The following issues were found
drivers/net/ethernet/marvell/pxa168_eth.c
5 issues
Line: 399
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 addr1;
u32 addr2;
u32 addr3;
unsigned char mac_addr[ETH_ALEN];
/* Make a copy of MAC address since we are going to performe bit
* operations on it
*/
memcpy(mac_addr, mac_addr_orig, ETH_ALEN);
Reported by FlawFinder.
Line: 404
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Make a copy of MAC address since we are going to performe bit
* operations on it
*/
memcpy(mac_addr, mac_addr_orig, ETH_ALEN);
nibble_swap_every_byte(mac_addr);
inverse_every_nibble(mac_addr);
addr0 = (mac_addr[5] >> 2) & 0x3f;
Reported by FlawFinder.
Line: 604
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct sockaddr *sa = addr;
struct pxa168_eth_private *pep = netdev_priv(dev);
unsigned char oldMac[ETH_ALEN];
u32 mac_h, mac_l;
if (!is_valid_ether_addr(sa->sa_data))
return -EADDRNOTAVAIL;
memcpy(oldMac, dev->dev_addr, ETH_ALEN);
Reported by FlawFinder.
Line: 609
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(sa->sa_data))
return -EADDRNOTAVAIL;
memcpy(oldMac, dev->dev_addr, ETH_ALEN);
memcpy(dev->dev_addr, sa->sa_data, ETH_ALEN);
mac_h = dev->dev_addr[0] << 24;
mac_h |= dev->dev_addr[1] << 16;
mac_h |= dev->dev_addr[2] << 8;
Reported by FlawFinder.
Line: 610
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(sa->sa_data))
return -EADDRNOTAVAIL;
memcpy(oldMac, dev->dev_addr, ETH_ALEN);
memcpy(dev->dev_addr, sa->sa_data, ETH_ALEN);
mac_h = dev->dev_addr[0] << 24;
mac_h |= dev->dev_addr[1] << 16;
mac_h |= dev->dev_addr[2] << 8;
mac_h |= dev->dev_addr[3];
Reported by FlawFinder.
drivers/net/ethernet/intel/igb/e1000_mac.c
5 issues
Line: 480
CWE codes:
476
break;
}
hash_value = hash_mask & (((mc_addr[4] >> (8 - bit_shift)) |
(((u16) mc_addr[5]) << bit_shift)));
return hash_value;
}
Reported by Cppcheck.
Line: 300
Column: 24
CWE codes:
120
20
if (hw->mac.type >= e1000_82580)
goto out;
ret_val = hw->nvm.ops.read(hw, NVM_ALT_MAC_ADDR_PTR, 1,
&nvm_alt_mac_addr_offset);
if (ret_val) {
hw_dbg("NVM Read Error\n");
goto out;
}
Reported by FlawFinder.
Line: 321
Column: 25
CWE codes:
120
20
nvm_alt_mac_addr_offset += E1000_ALT_MAC_ADDRESS_OFFSET_LAN3;
for (i = 0; i < ETH_ALEN; i += 2) {
offset = nvm_alt_mac_addr_offset + (i >> 1);
ret_val = hw->nvm.ops.read(hw, offset, 1, &nvm_data);
if (ret_val) {
hw_dbg("NVM Read Error\n");
goto out;
}
Reported by FlawFinder.
Line: 805
Column: 24
CWE codes:
120
20
else
lan_offset = 0;
ret_val = hw->nvm.ops.read(hw, NVM_INIT_CONTROL2_REG + lan_offset,
1, &nvm_data);
if (ret_val) {
hw_dbg("NVM Read Error\n");
goto out;
}
Reported by FlawFinder.
drivers/net/fddi/skfp/smt.c
4 issues
Line: 910
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* swap it back */
smt_swap_para(sm,frame_len,0) ;
memcpy((char *) &rdf->refused.ref_header,(char *) sm,len) ;
len -= sizeof(struct smt_header) ;
mb->sm_len += len ;
rdf->smt.smt_len += len ;
Reported by FlawFinder.
