ieee->pHTInfo->SelfHTCap;
Reported by FlawFinder.
Line: 969
Column: 34
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
int len = 0;
crypt = ieee->crypt[ieee->tx_keyidx];
encrypt = ieee->host_encrypt && crypt && crypt->ops && ((0 == strcmp(crypt->ops->name, "WEP") || wpa_ie_len));
/* Include High Throuput capability && Realtek proprietary */
if (ieee->pHTInfo->bCurrentHTSupport && ieee->pHTInfo->bEnableHT) {
ht_cap_buf = (u8 *)&ieee->pHTInfo->SelfHTCap;
ht_cap_len = sizeof(ieee->pHTInfo->SelfHTCap);
Reported by FlawFinder.
tools/perf/scripts/python/event_analyzing_sample.py
105 issues
Line: 29
Column: 1
sys.path.append(os.environ['PERF_EXEC_PATH'] + \
'/scripts/python/Perf-Trace-Util/lib/Perf/Trace')
from perf_trace_context import *
from EventClass import *
#
# If the perf.data has a big number of samples, then the insert operation
# will be very time consuming (about 10+ minutes for 10000 samples) if the
Reported by Pylint.
Line: 30
Column: 1
'/scripts/python/Perf-Trace-Util/lib/Perf/Trace')
from perf_trace_context import *
from EventClass import *
#
# If the perf.data has a big number of samples, then the insert operation
# will be very time consuming (about 10+ minutes for 10000 samples) if the
# .db database is on disk. Move the .db file to RAM based FS to speedup
Reported by Pylint.
Line: 92
Column: 17
symbol = "Unknown_symbol"
# Create the event object and insert it to the right table in database
event = create_event(name, comm, dso, symbol, raw_buf)
insert_db(event)
def insert_db(event):
if event.ev_type == EVTYPE_GENERIC:
con.execute("insert into gen_events values(?, ?, ?, ?)",
Reported by Pylint.
Line: 96
Column: 29
insert_db(event)
def insert_db(event):
if event.ev_type == EVTYPE_GENERIC:
con.execute("insert into gen_events values(?, ?, ?, ?)",
(event.name, event.symbol, event.comm, event.dso))
elif event.ev_type == EVTYPE_PEBS_LL:
event.ip &= 0x7fffffffffffffff
event.dla &= 0x7fffffffffffffff
Reported by Pylint.
Line: 99
Column: 31
if event.ev_type == EVTYPE_GENERIC:
con.execute("insert into gen_events values(?, ?, ?, ?)",
(event.name, event.symbol, event.comm, event.dso))
elif event.ev_type == EVTYPE_PEBS_LL:
event.ip &= 0x7fffffffffffffff
event.dla &= 0x7fffffffffffffff
con.execute("insert into pebs_ll values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
(event.name, event.symbol, event.comm, event.dso, event.flags,
event.ip, event.status, event.dse, event.dla, event.lat))
Reported by Pylint.
Line: 23
Column: 1
import os
import sys
import math
import struct
import sqlite3
sys.path.append(os.environ['PERF_EXEC_PATH'] + \
'/scripts/python/Perf-Trace-Util/lib/Perf/Trace')
Reported by Pylint.
Line: 29
Column: 1
sys.path.append(os.environ['PERF_EXEC_PATH'] + \
'/scripts/python/Perf-Trace-Util/lib/Perf/Trace')
from perf_trace_context import *
from EventClass import *
#
# If the perf.data has a big number of samples, then the insert operation
# will be very time consuming (about 10+ minutes for 10000 samples) if the
Reported by Pylint.
Line: 30
Column: 1
'/scripts/python/Perf-Trace-Util/lib/Perf/Trace')
from perf_trace_context import *
from EventClass import *
#
# If the perf.data has a big number of samples, then the insert operation
# will be very time consuming (about 10+ minutes for 10000 samples) if the
# .db database is on disk. Move the .db file to RAM based FS to speedup
Reported by Pylint.
