The following issues were found
drivers/net/ethernet/mellanox/mlx5/core/en/reporter_rx.c
4 issues
Line: 659
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void mlx5e_reporter_rx_timeout(struct mlx5e_rq *rq)
{
char icosq_str[MLX5E_REPORTER_PER_Q_MAX_LEN] = {};
char err_str[MLX5E_REPORTER_PER_Q_MAX_LEN];
struct mlx5e_icosq *icosq = rq->icosq;
struct mlx5e_priv *priv = rq->priv;
struct mlx5e_err_ctx err_ctx = {};
Reported by FlawFinder.
Line: 660
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void mlx5e_reporter_rx_timeout(struct mlx5e_rq *rq)
{
char icosq_str[MLX5E_REPORTER_PER_Q_MAX_LEN] = {};
char err_str[MLX5E_REPORTER_PER_Q_MAX_LEN];
struct mlx5e_icosq *icosq = rq->icosq;
struct mlx5e_priv *priv = rq->priv;
struct mlx5e_err_ctx err_ctx = {};
err_ctx.ctx = rq;
Reported by FlawFinder.
Line: 680
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void mlx5e_reporter_rq_cqe_err(struct mlx5e_rq *rq)
{
char err_str[MLX5E_REPORTER_PER_Q_MAX_LEN];
struct mlx5e_priv *priv = rq->priv;
struct mlx5e_err_ctx err_ctx = {};
err_ctx.ctx = rq;
err_ctx.recover = mlx5e_rx_reporter_err_rq_cqe_recover;
Reported by FlawFinder.
Line: 695
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void mlx5e_reporter_icosq_cqe_err(struct mlx5e_icosq *icosq)
{
struct mlx5e_priv *priv = icosq->channel->priv;
char err_str[MLX5E_REPORTER_PER_Q_MAX_LEN];
struct mlx5e_err_ctx err_ctx = {};
err_ctx.ctx = icosq;
err_ctx.recover = mlx5e_rx_reporter_err_icosq_cqe_recover;
err_ctx.dump = mlx5e_rx_reporter_dump_icosq;
Reported by FlawFinder.
drivers/net/ethernet/freescale/enetc/enetc_ethtool.c
4 issues
Line: 243
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
for (i = 0; i < priv->num_tx_rings; i++) {
for (j = 0; j < ARRAY_SIZE(tx_ring_stats); j++) {
snprintf(p, ETH_GSTRING_LEN, tx_ring_stats[j],
i);
p += ETH_GSTRING_LEN;
}
}
for (i = 0; i < priv->num_rx_rings; i++) {
Reported by FlawFinder.
Line: 250
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
for (i = 0; i < priv->num_rx_rings; i++) {
for (j = 0; j < ARRAY_SIZE(rx_ring_stats); j++) {
snprintf(p, ETH_GSTRING_LEN, rx_ring_stats[j],
i);
p += ETH_GSTRING_LEN;
}
}
Reported by FlawFinder.
Line: 96
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const struct {
int reg;
char name[ETH_GSTRING_LEN];
} enetc_si_counters[] = {
{ ENETC_SIROCT, "SI rx octets" },
{ ENETC_SIRFRM, "SI rx frames" },
{ ENETC_SIRUCA, "SI rx u-cast frames" },
{ ENETC_SIRMCA, "SI rx m-cast frames" },
Reported by FlawFinder.
Line: 126
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const struct {
int reg;
char name[ETH_GSTRING_LEN];
} enetc_port_counters[] = {
{ ENETC_PM0_REOCT, "MAC rx ethernet octets" },
{ ENETC_PM0_RALN, "MAC rx alignment errors" },
{ ENETC_PM0_RXPF, "MAC rx valid pause frames" },
{ ENETC_PM0_RFRM, "MAC rx valid frames" },
Reported by FlawFinder.
drivers/net/ethernet/wiznet/w5300.c
4 issues
Line: 475
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(sock_addr->sa_data))
return -EADDRNOTAVAIL;
memcpy(ndev->dev_addr, sock_addr->sa_data, ETH_ALEN);
w5300_write_macaddr(priv);
return 0;
}
static int w5300_open(struct net_device *ndev)
Reported by FlawFinder.
