The following issues were found
drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c
4 issues
Line: 525
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&flow_spec->ip6dst,
(struct in6_addr *)&match.key->dst,
sizeof(flow_spec->ip6dst));
memcpy(&flow_mask->ip6dst,
(struct in6_addr *)&match.mask->dst,
sizeof(flow_spec->ip6dst));
req->features |= BIT_ULL(NPC_DIP_IPV6);
}
Reported by FlawFinder.
Line: 535
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&flow_spec->ip6src,
(struct in6_addr *)&match.key->src,
sizeof(flow_spec->ip6src));
memcpy(&flow_mask->ip6src,
(struct in6_addr *)&match.mask->src,
sizeof(flow_spec->ip6src));
req->features |= BIT_ULL(NPC_SIP_IPV6);
}
}
Reported by FlawFinder.
Line: 694
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto free_leaf;
}
memcpy(&dummy.hdr, &req->hdr, sizeof(struct mbox_msghdr));
memcpy(req, &dummy, sizeof(struct npc_install_flow_req));
new_node->bitpos = find_first_zero_bit(tc_info->tc_entries_bitmap,
nic->flow_cfg->tc_max_flows);
req->channel = nic->hw.rx_chan_base;
Reported by FlawFinder.
Line: 695
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(&dummy.hdr, &req->hdr, sizeof(struct mbox_msghdr));
memcpy(req, &dummy, sizeof(struct npc_install_flow_req));
new_node->bitpos = find_first_zero_bit(tc_info->tc_entries_bitmap,
nic->flow_cfg->tc_max_flows);
req->channel = nic->hw.rx_chan_base;
req->entry = nic->flow_cfg->flow_ent[nic->flow_cfg->tc_flower_offset +
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/en_accel/tls_rxtx.c
4 issues
Line: 73
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct recv_metadata_content recv;
/* from host to fpga */
struct send_metadata_content send;
unsigned char raw[6];
} __packed content;
/* packet type ID field */
__be16 ethertype;
} __packed;
Reported by FlawFinder.
Line: 157
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_reset_mac_header(nskb);
skb_set_network_header(nskb, skb_network_offset(skb));
skb_set_transport_header(nskb, skb_transport_offset(skb));
memcpy(nskb->data, skb->data, headln);
memcpy(nskb->data + headln, &rcd_sn, sizeof(rcd_sn));
iph = ip_hdr(nskb);
iph->tot_len = htons(nskb->len - skb_network_offset(nskb));
th = tcp_hdr(nskb);
Reported by FlawFinder.
Line: 158
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_set_network_header(nskb, skb_network_offset(skb));
skb_set_transport_header(nskb, skb_transport_offset(skb));
memcpy(nskb->data, skb->data, headln);
memcpy(nskb->data + headln, &rcd_sn, sizeof(rcd_sn));
iph = ip_hdr(nskb);
iph->tot_len = htons(nskb->len - skb_network_offset(nskb));
th = tcp_hdr(nskb);
data_len = nskb->len - headln;
Reported by FlawFinder.
Line: 176
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_shinfo(nskb)->gso_type = skb_shinfo(skb)->gso_type;
pet = (struct mlx5e_tls_metadata *)(nskb->data + sizeof(struct ethhdr));
memcpy(pet, &syndrome, sizeof(syndrome));
pet->content.send.first_seq = htons(tcp_seq);
/* MLX5 devices don't care about the checksum partial start, offset
* and pseudo header
*/
Reported by FlawFinder.
drivers/net/ethernet/freescale/gianfar.c
4 issues
Line: 3329
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < priv->num_grps; i++) {
struct gfar_priv_grp *grp = &priv->gfargrp[i];
if (priv->device_flags & FSL_GIANFAR_DEV_HAS_MULTI_INTR) {
sprintf(gfar_irq(grp, TX)->name, "%s%s%c%s",
dev->name, "_g", '0' + i, "_tx");
sprintf(gfar_irq(grp, RX)->name, "%s%s%c%s",
dev->name, "_g", '0' + i, "_rx");
sprintf(gfar_irq(grp, ER)->name, "%s%s%c%s",
dev->name, "_g", '0' + i, "_er");
Reported by FlawFinder.