Line: 38
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b108_hardcoded_tmp_directory.html
# .db database is on disk. Move the .db file to RAM based FS to speedup
# the handling, which will cut the time down to several seconds.
#
con = sqlite3.connect("/dev/shm/perf.db")
con.isolation_level = None
def trace_begin():
print("In trace_begin:\n")
Reported by Bandit.
Line: 74
Column: 9
# do more analysis with simple database commands.
#
def process_event(param_dict):
event_attr = param_dict["attr"]
sample = param_dict["sample"]
raw_buf = param_dict["raw_buf"]
comm = param_dict["comm"]
name = param_dict["ev_name"]
Reported by Pylint.
drivers/net/wireless/intel/ipw2x00/ipw2200.c
103 issues
Line: 1423
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct ipw_priv *priv = dev_get_drvdata(d);
if (rtap_iface)
return sprintf(buf, "%s", priv->prom_net_dev->name);
else {
buf[0] = '-';
buf[1] = '1';
buf[2] = '\0';
return 3;
Reported by FlawFinder.
Line: 1904
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
"(802.11bg):\n", geo->bg_channels);
for (i = 0; i < geo->bg_channels; i++) {
len += sprintf(&buf[len], "%d: BSS%s%s, %s, Band %s.\n",
geo->bg[i].channel,
geo->bg[i].flags & LIBIPW_CH_RADAR_DETECT ?
" (radar spectrum)" : "",
((geo->bg[i].flags & LIBIPW_CH_NO_IBSS) ||
(geo->bg[i].flags & LIBIPW_CH_RADAR_DETECT))
Reported by FlawFinder.
Line: 1921
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
"Displaying %d channels in 5.2Ghz band "
"(802.11a):\n", geo->a_channels);
for (i = 0; i < geo->a_channels; i++) {
len += sprintf(&buf[len], "%d: BSS%s%s, %s.\n",
geo->a[i].channel,
geo->a[i].flags & LIBIPW_CH_RADAR_DETECT ?
" (radar spectrum)" : "",
((geo->a[i].flags & LIBIPW_CH_NO_IBSS) ||
(geo->a[i].flags & LIBIPW_CH_RADAR_DETECT))
Reported by FlawFinder.
Line: 6598
Column: 30
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
struct ipw_priv *priv = libipw_priv(dev);
struct libipw_device *ieee = priv->ieee;
struct iw_param *param = &wrqu->param;
struct lib80211_crypt_data *crypt;
unsigned long flags;
int ret = 0;
switch (param->flags & IW_AUTH_INDEX) {
case IW_AUTH_WPA_VERSION:
Reported by FlawFinder.
Line: 6620
Column: 34
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
break;
case IW_AUTH_TKIP_COUNTERMEASURES:
crypt = priv->ieee->crypt_info.crypt[priv->ieee->crypt_info.tx_keyidx];
if (!crypt || !crypt->ops->set_flags || !crypt->ops->get_flags)
break;
flags = crypt->ops->get_flags(crypt->priv);
Reported by FlawFinder.
Line: 6621
Column: 8
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
case IW_AUTH_TKIP_COUNTERMEASURES:
crypt = priv->ieee->crypt_info.crypt[priv->ieee->crypt_info.tx_keyidx];
if (!crypt || !crypt->ops->set_flags || !crypt->ops->get_flags)
break;
flags = crypt->ops->get_flags(crypt->priv);
if (param->value)
Reported by FlawFinder.
Line: 6697
Column: 30
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
{
struct ipw_priv *priv = libipw_priv(dev);
struct libipw_device *ieee = priv->ieee;
struct lib80211_crypt_data *crypt;
struct iw_param *param = &wrqu->param;
switch (param->flags & IW_AUTH_INDEX) {
case IW_AUTH_WPA_VERSION:
case IW_AUTH_CIPHER_PAIRWISE:
Reported by FlawFinder.
Line: 6711
Column: 34
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
return -EOPNOTSUPP;
case IW_AUTH_TKIP_COUNTERMEASURES:
crypt = priv->ieee->crypt_info.crypt[priv->ieee->crypt_info.tx_keyidx];
if (!crypt || !crypt->ops->get_flags)
break;
param->value = (crypt->ops->get_flags(crypt->priv) &
IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) ? 1 : 0;
Reported by FlawFinder.
