The following issues were found
drivers/net/ethernet/synopsys/dwc-xlgmac-common.c
4 issues
Line: 32
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const u32 default_msg_level = (NETIF_MSG_LINK | NETIF_MSG_IFDOWN |
NETIF_MSG_IFUP);
static unsigned char dev_addr[6] = {0, 0x55, 0x7b, 0xb5, 0x7d, 0xf7};
static void xlgmac_read_mac_addr(struct xlgmac_pdata *pdata)
{
struct net_device *netdev = pdata->netdev;
Reported by FlawFinder.
Line: 39
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct net_device *netdev = pdata->netdev;
/* Currently it uses a static mac address for test */
memcpy(pdata->mac_addr, dev_addr, netdev->addr_len);
}
static void xlgmac_default_config(struct xlgmac_pdata *pdata)
{
pdata->tx_osp_mode = DMA_OSP_ENABLE;
Reported by FlawFinder.
Line: 81
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
netdev->irq = pdata->dev_irq;
netdev->base_addr = (unsigned long)pdata->mac_regs;
xlgmac_read_mac_addr(pdata);
memcpy(netdev->dev_addr, pdata->mac_addr, netdev->addr_len);
/* Set all the function pointers */
xlgmac_init_all_ops(pdata);
/* Issue software reset to device */
Reported by FlawFinder.
Line: 336
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sk_buff *skb, bool tx_rx)
{
struct ethhdr *eth = (struct ethhdr *)skb->data;
unsigned char buffer[128];
unsigned int i;
netdev_dbg(netdev, "\n************** SKB dump ****************\n");
netdev_dbg(netdev, "%s packet of %d bytes\n",
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/diag/fs_tracepoint.c
4 issues
Line: 109
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
DECLARE_MASK_VAL(struct in6_addr, src_ipv6);
DECLARE_MASK_VAL(struct in6_addr, dst_ipv6);
memcpy(src_ipv6.m.in6_u.u6_addr8,
MLX5_ADDR_OF(fte_match_set_lyr_2_4, mask,
src_ipv4_src_ipv6.ipv6_layout.ipv6),
sizeof(src_ipv6.m));
memcpy(dst_ipv6.m.in6_u.u6_addr8,
MLX5_ADDR_OF(fte_match_set_lyr_2_4, mask,
Reported by FlawFinder.
Line: 113
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_ADDR_OF(fte_match_set_lyr_2_4, mask,
src_ipv4_src_ipv6.ipv6_layout.ipv6),
sizeof(src_ipv6.m));
memcpy(dst_ipv6.m.in6_u.u6_addr8,
MLX5_ADDR_OF(fte_match_set_lyr_2_4, mask,
dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
sizeof(dst_ipv6.m));
memcpy(src_ipv6.v.in6_u.u6_addr8,
MLX5_ADDR_OF(fte_match_set_lyr_2_4, value,
Reported by FlawFinder.
Line: 117
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_ADDR_OF(fte_match_set_lyr_2_4, mask,
dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
sizeof(dst_ipv6.m));
memcpy(src_ipv6.v.in6_u.u6_addr8,
MLX5_ADDR_OF(fte_match_set_lyr_2_4, value,
src_ipv4_src_ipv6.ipv6_layout.ipv6),
sizeof(src_ipv6.v));
memcpy(dst_ipv6.v.in6_u.u6_addr8,
MLX5_ADDR_OF(fte_match_set_lyr_2_4, value,
Reported by FlawFinder.
Line: 121
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_ADDR_OF(fte_match_set_lyr_2_4, value,
src_ipv4_src_ipv6.ipv6_layout.ipv6),
sizeof(src_ipv6.v));
memcpy(dst_ipv6.v.in6_u.u6_addr8,
MLX5_ADDR_OF(fte_match_set_lyr_2_4, value,
dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
sizeof(dst_ipv6.v));
if (!memcmp(&src_ipv6.m, &full_ones, sizeof(full_ones)))
Reported by FlawFinder.
drivers/net/usb/kalmia.c
4 issues
Line: 112
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!usb_buf)
return -ENOMEM;
memcpy(usb_buf, init_msg_1, 12);
status = kalmia_send_init_packet(dev, usb_buf, ARRAY_SIZE(init_msg_1),
usb_buf, 24);
if (status != 0)
goto out;
Reported by FlawFinder.
Line: 118
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (status != 0)
goto out;
memcpy(usb_buf, init_msg_2, 12);
status = kalmia_send_init_packet(dev, usb_buf, ARRAY_SIZE(init_msg_2),
usb_buf, 28);
if (status != 0)
goto out;
Reported by FlawFinder.
Line: 124
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (status != 0)
goto out;
memcpy(ethernet_addr, usb_buf + 10, ETH_ALEN);
out:
kfree(usb_buf);
return status;
}
Reported by FlawFinder.