Line: 3331
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (priv->device_flags & FSL_GIANFAR_DEV_HAS_MULTI_INTR) {
sprintf(gfar_irq(grp, TX)->name, "%s%s%c%s",
dev->name, "_g", '0' + i, "_tx");
sprintf(gfar_irq(grp, RX)->name, "%s%s%c%s",
dev->name, "_g", '0' + i, "_rx");
sprintf(gfar_irq(grp, ER)->name, "%s%s%c%s",
dev->name, "_g", '0' + i, "_er");
} else
strcpy(gfar_irq(grp, TX)->name, dev->name);
Reported by FlawFinder.
Line: 3333
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
dev->name, "_g", '0' + i, "_tx");
sprintf(gfar_irq(grp, RX)->name, "%s%s%c%s",
dev->name, "_g", '0' + i, "_rx");
sprintf(gfar_irq(grp, ER)->name, "%s%s%c%s",
dev->name, "_g", '0' + i, "_er");
} else
strcpy(gfar_irq(grp, TX)->name, dev->name);
}
Reported by FlawFinder.
Line: 3336
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
sprintf(gfar_irq(grp, ER)->name, "%s%s%c%s",
dev->name, "_g", '0' + i, "_er");
} else
strcpy(gfar_irq(grp, TX)->name, dev->name);
}
/* Initialize the filer table */
gfar_init_filer_table(priv);
Reported by FlawFinder.
drivers/net/ethernet/i825xx/ether1.h
4 issues
Line: 95
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define RFD_CMDEL (1 << 15)
unsigned short rfd_link;
unsigned short rfd_rbdoffset;
unsigned char rfd_dest[6];
unsigned char rfd_src[6];
unsigned short rfd_len;
} rfd_t;
typedef struct { /* rbd */
Reported by FlawFinder.
Line: 96
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short rfd_link;
unsigned short rfd_rbdoffset;
unsigned char rfd_dest[6];
unsigned char rfd_src[6];
unsigned short rfd_len;
} rfd_t;
typedef struct { /* rbd */
unsigned short rbd_status;
Reported by FlawFinder.
Line: 122
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short mc_command;
unsigned short mc_link;
unsigned short mc_cnt;
unsigned char mc_addrs[1][6];
} mc_t;
typedef struct { /* set address */
unsigned short sa_status;
unsigned short sa_command;
Reported by FlawFinder.
Line: 129
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short sa_status;
unsigned short sa_command;
unsigned short sa_link;
unsigned char sa_addr[6];
} sa_t;
typedef struct { /* config command */
unsigned short cfg_status;
unsigned short cfg_command;
Reported by FlawFinder.
drivers/net/ethernet/realtek/8139cp.c
4 issues
Line: 388
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ethtool_eeprom *eeprom, u8 *data);
static struct {
const char str[ETH_GSTRING_LEN];
} ethtool_stats_keys[] = {
{ "tx_ok" },
{ "rx_ok" },
{ "tx_err" },
{ "rx_err" },
Reported by FlawFinder.
Line: 1292
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return cp_open(dev);
}
static const char mii_2_8139_map[8] = {
BasicModeCtrl,
BasicModeStatus,
0,
0,
NWayAdvert,
Reported by FlawFinder.
Line: 1528
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
switch (stringset) {
case ETH_SS_STATS:
memcpy(buf, ðtool_stats_keys, sizeof(ethtool_stats_keys));
break;
default:
BUG();
break;
}
Reported by FlawFinder.