Line: 6712
Column: 8
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
case IW_AUTH_TKIP_COUNTERMEASURES:
crypt = priv->ieee->crypt_info.crypt[priv->ieee->crypt_info.tx_keyidx];
if (!crypt || !crypt->ops->get_flags)
break;
param->value = (crypt->ops->get_flags(crypt->priv) &
IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) ? 1 : 0;
Reported by FlawFinder.
Line: 257
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void printk_buf(int level, const u8 * data, u32 len)
{
char line[81];
u32 ofs = 0;
if (!(ipw_debug_level & level))
return;
while (len) {
Reported by FlawFinder.
kernel/trace/trace_events_hist.c
102 issues
Line: 133
Column: 11
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
*/
struct hist_var var;
enum field_op_id operator;
char *system;
char *event_name;
/*
* The name field is used for EXPR and VAR_REF fields. VAR
* fields contain the variable name in var.name.
Reported by FlawFinder.
Line: 572
Column: 25
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
if (file) {
call = file->event_call;
system = call->class->system;
if (system) {
name = trace_event_name(call);
if (!name)
system = NULL;
}
Reported by FlawFinder.
Line: 573
Column: 7
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
if (file) {
call = file->event_call;
system = call->class->system;
if (system) {
name = trace_event_name(call);
if (!name)
system = NULL;
}
}
Reported by FlawFinder.
Line: 580
Column: 6
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
}
}
if (system)
snprintf(last_cmd_loc, MAX_FILTER_STR_VAL, "hist:%s:%s", system, name);
}
static void hist_err(struct trace_array *tr, u8 err_type, u8 err_pos)
{
Reported by FlawFinder.
Line: 581
Column: 60
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
}
if (system)
snprintf(last_cmd_loc, MAX_FILTER_STR_VAL, "hist:%s:%s", system, name);
}
static void hist_err(struct trace_array *tr, u8 err_type, u8 err_pos)
{
tracing_log_err(tr, last_cmd_loc, last_cmd, err_text,
Reported by FlawFinder.
Line: 927
Column: 18
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
}
static struct trace_event_file *find_var_file(struct trace_array *tr,
char *system,
char *event_name,
char *var_name)
{
struct hist_trigger_data *var_hist_data;
struct hist_var_data *var_data;
Reported by FlawFinder.
Line: 935
Column: 6
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
struct hist_var_data *var_data;
struct trace_event_file *file, *found = NULL;
if (system)
return find_event_file(tr, system, event_name);
list_for_each_entry(var_data, &tr->hist_vars, list) {
var_hist_data = var_data->hist_data;
file = var_hist_data->event_file;
Reported by FlawFinder.
Line: 936
Column: 30
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
struct trace_event_file *file, *found = NULL;
if (system)
return find_event_file(tr, system, event_name);
list_for_each_entry(var_data, &tr->hist_vars, list) {
var_hist_data = var_data->hist_data;
file = var_hist_data->event_file;
if (file == found)
Reported by FlawFinder.
Line: 993
Column: 29
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
char *system = data->match_data.event_system;
char *event_name = data->match_data.event;
file = find_var_file(tr, system, event_name, var_name);
if (!file)
continue;
hist_field = find_file_var(file, var_name);
if (hist_field) {
if (found) {
Reported by FlawFinder.
Line: 1012
Column: 13
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
}
static struct hist_field *find_event_var(struct hist_trigger_data *hist_data,
char *system,
char *event_name,
char *var_name)
{
struct trace_array *tr = hist_data->event_file->tr;
struct hist_field *hist_field = NULL;
Reported by FlawFinder.
drivers/staging/rtl8723bs/core/rtw_mlme_ext.c
102 issues
Line: 209
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
unsigned char mixed_datarate[NumRates] = {_1M_RATE_, _2M_RATE_, _5M_RATE_, _11M_RATE_, _6M_RATE_, _9M_RATE_, _12M_RATE_, _18M_RATE_, _24M_RATE_, _36M_RATE_, _48M_RATE_, _54M_RATE_, 0xff};
unsigned char mixed_basicrate[NumRates] = {_1M_RATE_, _2M_RATE_, _5M_RATE_, _11M_RATE_, _6M_RATE_, _12M_RATE_, _24M_RATE_, 0xff,};
unsigned char supported_mcs_set[16] = {0xff, 0xff, 0x00, 0x00, 0x01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0};
memcpy(pmlmeext->datarate, mixed_datarate, NumRates);
memcpy(pmlmeext->basicrate, mixed_basicrate, NumRates);
Reported by FlawFinder.