Line: 537
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int ret;
if (data && is_valid_ether_addr(data->mac_addr)) {
memcpy(ndev->dev_addr, data->mac_addr, ETH_ALEN);
} else {
eth_hw_addr_random(ndev);
}
mem = platform_get_resource(pdev, IORESOURCE_MEM, 0);
Reported by FlawFinder.
Line: 90
Column: 9
CWE codes:
120
20
void __iomem *base;
spinlock_t reg_lock;
bool indirect;
u16 (*read) (struct w5300_priv *priv, u16 addr);
void (*write)(struct w5300_priv *priv, u16 addr, u16 data);
int irq;
int link_irq;
int link_gpio;
Reported by FlawFinder.
Line: 168
Column: 26
CWE codes:
120
20
#define w5300_write w5300_write_indirect
#else /* CONFIG_WIZNET_BUS_ANY */
#define w5300_read priv->read
#define w5300_write priv->write
#endif
static u32 w5300_read32(struct w5300_priv *priv, u16 addr)
{
Reported by FlawFinder.
drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c
4 issues
Line: 899
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* get the RSS Key required by the user */
if (key)
memcpy(key, ppe_cb->rss_key, HNS_PPEV2_RSS_KEY_SIZE);
/* update the current hash->queue mappings from the shadow RSS table */
if (indir)
memcpy(indir, ppe_cb->rss_indir_table,
HNS_PPEV2_RSS_IND_TBL_SIZE * sizeof(*indir));
Reported by FlawFinder.
Line: 903
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* update the current hash->queue mappings from the shadow RSS table */
if (indir)
memcpy(indir, ppe_cb->rss_indir_table,
HNS_PPEV2_RSS_IND_TBL_SIZE * sizeof(*indir));
return 0;
}
Reported by FlawFinder.
Line: 916
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* set the RSS Hash Key if specififed by the user */
if (key) {
memcpy(ppe_cb->rss_key, key, HNS_PPEV2_RSS_KEY_SIZE);
hns_ppe_set_rss_key(ppe_cb, ppe_cb->rss_key);
}
if (indir) {
/* update the shadow RSS table with user specified qids */
Reported by FlawFinder.
Line: 922
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (indir) {
/* update the shadow RSS table with user specified qids */
memcpy(ppe_cb->rss_indir_table, indir,
HNS_PPEV2_RSS_IND_TBL_SIZE * sizeof(*indir));
/* now update the hardware */
hns_ppe_set_indir_table(ppe_cb, ppe_cb->rss_indir_table);
}
Reported by FlawFinder.
drivers/net/ethernet/sun/sunvnet_common.c
4 issues
Line: 1298
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_push(curr, maclen);
skb_reset_mac_header(curr);
memcpy(skb_mac_header(curr), skb_mac_header(skb),
maclen);
curr->csum_start = skb_transport_header(curr) - curr->head;
if (ip_hdr(curr)->protocol == IPPROTO_TCP)
curr->csum_offset = offsetof(struct tcphdr, check);
else if (ip_hdr(curr)->protocol == IPPROTO_UDP)
Reported by FlawFinder.
Line: 1576
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m = kzalloc(sizeof(*m), GFP_ATOMIC);
if (!m)
continue;
memcpy(m->addr, ha->addr, ETH_ALEN);
m->hit = 1;
m->next = vp->mcast_list;
vp->mcast_list = m;
}
Reported by FlawFinder.
Line: 1604
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (m->sent)
continue;
m->sent = 1;
memcpy(&info.mcast_addr[n_addrs * ETH_ALEN],
m->addr, ETH_ALEN);
if (++n_addrs == VNET_NUM_MCAST) {
info.count = n_addrs;
(void)vio_ldc_send(&port->vio, &info,
Reported by FlawFinder.