Line: 1491
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct smp_p_manufacturer *man)
{
SMTSETPARA(man,SMT_P_MANUFACTURER) ;
memcpy((char *) man->mf_data,
(char *) smc->mib.fddiSMTManufacturerData,
sizeof(man->mf_data)) ;
}
/*
Reported by FlawFinder.
Line: 1502
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void smt_fill_user(struct s_smc *smc, struct smp_p_user *user)
{
SMTSETPARA(user,SMT_P_USER) ;
memcpy((char *) user->us_data,
(char *) smc->mib.fddiSMTUserData,
sizeof(user->us_data)) ;
}
/*
Reported by FlawFinder.
Line: 1515
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SK_UNUSED(smc) ;
SMTSETPARA(setcount,SMT_P_SETCOUNT) ;
setcount->count = smc->mib.fddiSMTSetCount.count ;
memcpy((char *)setcount->timestamp,
(char *)smc->mib.fddiSMTSetCount.timestamp,8) ;
}
/*
* fill echo data
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/en_accel/fs_tcp.c
4 issues
Line: 35
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_SET(fte_match_param, spec->match_value, outer_headers.ip_protocol, IPPROTO_TCP);
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.ip_version);
MLX5_SET(fte_match_param, spec->match_value, outer_headers.ip_version, 4);
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.src_ipv4_src_ipv6.ipv4_layout.ipv4),
&inet_sk(sk)->inet_daddr, 4);
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.dst_ipv4_dst_ipv6.ipv4_layout.ipv4),
&inet_sk(sk)->inet_rcv_saddr, 4);
Reported by FlawFinder.
Line: 38
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.src_ipv4_src_ipv6.ipv4_layout.ipv4),
&inet_sk(sk)->inet_daddr, 4);
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.dst_ipv4_dst_ipv6.ipv4_layout.ipv4),
&inet_sk(sk)->inet_rcv_saddr, 4);
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria,
outer_headers.src_ipv4_src_ipv6.ipv4_layout.ipv4);
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria,
Reported by FlawFinder.
Line: 54
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_SET(fte_match_param, spec->match_value, outer_headers.ip_protocol, IPPROTO_TCP);
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.ip_version);
MLX5_SET(fte_match_param, spec->match_value, outer_headers.ip_version, 6);
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.src_ipv4_src_ipv6.ipv6_layout.ipv6),
&sk->sk_v6_daddr, 16);
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
&inet6_sk(sk)->saddr, 16);
Reported by FlawFinder.
Line: 57
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.src_ipv4_src_ipv6.ipv6_layout.ipv6),
&sk->sk_v6_daddr, 16);
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
&inet6_sk(sk)->saddr, 16);
memset(MLX5_ADDR_OF(fte_match_param, spec->match_criteria,
outer_headers.src_ipv4_src_ipv6.ipv6_layout.ipv6),
0xff, 16);
Reported by FlawFinder.
drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c
4 issues
Line: 1348
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!efs)
return -ENOENT;
memcpy(rxnfc, &efs->rxnfc, sizeof(efs->rxnfc));
return 0;
}
int mvpp2_ethtool_cls_rule_ins(struct mvpp2_port *port,
Reported by FlawFinder.
Line: 1412
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ethtool_rx_flow_rule_destroy(ethtool_rule);
efs->rule.flow = NULL;
memcpy(&efs->rxnfc, info, sizeof(*info));
port->rfs_rules[efs->rule.loc] = efs;
port->n_rfs_rules++;
return ret;
Reported by FlawFinder.
Line: 1601
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!rss_table)
return -EINVAL;
memcpy(rss_table->indir, indir,
MVPP22_RSS_TABLE_ENTRIES * sizeof(rss_table->indir[0]));
mvpp22_rss_fill_table(port, rss_table, rss_ctx);
return 0;
Reported by FlawFinder.