Line: 210
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
unsigned char mixed_datarate[NumRates] = {_1M_RATE_, _2M_RATE_, _5M_RATE_, _11M_RATE_, _6M_RATE_, _9M_RATE_, _12M_RATE_, _18M_RATE_, _24M_RATE_, _36M_RATE_, _48M_RATE_, _54M_RATE_, 0xff};
unsigned char mixed_basicrate[NumRates] = {_1M_RATE_, _2M_RATE_, _5M_RATE_, _11M_RATE_, _6M_RATE_, _12M_RATE_, _24M_RATE_, 0xff,};
unsigned char supported_mcs_set[16] = {0xff, 0xff, 0x00, 0x00, 0x01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0};
memcpy(pmlmeext->datarate, mixed_datarate, NumRates);
memcpy(pmlmeext->basicrate, mixed_basicrate, NumRates);
Reported by FlawFinder.
Line: 211
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char mixed_datarate[NumRates] = {_1M_RATE_, _2M_RATE_, _5M_RATE_, _11M_RATE_, _6M_RATE_, _9M_RATE_, _12M_RATE_, _18M_RATE_, _24M_RATE_, _36M_RATE_, _48M_RATE_, _54M_RATE_, 0xff};
unsigned char mixed_basicrate[NumRates] = {_1M_RATE_, _2M_RATE_, _5M_RATE_, _11M_RATE_, _6M_RATE_, _12M_RATE_, _24M_RATE_, 0xff,};
unsigned char supported_mcs_set[16] = {0xff, 0xff, 0x00, 0x00, 0x01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0};
memcpy(pmlmeext->datarate, mixed_datarate, NumRates);
memcpy(pmlmeext->basicrate, mixed_basicrate, NumRates);
memcpy(pmlmeext->default_supported_mcs_set, supported_mcs_set, sizeof(pmlmeext->default_supported_mcs_set));
Reported by FlawFinder.
Line: 213
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned char mixed_basicrate[NumRates] = {_1M_RATE_, _2M_RATE_, _5M_RATE_, _11M_RATE_, _6M_RATE_, _12M_RATE_, _24M_RATE_, 0xff,};
unsigned char supported_mcs_set[16] = {0xff, 0xff, 0x00, 0x00, 0x01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0};
memcpy(pmlmeext->datarate, mixed_datarate, NumRates);
memcpy(pmlmeext->basicrate, mixed_basicrate, NumRates);
memcpy(pmlmeext->default_supported_mcs_set, supported_mcs_set, sizeof(pmlmeext->default_supported_mcs_set));
}
Reported by FlawFinder.
Line: 214
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned char supported_mcs_set[16] = {0xff, 0xff, 0x00, 0x00, 0x01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0};
memcpy(pmlmeext->datarate, mixed_datarate, NumRates);
memcpy(pmlmeext->basicrate, mixed_basicrate, NumRates);
memcpy(pmlmeext->default_supported_mcs_set, supported_mcs_set, sizeof(pmlmeext->default_supported_mcs_set));
}
static void init_mlme_ext_priv_value(struct adapter *padapter)
Reported by FlawFinder.
Line: 857
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pstat = &stat;
memset((char *)pstat, '\0', sizeof(stat));
pstat->auth_seq = 2;
memcpy(pstat->hwaddr, sa, 6);
issue_auth(padapter, pstat, (unsigned short)status);
return _FAIL;
Reported by FlawFinder.