Line: 1627
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(addr->sa_data))
return -EADDRNOTAVAIL;
memcpy(dev->dev_addr, addr->sa_data, dev->addr_len);
spin_lock_irq(&cp->lock);
cpw8_f(Cfg9346, Cfg9346_Unlock);
cpw32_f(MAC0 + 0, le32_to_cpu (*(__le32 *) (dev->dev_addr + 0)));
Reported by FlawFinder.
drivers/net/wireless/ath/ath10k/testmode.c
4 issues
Line: 142
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int ath10k_tm_fetch_utf_firmware_api_1(struct ath10k *ar,
struct ath10k_fw_file *fw_file)
{
char filename[100];
int ret;
snprintf(filename, sizeof(filename), "%s/%s",
ar->hw_params.fw.dir, ATH10K_FW_UTF_FILE);
Reported by FlawFinder.
Line: 177
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath10k_fw_components *utf_mode_fw;
int ret;
char fw_name[100];
int fw_api2 = 2;
switch (ar->hif.bus) {
case ATH10K_BUS_SDIO:
case ATH10K_BUS_USB:
Reported by FlawFinder.
Line: 411
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(skb->data, buf, buf_len);
ret = ath10k_wmi_cmd_send(ar, skb, cmd_id);
if (ret) {
ath10k_warn(ar, "failed to transmit wmi command (testmode): %d\n",
ret);
Reported by FlawFinder.
Line: 294
Column: 6
CWE codes:
126
ar->state = ATH10K_STATE_UTF;
if (strlen(ar->testmode.utf_mode_fw.fw_file.fw_version) > 0)
ver = ar->testmode.utf_mode_fw.fw_file.fw_version;
else
ver = "API 1";
ath10k_info(ar, "UTF firmware %s started\n", ver);
Reported by FlawFinder.
drivers/net/ethernet/i825xx/sun3_82586.c
4 issues
Line: 161
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
volatile struct nop_cmd_struct *nop_cmds[NUM_XMIT_BUFFS];
#endif
volatile int nop_point,num_recv_buffs;
volatile char *xmit_cbuffs[NUM_XMIT_BUFFS];
volatile int xmit_count,xmit_last;
};
/**********************************************
* close device
Reported by FlawFinder.
Line: 309
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!dev)
goto out;
if (unit >= 0) {
sprintf(dev->name, "eth%d", unit);
netdev_boot_setup_check(dev);
}
dev->irq = IE_IRQ;
dev->base_addr = ioaddr;
Reported by FlawFinder.
Line: 467
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ias_cmd->cmd_cmd = swab16(CMD_IASETUP | CMD_LAST);
ias_cmd->cmd_link = 0xffff;
memcpy((char *)&ias_cmd->iaddr,(char *) dev->dev_addr,ETH_ALEN);
p->scb->cbl_offset = make16(ias_cmd);
p->scb->cmd_cuc = CUC_START; /* cmd.-unit start */
sun3_attn586();
Reported by FlawFinder.
Line: 538
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
i = 0;
netdev_for_each_mc_addr(ha, dev)
memcpy((char *) mc_cmd->mc_list[i++],
ha->addr, ETH_ALEN);
p->scb->cbl_offset = make16(mc_cmd);
p->scb->cmd_cuc = CUC_START;
sun3_attn586();
Reported by FlawFinder.
drivers/net/ethernet/renesas/ravb_main.c
4 issues
Line: 43
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
NETIF_MSG_RX_ERR | \
NETIF_MSG_TX_ERR)
static const char *ravb_rx_irqs[NUM_RX_QUEUE] = {
"ch0", /* RAVB_BE */
"ch1", /* RAVB_NC */
};
static const char *ravb_tx_irqs[NUM_TX_QUEUE] = {
Reported by FlawFinder.