Line: 1630
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
}
memcpy(&info.mcast_addr[n_addrs * ETH_ALEN],
m->addr, ETH_ALEN);
if (++n_addrs == VNET_NUM_MCAST) {
info.count = n_addrs;
(void)vio_ldc_send(&port->vio, &info,
sizeof(info));
Reported by FlawFinder.
drivers/net/wireless/broadcom/b43/xmit.c
4 issues
Line: 276
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
txhdr->phy_rate = b43_plcp_get_ratecode_cck(rate);
txhdr->mac_frame_ctl = wlhdr->frame_control;
memcpy(txhdr->tx_receiver, wlhdr->addr1, ETH_ALEN);
/* Calculate duration for fallback rate */
if ((rate_fb == rate) ||
(wlhdr->duration_id & cpu_to_le16(0x8000)) ||
(wlhdr->duration_id == cpu_to_le16(0))) {
Reported by FlawFinder.
Line: 333
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
txhdr->iv[i * 2 + 1] = phase1key[i] >> 8;
}
/* iv16 */
memcpy(txhdr->iv + 10, ((u8 *) wlhdr) + wlhdr_len, 3);
} else {
iv_len = min_t(size_t, info->control.hw_key->iv_len,
ARRAY_SIZE(txhdr->iv));
memcpy(txhdr->iv, ((u8 *) wlhdr) + wlhdr_len, iv_len);
}
Reported by FlawFinder.
Line: 337
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
iv_len = min_t(size_t, info->control.hw_key->iv_len,
ARRAY_SIZE(txhdr->iv));
memcpy(txhdr->iv, ((u8 *) wlhdr) + wlhdr_len, iv_len);
}
}
switch (dev->fw.hdr_format) {
case B43_FW_HDR_598:
b43_generate_plcp_hdr((struct b43_plcp_hdr4 *)(&txhdr->format_598.plcp),
Reported by FlawFinder.
Line: 806
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto drop;
}
memcpy(IEEE80211_SKB_RXCB(skb), &status, sizeof(status));
ieee80211_rx_ni(dev->wl->hw, skb);
#if B43_DEBUG
dev->rx_count++;
#endif
Reported by FlawFinder.
drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c
4 issues
Line: 408
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Drop flow control pause frames */
static void mvpp2_prs_drop_fc(struct mvpp2 *priv)
{
unsigned char da[ETH_ALEN] = { 0x01, 0x80, 0xC2, 0x00, 0x00, 0x01 };
struct mvpp2_prs_entry pe;
unsigned int len;
memset(&pe, 0, sizeof(pe));
Reported by FlawFinder.
Line: 1946
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Find tcam entry with matched pair <vid,port> */
static int mvpp2_prs_vid_range_find(struct mvpp2_port *port, u16 vid, u16 mask)
{
unsigned char byte[2], enable[2];
struct mvpp2_prs_entry pe;
u16 rvid, rmask;
int tid;
/* Go through the all entries with MVPP2_PRS_LU_VID */
Reported by FlawFinder.
Line: 2248
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Update parser's mac da entry */
int mvpp2_prs_mac_da_accept(struct mvpp2_port *port, const u8 *da, bool add)
{
unsigned char mask[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
struct mvpp2 *priv = port->priv;
unsigned int pmap, len, ri;
struct mvpp2_prs_entry pe;
int tid;
Reported by FlawFinder.
Line: 2364
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (tid = MVPP2_PE_MAC_RANGE_START;
tid <= MVPP2_PE_MAC_RANGE_END; tid++) {
unsigned char da[ETH_ALEN], da_mask[ETH_ALEN];
if (!priv->prs_shadow[tid].valid ||
(priv->prs_shadow[tid].lu != MVPP2_PRS_LU_MAC) ||
(priv->prs_shadow[tid].udf != MVPP2_PRS_UDF_MAC_DEF))
continue;
Reported by FlawFinder.
drivers/net/wireless/ath/carl9170/carl9170.h
4 issues
Line: 203
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct carl9170_led {
struct ar9170 *ar;
struct led_classdev l;
char name[32];
unsigned int toggled;
bool last_state;
bool registered;
};
#endif /* CONFIG_CARL9170_LEDS */
Reported by FlawFinder.
Line: 435
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
bool pbc_state;
struct input_dev *pbc;
char name[32];
char phys[32];
} wps;
#endif /* CONFIG_CARL9170_WPC */
#ifdef CONFIG_CARL9170_DEBUGFS
Reported by FlawFinder.