Line: 909
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!p)
goto authclnt_fail;
memcpy((void *)(pmlmeinfo->chg_txt), (void *)(p + 2), len);
pmlmeinfo->auth_seq = 3;
issue_auth(padapter, NULL, 0);
set_link_timer(pmlmeext, REAUTH_TO);
return _SUCCESS;
Reported by FlawFinder.
Line: 952
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char *p, *pos, *wpa_ie;
unsigned char WMM_IE[] = {0x00, 0x50, 0xf2, 0x02, 0x00, 0x01};
int i, ie_len, wpa_ie_len, left;
unsigned char supportRate[16];
int supportRateNum;
unsigned short status = WLAN_STATUS_SUCCESS;
unsigned short frame_type, ie_offset = 0;
struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
struct security_priv *psecuritypriv = &padapter->securitypriv;
Reported by FlawFinder.
Line: 1045
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
status = WLAN_STATUS_CHALLENGE_FAIL;
goto OnAssocReqFail;
} else {
memcpy(supportRate, p+2, ie_len);
supportRateNum = ie_len;
p = rtw_get_ie(pframe + WLAN_HDR_A3_LEN + ie_offset, WLAN_EID_EXT_SUPP_RATES, &ie_len,
pkt_len - WLAN_HDR_A3_LEN - ie_offset);
if (p != NULL) {
Reported by FlawFinder.
Line: 1053
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (p != NULL) {
if (supportRateNum <= sizeof(supportRate)) {
memcpy(supportRate+supportRateNum, p+2, ie_len);
supportRateNum += ie_len;
}
}
}
Reported by FlawFinder.
tools/hv/hv_kvp_daemon.c
102 issues
Line: 348
CWE codes:
401
*/
if (num_records == (ENTRIES_PER_BLOCK * num_blocks)) {
/* Need to allocate a larger array for reg entries. */
record = realloc(record, sizeof(struct kvp_record) *
ENTRIES_PER_BLOCK * (num_blocks + 1));
if (record == NULL)
return 1;
kvp_file_info[pool].num_blocks++;
Reported by Cppcheck.
Line: 680
CWE codes:
476
/*
* Get the address of default gateway (ipv4).
*/
sprintf(cmd, "%s %s", "ip route show dev", if_name);
strcat(cmd, " | awk '/default/ {print $3 }'");
/*
* Execute the command to gather gateway info.
*/
Reported by Cppcheck.
Line: 239
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int i;
int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK;
if (access(KVP_CONFIG_LOC, F_OK)) {
if (mkdir(KVP_CONFIG_LOC, 0755 /* rwxr-xr-x */)) {
syslog(LOG_ERR, "Failed to create '%s'; error: %d %s", KVP_CONFIG_LOC,
errno, strerror(errno));
exit(EXIT_FAILURE);
}
Reported by FlawFinder.
Line: 249
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < KVP_POOL_COUNT; i++) {
fname = kvp_file_info[i].fname;
sprintf(fname, "%s/.kvp_pool_%d", KVP_CONFIG_LOC, i);
fd = open(fname, O_RDWR | O_CREAT | O_CLOEXEC, 0644 /* rw-r--r-- */);
if (fd == -1)
return 1;
Reported by FlawFinder.
Line: 298
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
j = i;
k = j + 1;
for (; k < num_records; k++) {
strcpy(record[j].key, record[k].key);
strcpy(record[j].value, record[k].value);
j++;
}
kvp_file_info[pool].num_records--;
Reported by FlawFinder.
Line: 299
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
k = j + 1;
for (; k < num_records; k++) {
strcpy(record[j].key, record[k].key);
strcpy(record[j].value, record[k].value);
j++;
}
kvp_file_info[pool].num_records--;
kvp_update_file(pool);
Reported by FlawFinder.
Line: 649
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
/*
* First execute the command.
*/
file = popen(cmd, "r");
if (file == NULL)
return;
if (offset == 0)
memset(config_buf, 0, len);
Reported by FlawFinder.
Line: 663
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (x)
*x = '\0';
strcat(config_buf, p);
strcat(config_buf, ";");
}
pclose(file);
}
Reported by FlawFinder.