Line: 48
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"ch1", /* RAVB_NC */
};
static const char *ravb_tx_irqs[NUM_TX_QUEUE] = {
"ch18", /* RAVB_BE */
"ch19", /* RAVB_NC */
};
void ravb_modify(struct net_device *ndev, enum ravb_reg reg, u32 clear,
Reported by FlawFinder.
Line: 1181
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
switch (stringset) {
case ETH_SS_STATS:
memcpy(data, ravb_gstrings_stats, sizeof(ravb_gstrings_stats));
break;
}
}
static void ravb_get_ringparam(struct net_device *ndev,
Reported by FlawFinder.
Line: 1537
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len == 0)
len = DPTR_ALIGN;
memcpy(buffer, skb->data, len);
dma_addr = dma_map_single(ndev->dev.parent, buffer, len,
DMA_TO_DEVICE);
if (dma_mapping_error(ndev->dev.parent, dma_addr))
goto drop;
Reported by FlawFinder.
drivers/net/ethernet/renesas/sh_eth.c
4 issues
Line: 2014
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
} else {
char phy_id[MII_BUS_ID_SIZE + 3];
snprintf(phy_id, sizeof(phy_id), PHY_ID_FMT,
mdp->mii_bus->id, mdp->phy_id);
phydev = phy_connect(ndev, phy_id, sh_eth_adjust_link,
mdp->phy_interface);
}
Reported by FlawFinder.
Line: 1156
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void read_mac_address(struct net_device *ndev, unsigned char *mac)
{
if (mac[0] || mac[1] || mac[2] || mac[3] || mac[4] || mac[5]) {
memcpy(ndev->dev_addr, mac, ETH_ALEN);
} else {
u32 mahr = sh_eth_read(ndev, MAHR);
u32 malr = sh_eth_read(ndev, MALR);
ndev->dev_addr[0] = (mahr >> 24) & 0xFF;
Reported by FlawFinder.
Line: 2012
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!phydev)
phydev = ERR_PTR(-ENOENT);
} else {
char phy_id[MII_BUS_ID_SIZE + 3];
snprintf(phy_id, sizeof(phy_id), PHY_ID_FMT,
mdp->mii_bus->id, mdp->phy_id);
phydev = phy_connect(ndev, phy_id, sh_eth_adjust_link,
Reported by FlawFinder.
Line: 2290
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
switch (stringset) {
case ETH_SS_STATS:
memcpy(data, sh_eth_gstrings_stats,
sizeof(sh_eth_gstrings_stats));
break;
}
}
Reported by FlawFinder.
drivers/net/ethernet/rocker/rocker_main.c
4 issues
Line: 1956
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err = rocker_cmd_set_port_settings_macaddr(rocker_port, addr->sa_data);
if (err)
return err;
memcpy(dev->dev_addr, addr->sa_data, dev->addr_len);
return 0;
}
static int rocker_port_change_mtu(struct net_device *dev, int new_mtu)
{
Reported by FlawFinder.
Line: 2027
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const struct rocker *rocker = rocker_port->rocker;
ppid->id_len = sizeof(rocker->hw.id);
memcpy(&ppid->id, &rocker->hw.id, ppid->id_len);
return 0;
}
static const struct net_device_ops rocker_port_netdev_ops = {
Reported by FlawFinder.
Line: 2245
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
static struct rocker_port_stats {
char str[ETH_GSTRING_LEN];
int type;
} rocker_port_stats[] = {
{ "rx_packets", ROCKER_TLV_CMD_PORT_STATS_RX_PKTS, },
{ "rx_bytes", ROCKER_TLV_CMD_PORT_STATS_RX_BYTES, },
{ "rx_dropped", ROCKER_TLV_CMD_PORT_STATS_RX_DROPPED, },
Reported by FlawFinder.
Line: 2270
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (stringset) {
case ETH_SS_STATS:
for (i = 0; i < ARRAY_SIZE(rocker_port_stats); i++) {
memcpy(p, rocker_port_stats[i].str, ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
break;
}
}
Reported by FlawFinder.