Line: 1619
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!rss_table)
return -EINVAL;
memcpy(indir, rss_table->indir,
MVPP22_RSS_TABLE_ENTRIES * sizeof(rss_table->indir[0]));
return 0;
}
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
4 issues
Line: 430
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
be32_to_cpu(attrs->spi));
if (ip_version == 4) {
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.src_ipv4_src_ipv6.ipv4_layout.ipv4),
&attrs->saddr.a4, 4);
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.dst_ipv4_dst_ipv6.ipv4_layout.ipv4),
&attrs->daddr.a4, 4);
Reported by FlawFinder.
Line: 433
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.src_ipv4_src_ipv6.ipv4_layout.ipv4),
&attrs->saddr.a4, 4);
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.dst_ipv4_dst_ipv6.ipv4_layout.ipv4),
&attrs->daddr.a4, 4);
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria,
outer_headers.src_ipv4_src_ipv6.ipv4_layout.ipv4);
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria,
Reported by FlawFinder.
Line: 441
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria,
outer_headers.dst_ipv4_dst_ipv6.ipv4_layout.ipv4);
} else {
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.src_ipv4_src_ipv6.ipv6_layout.ipv6),
&attrs->saddr.a6, 16);
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
&attrs->daddr.a6, 16);
Reported by FlawFinder.
Line: 444
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.src_ipv4_src_ipv6.ipv6_layout.ipv6),
&attrs->saddr.a6, 16);
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
&attrs->daddr.a6, 16);
memset(MLX5_ADDR_OF(fte_match_param, spec->match_criteria,
outer_headers.src_ipv4_src_ipv6.ipv6_layout.ipv6),
0xff, 16);
Reported by FlawFinder.
drivers/net/usb/ax88172a.c
4 issues
Line: 309
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
rx_ctl);
/* Connect to PHY */
snprintf(priv->phy_name, 20, PHY_ID_FMT,
priv->mdio->id, priv->phy_addr);
priv->phydev = phy_connect(dev->net, priv->phy_name,
&ax88172a_adjust_link,
PHY_INTERFACE_MODE_MII);
Reported by FlawFinder.
Line: 21
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ax88172a_private {
struct mii_bus *mdio;
struct phy_device *phydev;
char phy_name[20];
u16 phy_addr;
u16 oldmode;
int use_embdphy;
struct asix_rx_fixup_info rx_fixup_info;
};
Reported by FlawFinder.
Line: 179
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = -EIO;
goto free;
}
memcpy(dev->net->dev_addr, buf, ETH_ALEN);
dev->net->netdev_ops = &ax88172a_netdev_ops;
dev->net->ethtool_ops = &ax88172a_ethtool_ops;
/* are we using the internal or the external phy? */
Reported by FlawFinder.
Line: 289
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Rewrite MAC address */
memcpy(data->mac_addr, dev->net->dev_addr, ETH_ALEN);
ret = asix_write_cmd(dev, AX_CMD_WRITE_NODE_ID, 0, 0, ETH_ALEN,
data->mac_addr, 0);
if (ret < 0)
goto out;
Reported by FlawFinder.
drivers/net/ethernet/mscc/ocelot_flower.c
4 issues
Line: 557
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
tmp = &filter->key.ipv4.sip.value.addr[0];
memcpy(tmp, &match.key->src, 4);
tmp = &filter->key.ipv4.sip.mask.addr[0];
memcpy(tmp, &match.mask->src, 4);
tmp = &filter->key.ipv4.dip.value.addr[0];
Reported by FlawFinder.
Line: 560
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(tmp, &match.key->src, 4);
tmp = &filter->key.ipv4.sip.mask.addr[0];
memcpy(tmp, &match.mask->src, 4);
tmp = &filter->key.ipv4.dip.value.addr[0];
memcpy(tmp, &match.key->dst, 4);
tmp = &filter->key.ipv4.dip.mask.addr[0];
Reported by FlawFinder.