Line: 680
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/*
* Get the address of default gateway (ipv4).
*/
sprintf(cmd, "%s %s", "ip route show dev", if_name);
strcat(cmd, " | awk '/default/ {print $3 }'");
/*
* Execute the command to gather gateway info.
*/
Reported by FlawFinder.
Line: 692
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/*
* Get the address of default gateway (ipv6).
*/
sprintf(cmd, "%s %s", "ip -f inet6 route show dev", if_name);
strcat(cmd, " | awk '/default/ {print $3 }'");
/*
* Execute the command to gather gateway info (ipv6).
*/
Reported by FlawFinder.
tools/testing/selftests/net/tls.c
100 issues
Line: 440
CWE codes:
908
memset(&msg, 0, sizeof(struct msghdr));
while (sent++ < sends) {
struct iovec vec = { (void *)mem, send_len };
msg.msg_iov = &vec;
msg.msg_iovlen = 1;
EXPECT_EQ(sendmsg(self->cfd, &msg, 0), send_len);
}
Reported by Cppcheck.
Line: 130
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char const *test_str = "test_read";
int send_len = 10;
char buf[10];
ASSERT_EQ(strlen(test_str) + 1, send_len);
EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
Reported by FlawFinder.
Line: 242
Column: 15
CWE codes:
362
TEST_F(tls, sendfile)
{
int filefd = open("/proc/self/exe", O_RDONLY);
struct stat st;
EXPECT_GE(filefd, 0);
fstat(filefd, &st);
EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0);
Reported by FlawFinder.
Line: 252
Column: 15
CWE codes:
362
TEST_F(tls, send_then_sendfile)
{
int filefd = open("/proc/self/exe", O_RDONLY);
char const *test_str = "test_send";
int to_send = strlen(test_str) + 1;
char recv_buf[10];
struct stat st;
char *buf;
Reported by FlawFinder.
Line: 255
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int filefd = open("/proc/self/exe", O_RDONLY);
char const *test_str = "test_send";
int to_send = strlen(test_str) + 1;
char recv_buf[10];
struct stat st;
char *buf;
EXPECT_GE(filefd, 0);
fstat(filefd, &st);
Reported by FlawFinder.
Line: 276
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint16_t chunk_size,
uint16_t extra_payload_size)
{
char buf[TLS_PAYLOAD_MAX_LEN];
uint16_t test_payload_size;
int size = 0;
int ret;
char filename[] = "/tmp/mytemp.XXXXXX";
int fd = mkstemp(filename);
Reported by FlawFinder.
Line: 281
Column: 11
CWE codes:
377
int size = 0;
int ret;
char filename[] = "/tmp/mytemp.XXXXXX";
int fd = mkstemp(filename);
off_t offset = 0;
unlink(filename);
ASSERT_GE(fd, 0);
EXPECT_GE(chunk_size, 1);
Reported by FlawFinder.
Line: 332
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TEST_F(tls, recv_max)
{
unsigned int send_len = TLS_PAYLOAD_MAX_LEN;
char recv_mem[TLS_PAYLOAD_MAX_LEN];
char buf[TLS_PAYLOAD_MAX_LEN];
memrnd(buf, sizeof(buf));
EXPECT_GE(send(self->fd, buf, send_len, 0), 0);
Reported by FlawFinder.
Line: 333
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned int send_len = TLS_PAYLOAD_MAX_LEN;
char recv_mem[TLS_PAYLOAD_MAX_LEN];
char buf[TLS_PAYLOAD_MAX_LEN];
memrnd(buf, sizeof(buf));
EXPECT_GE(send(self->fd, buf, send_len, 0), 0);
EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1);
Reported by FlawFinder.
Line: 346
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char const *test_str = "test_read";
int send_len = 10;
char buf[10];
send_len = strlen(test_str) + 1;
EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
Reported by FlawFinder.
scripts/bpf_doc.py
97 issues
Line: 55
Column: 23
Break down helper function protocol into smaller chunks: return type,
name, distincts arguments.