Line: 436
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool pbc_state;
struct input_dev *pbc;
char name[32];
char phys[32];
} wps;
#endif /* CONFIG_CARL9170_WPC */
#ifdef CONFIG_CARL9170_DEBUGFS
struct carl9170_debug debug;
Reported by FlawFinder.
Line: 462
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
struct hwrng rng;
bool initialized;
char name[30 + 1];
u16 cache[CARL9170_HWRNG_CACHE_SIZE / sizeof(u16)];
unsigned int cache_idx;
} rng;
#endif /* CONFIG_CARL9170_HWRNG */
};
Reported by FlawFinder.
drivers/net/ethernet/microchip/enc28j60.c
4 issues
Line: 109
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = spi_sync(priv->spi, &msg);
if (ret == 0) {
memcpy(data, rx_buf, len);
ret = msg.status;
}
if (ret && netif_msg_drv(priv))
dev_printk(KERN_DEBUG, dev, "%s() failed: ret = %d\n",
__func__, ret);
Reported by FlawFinder.
Line: 131
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = -EINVAL;
else {
priv->spi_transfer_buf[0] = ENC28J60_WRITE_BUF_MEM;
memcpy(&priv->spi_transfer_buf[1], data, len);
ret = spi_write(priv->spi, priv->spi_transfer_buf, len + 1);
if (ret && netif_msg_drv(priv))
dev_printk(KERN_DEBUG, dev, "%s() failed: ret = %d\n",
__func__, ret);
}
Reported by FlawFinder.
Line: 817
Column: 64
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enc28j60_mem_read(priv, endptr + 1, TSV_SIZE, tsv);
}
static void enc28j60_dump_tsv(struct enc28j60_net *priv, const char *msg,
u8 tsv[TSV_SIZE])
{
struct device *dev = &priv->spi->dev;
u16 tmp1, tmp2;
Reported by FlawFinder.
Line: 1542
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int enc28j60_probe(struct spi_device *spi)
{
unsigned char macaddr[ETH_ALEN];
struct net_device *dev;
struct enc28j60_net *priv;
int ret = 0;
if (netif_msg_drv(&debug))
Reported by FlawFinder.
drivers/net/ethernet/microchip/lan743x_ethtool.c
4 issues
Line: 467
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
switch (stringset) {
case ETH_SS_STATS:
memcpy(data, lan743x_set0_hw_cnt_strings,
sizeof(lan743x_set0_hw_cnt_strings));
memcpy(&data[sizeof(lan743x_set0_hw_cnt_strings)],
lan743x_set1_sw_cnt_strings,
sizeof(lan743x_set1_sw_cnt_strings));
memcpy(&data[sizeof(lan743x_set0_hw_cnt_strings) +
Reported by FlawFinder.
Line: 469
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case ETH_SS_STATS:
memcpy(data, lan743x_set0_hw_cnt_strings,
sizeof(lan743x_set0_hw_cnt_strings));
memcpy(&data[sizeof(lan743x_set0_hw_cnt_strings)],
lan743x_set1_sw_cnt_strings,
sizeof(lan743x_set1_sw_cnt_strings));
memcpy(&data[sizeof(lan743x_set0_hw_cnt_strings) +
sizeof(lan743x_set1_sw_cnt_strings)],
lan743x_set2_hw_cnt_strings,
Reported by FlawFinder.
Line: 472
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&data[sizeof(lan743x_set0_hw_cnt_strings)],
lan743x_set1_sw_cnt_strings,
sizeof(lan743x_set1_sw_cnt_strings));
memcpy(&data[sizeof(lan743x_set0_hw_cnt_strings) +
sizeof(lan743x_set1_sw_cnt_strings)],
lan743x_set2_hw_cnt_strings,
sizeof(lan743x_set2_hw_cnt_strings));
break;
case ETH_SS_PRIV_FLAGS:
Reported by FlawFinder.
Line: 478
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(lan743x_set2_hw_cnt_strings));
break;
case ETH_SS_PRIV_FLAGS:
memcpy(data, lan743x_priv_flags_strings,
sizeof(lan743x_priv_flags_strings));
break;
}
}
Reported by FlawFinder.