Line: 152
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (status)
return status;
memcpy(dev->net->dev_addr, ethernet_addr, ETH_ALEN);
return status;
}
static struct sk_buff *
Reported by FlawFinder.
drivers/net/ethernet/synopsys/dwc-xlgmac-hw.c
4 issues
Line: 87
CWE codes:
758
if (ha) {
mac_addr = (u8 *)&mac_addr_lo;
mac_addr[0] = ha->addr[0];
mac_addr[1] = ha->addr[1];
mac_addr[2] = ha->addr[2];
mac_addr[3] = ha->addr[3];
mac_addr = (u8 *)&mac_addr_hi;
mac_addr[0] = ha->addr[4];
mac_addr[1] = ha->addr[5];
Reported by Cppcheck.
Line: 88
CWE codes:
758
mac_addr = (u8 *)&mac_addr_lo;
mac_addr[0] = ha->addr[0];
mac_addr[1] = ha->addr[1];
mac_addr[2] = ha->addr[2];
mac_addr[3] = ha->addr[3];
mac_addr = (u8 *)&mac_addr_hi;
mac_addr[0] = ha->addr[4];
mac_addr[1] = ha->addr[5];
Reported by Cppcheck.
Line: 89
CWE codes:
758
mac_addr[0] = ha->addr[0];
mac_addr[1] = ha->addr[1];
mac_addr[2] = ha->addr[2];
mac_addr[3] = ha->addr[3];
mac_addr = (u8 *)&mac_addr_hi;
mac_addr[0] = ha->addr[4];
mac_addr[1] = ha->addr[5];
netif_dbg(pdata, drv, pdata->netdev,
Reported by Cppcheck.
Line: 92
CWE codes:
758
mac_addr[3] = ha->addr[3];
mac_addr = (u8 *)&mac_addr_hi;
mac_addr[0] = ha->addr[4];
mac_addr[1] = ha->addr[5];
netif_dbg(pdata, drv, pdata->netdev,
"adding mac address %pM at %#x\n",
ha->addr, *mac_reg);
Reported by Cppcheck.
include/uapi/linux/netfilter/xt_physdev.h
4 issues
Line: 16
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define XT_PHYSDEV_OP_MASK (0x20 - 1)
struct xt_physdev_info {
char physindev[IFNAMSIZ];
char in_mask[IFNAMSIZ];
char physoutdev[IFNAMSIZ];
char out_mask[IFNAMSIZ];
__u8 invert;
__u8 bitmask;
Reported by FlawFinder.
Line: 17
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct xt_physdev_info {
char physindev[IFNAMSIZ];
char in_mask[IFNAMSIZ];
char physoutdev[IFNAMSIZ];
char out_mask[IFNAMSIZ];
__u8 invert;
__u8 bitmask;
};
Reported by FlawFinder.
Line: 18
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct xt_physdev_info {
char physindev[IFNAMSIZ];
char in_mask[IFNAMSIZ];
char physoutdev[IFNAMSIZ];
char out_mask[IFNAMSIZ];
__u8 invert;
__u8 bitmask;
};
Reported by FlawFinder.
Line: 19
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char physindev[IFNAMSIZ];
char in_mask[IFNAMSIZ];
char physoutdev[IFNAMSIZ];
char out_mask[IFNAMSIZ];
__u8 invert;
__u8 bitmask;
};
#endif /* _UAPI_XT_PHYSDEV_H */
Reported by FlawFinder.
net/ipv6/tcp_ipv6.c
4 issues
Line: 679
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bp->len = cpu_to_be32(nbytes);
_th = (struct tcphdr *)(bp + 1);
memcpy(_th, th, sizeof(*th));
_th->check = 0;
sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
ahash_request_set_crypt(hp->md5_req, &sg, NULL,
sizeof(*bp) + sizeof(*th));
Reported by FlawFinder.
Line: 1023
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tcp_md5sig_key *key = NULL;
#ifdef CONFIG_TCP_MD5SIG
const __u8 *hash_location = NULL;
unsigned char newhash[16];
int genhash;
struct sock *sk1 = NULL;
#endif
__be32 label = 0;
u32 priority = 0;
Reported by FlawFinder.
Line: 1265
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
newnp = tcp_inet6_sk(newsk);
newtp = tcp_sk(newsk);
memcpy(newnp, np, sizeof(struct ipv6_pinfo));
newnp->saddr = newsk->sk_v6_rcv_saddr;
inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
if (sk_is_mptcp(newsk))
Reported by FlawFinder.
Line: 1334
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
newinet = inet_sk(newsk);
newnp = tcp_inet6_sk(newsk);
memcpy(newnp, np, sizeof(struct ipv6_pinfo));
newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
newnp->saddr = ireq->ir_v6_loc_addr;
newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
newsk->sk_bound_dev_if = ireq->ir_iif;
Reported by FlawFinder.
include/net/if_inet6.h
4 issues
Line: 229
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf[0]= 0x33;
buf[1]= 0x33;
memcpy(buf + 2, &addr->s6_addr32[3], sizeof(__u32));
}
static inline void ipv6_arcnet_mc_map(const struct in6_addr *addr, char *buf)
{
buf[0] = 0x00;
Reported by FlawFinder.