"""
arg_re = re.compile('((\w+ )*?(\w+|...))( (\**)(\w+))?$')
res = {}
proto_re = re.compile('(.+) (\**)(\w+)\(((([^,]+)(, )?){1,5})\)$')
capture = proto_re.match(self.proto)
res['ret_type'] = capture.group(1)
Reported by Pylint.
Line: 55
Column: 28
Break down helper function protocol into smaller chunks: return type,
name, distincts arguments.
"""
arg_re = re.compile('((\w+ )*?(\w+|...))( (\**)(\w+))?$')
res = {}
proto_re = re.compile('(.+) (\**)(\w+)\(((([^,]+)(, )?){1,5})\)$')
capture = proto_re.match(self.proto)
res['ret_type'] = capture.group(1)
Reported by Pylint.
Line: 55
Column: 3
Break down helper function protocol into smaller chunks: return type,
name, distincts arguments.
"""
arg_re = re.compile('((\w+ )*?(\w+|...))( (\**)(\w+))?$')
res = {}
proto_re = re.compile('(.+) (\**)(\w+)\(((([^,]+)(, )?){1,5})\)$')
capture = proto_re.match(self.proto)
res['ret_type'] = capture.group(1)
Reported by Pylint.
Line: 55
Column: 11
Break down helper function protocol into smaller chunks: return type,
name, distincts arguments.
"""
arg_re = re.compile('((\w+ )*?(\w+|...))( (\**)(\w+))?$')
res = {}
proto_re = re.compile('(.+) (\**)(\w+)\(((([^,]+)(, )?){1,5})\)$')
capture = proto_re.match(self.proto)
res['ret_type'] = capture.group(1)
Reported by Pylint.
Line: 57
Column: 39
"""
arg_re = re.compile('((\w+ )*?(\w+|...))( (\**)(\w+))?$')
res = {}
proto_re = re.compile('(.+) (\**)(\w+)\(((([^,]+)(, )?){1,5})\)$')
capture = proto_re.match(self.proto)
res['ret_type'] = capture.group(1)
res['ret_star'] = capture.group(2)
res['name'] = capture.group(3)
Reported by Pylint.
Line: 57
Column: 12
"""
arg_re = re.compile('((\w+ )*?(\w+|...))( (\**)(\w+))?$')
res = {}
proto_re = re.compile('(.+) (\**)(\w+)\(((([^,]+)(, )?){1,5})\)$')
capture = proto_re.match(self.proto)
res['ret_type'] = capture.group(1)
res['ret_star'] = capture.group(2)
res['name'] = capture.group(3)
Reported by Pylint.
Line: 57
Column: 7
"""
arg_re = re.compile('((\w+ )*?(\w+|...))( (\**)(\w+))?$')
res = {}
proto_re = re.compile('(.+) (\**)(\w+)\(((([^,]+)(, )?){1,5})\)$')
capture = proto_re.match(self.proto)
res['ret_type'] = capture.group(1)
res['ret_star'] = capture.group(2)
res['name'] = capture.group(3)
Reported by Pylint.
Line: 57
Column: 16
"""
arg_re = re.compile('((\w+ )*?(\w+|...))( (\**)(\w+))?$')
res = {}
proto_re = re.compile('(.+) (\**)(\w+)\(((([^,]+)(, )?){1,5})\)$')
capture = proto_re.match(self.proto)
res['ret_type'] = capture.group(1)
res['ret_star'] = capture.group(2)
res['name'] = capture.group(3)
Reported by Pylint.
Line: 65
Column: 9
res['name'] = capture.group(3)
res['args'] = []
args = capture.group(4).split(', ')
for a in args:
capture = arg_re.match(a)
res['args'].append({
'type' : capture.group(1),
'star' : capture.group(5),
Reported by Pylint.
Line: 104
Column: 2
return Helper(proto=proto, desc=desc, ret=ret)
def parse_symbol(self):
p = re.compile(' \* ?(.+)$')
capture = p.match(self.line)
if not capture:
raise NoSyscallCommandFound
end_re = re.compile(' \* ?NOTES$')
end = end_re.match(self.line)
Reported by Pylint.