Line: 563
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(tmp, &match.mask->src, 4);
tmp = &filter->key.ipv4.dip.value.addr[0];
memcpy(tmp, &match.key->dst, 4);
tmp = &filter->key.ipv4.dip.mask.addr[0];
memcpy(tmp, &match.mask->dst, 4);
match_protocol = false;
}
Reported by FlawFinder.
Line: 566
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(tmp, &match.key->dst, 4);
tmp = &filter->key.ipv4.dip.mask.addr[0];
memcpy(tmp, &match.mask->dst, 4);
match_protocol = false;
}
if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV6_ADDRS) &&
proto == ETH_P_IPV6) {
Reported by FlawFinder.
drivers/net/ethernet/mscc/ocelot_net.c
4 issues
Line: 163
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct devlink *dl = ocelot->devlink;
struct devlink_port_attrs attrs = {};
memcpy(attrs.switch_id.id, &ocelot->base_mac, id_len);
attrs.switch_id.id_len = id_len;
attrs.phys.port_number = port;
attrs.flavour = flavour;
devlink_port_attrs_set(dlp, &attrs);
Reported by FlawFinder.
Line: 542
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union {
/* OCELOT_MACT_LEARN */
struct {
unsigned char addr[ETH_ALEN];
u16 vid;
enum macaccess_entry_type entry_type;
int pgid;
} learn;
/* OCELOT_MACT_FORGET */
Reported by FlawFinder.
Line: 549
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} learn;
/* OCELOT_MACT_FORGET */
struct {
unsigned char addr[ETH_ALEN];
u16 vid;
} forget;
};
};
Reported by FlawFinder.
Line: 1497
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
NETIF_F_HW_TC;
dev->features |= NETIF_F_HW_VLAN_CTAG_FILTER | NETIF_F_HW_TC;
memcpy(dev->dev_addr, ocelot->base_mac, ETH_ALEN);
dev->dev_addr[ETH_ALEN - 1] += port;
ocelot_mact_learn(ocelot, PGID_CPU, dev->dev_addr,
ocelot_port->pvid_vlan.vid, ENTRYTYPE_LOCKED);
ocelot_init_port(ocelot, port);
Reported by FlawFinder.
drivers/net/ethernet/pensando/ionic/ionic_dev.h
4 issues
Line: 132
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ionic_devinfo {
u8 asic_type;
u8 asic_rev;
char fw_version[IONIC_DEVINFO_FWVERS_BUFLEN + 1];
char serial_num[IONIC_DEVINFO_SERIAL_BUFLEN + 1];
};
struct ionic_dev {
union ionic_dev_info_regs __iomem *dev_info_regs;
Reported by FlawFinder.
Line: 133
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 asic_type;
u8 asic_rev;
char fw_version[IONIC_DEVINFO_FWVERS_BUFLEN + 1];
char serial_num[IONIC_DEVINFO_SERIAL_BUFLEN + 1];
};
struct ionic_dev {
union ionic_dev_info_regs __iomem *dev_info_regs;
union ionic_dev_cmd_regs __iomem *dev_cmd_regs;
Reported by FlawFinder.
Line: 248
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int desc_size;
unsigned int sg_desc_size;
unsigned int pid;
char name[IONIC_QUEUE_NAME_MAX_SZ];
} ____cacheline_aligned_in_smp;
#define IONIC_INTR_INDEX_NOT_ASSIGNED -1
#define IONIC_INTR_NAME_MAX_SZ 32
Reported by FlawFinder.
Line: 255
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define IONIC_INTR_NAME_MAX_SZ 32
struct ionic_intr_info {
char name[IONIC_INTR_NAME_MAX_SZ];
unsigned int index;
unsigned int vector;
u64 rearm_count;
unsigned int cpu;
cpumask_t affinity_mask;
Reported by FlawFinder.