Line: 252
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf[7] = 0x1b;
buf[8] = broadcast[8]; /* P_Key */
buf[9] = broadcast[9];
memcpy(buf + 10, addr->s6_addr + 6, 10);
}
static inline int ipv6_ipgre_mc_map(const struct in6_addr *addr,
const unsigned char *broadcast, char *buf)
{
Reported by FlawFinder.
Line: 259
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const unsigned char *broadcast, char *buf)
{
if ((broadcast[0] | broadcast[1] | broadcast[2] | broadcast[3]) != 0) {
memcpy(buf, broadcast, 4);
} else {
/* v4mapped? */
if ((addr->s6_addr32[0] | addr->s6_addr32[1] |
(addr->s6_addr32[2] ^ htonl(0x0000ffff))) != 0)
return -EINVAL;
Reported by FlawFinder.
Line: 265
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((addr->s6_addr32[0] | addr->s6_addr32[1] |
(addr->s6_addr32[2] ^ htonl(0x0000ffff))) != 0)
return -EINVAL;
memcpy(buf, &addr->s6_addr32[3], 4);
}
return 0;
}
#endif
Reported by FlawFinder.
include/net/flow_dissector.h
4 issues
Line: 159
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 sip;
__u32 tip;
__u8 op;
unsigned char sha[ETH_ALEN];
unsigned char tha[ETH_ALEN];
};
/**
* flow_dissector_key_tp_ports:
Reported by FlawFinder.
Line: 160
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 tip;
__u8 op;
unsigned char sha[ETH_ALEN];
unsigned char tha[ETH_ALEN];
};
/**
* flow_dissector_key_tp_ports:
* @ports: port numbers of Transport header
Reported by FlawFinder.
Line: 200
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct flow_dissector_key_eth_addrs {
/* (dst,src) must be grouped, in the same way than in ETH header */
unsigned char dst[ETH_ALEN];
unsigned char src[ETH_ALEN];
};
/**
* struct flow_dissector_key_tcp:
Reported by FlawFinder.
Line: 201
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct flow_dissector_key_eth_addrs {
/* (dst,src) must be grouped, in the same way than in ETH header */
unsigned char dst[ETH_ALEN];
unsigned char src[ETH_ALEN];
};
/**
* struct flow_dissector_key_tcp:
* @flags: flags
Reported by FlawFinder.
include/uapi/linux/netfilter_bridge/ebt_arp.h
4 issues
Line: 30
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be32 smsk;
__be32 daddr;
__be32 dmsk;
unsigned char smaddr[ETH_ALEN];
unsigned char smmsk[ETH_ALEN];
unsigned char dmaddr[ETH_ALEN];
unsigned char dmmsk[ETH_ALEN];
__u8 bitmask;
__u8 invflags;
Reported by FlawFinder.
Line: 31
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be32 daddr;
__be32 dmsk;
unsigned char smaddr[ETH_ALEN];
unsigned char smmsk[ETH_ALEN];
unsigned char dmaddr[ETH_ALEN];
unsigned char dmmsk[ETH_ALEN];
__u8 bitmask;
__u8 invflags;
};
Reported by FlawFinder.
Line: 32
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be32 dmsk;
unsigned char smaddr[ETH_ALEN];
unsigned char smmsk[ETH_ALEN];
unsigned char dmaddr[ETH_ALEN];
unsigned char dmmsk[ETH_ALEN];
__u8 bitmask;
__u8 invflags;
};
Reported by FlawFinder.
Line: 33
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char smaddr[ETH_ALEN];
unsigned char smmsk[ETH_ALEN];
unsigned char dmaddr[ETH_ALEN];
unsigned char dmmsk[ETH_ALEN];
__u8 bitmask;
__u8 invflags;
};
#endif
Reported by FlawFinder.
kernel/kmod.c
4 issues
Line: 142
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
return -ENOENT;
va_start(args, fmt);
ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
va_end(args);
if (ret >= MODULE_NAME_LEN)
return -ENAMETOOLONG;
ret = security_kernel_module_request(module_name);
Reported by FlawFinder.
Line: 61
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
modprobe_path is set via /proc/sys.
*/
char modprobe_path[KMOD_PATH_LEN] = CONFIG_MODPROBE_PATH;
static void free_modprobe_argv(struct subprocess_info *info)
{
kfree(info->argv[3]); /* check call_modprobe() */
kfree(info->argv);
Reported by FlawFinder.
Line: 79
Column: 31
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
NULL
};
char **argv = kmalloc(sizeof(char *[5]), GFP_KERNEL);
if (!argv)
goto out;
module_name = kstrdup(module_name, GFP_KERNEL);
if (!module_name)
Reported by FlawFinder.
Line: 127
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int __request_module(bool wait, const char *fmt, ...)
{
va_list args;
char module_name[MODULE_NAME_LEN];
int ret;
/*
* We don't allow synchronous module loading from async. Module
* init may invoke async_synchronize_full() which will end up
Reported by FlawFinder.