The following issues were found
security/landlock/fs.c
4 issues
Line: 215
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
const u64 layer_level = BIT_ULL(layer->level - 1);
/* Checks that the layer grants access to the full request. */
if ((layer->access & access_request) == access_request) {
layer_mask &= ~layer_level;
if (layer_mask == 0)
return layer_mask;
}
Reported by FlawFinder.
Line: 645
Column: 3
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
access = LANDLOCK_ACCESS_FS_READ_FILE;
}
if (file->f_mode & FMODE_WRITE)
access |= LANDLOCK_ACCESS_FS_WRITE_FILE;
/* __FMODE_EXEC is indeed part of f_flags, not f_mode. */
if (file->f_flags & __FMODE_EXEC)
access |= LANDLOCK_ACCESS_FS_EXECUTE;
return access;
}
Reported by FlawFinder.
Line: 648
Column: 3
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
access |= LANDLOCK_ACCESS_FS_WRITE_FILE;
/* __FMODE_EXEC is indeed part of f_flags, not f_mode. */
if (file->f_flags & __FMODE_EXEC)
access |= LANDLOCK_ACCESS_FS_EXECUTE;
return access;
}
static int hook_file_open(struct file *const file)
{
Reported by FlawFinder.
Line: 649
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
/* __FMODE_EXEC is indeed part of f_flags, not f_mode. */
if (file->f_flags & __FMODE_EXEC)
access |= LANDLOCK_ACCESS_FS_EXECUTE;
return access;
}
static int hook_file_open(struct file *const file)
{
const struct landlock_ruleset *const dom =
Reported by FlawFinder.
sound/soc/stm/stm32_sai_sub.c
4 issues
Line: 277
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct stm32_sai_sub_data *sai = snd_kcontrol_chip(kcontrol);
mutex_lock(&sai->ctrl_lock);
memcpy(uctl->value.iec958.status, sai->iec958.status, 4);
mutex_unlock(&sai->ctrl_lock);
return 0;
}
Reported by FlawFinder.
Line: 289
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct stm32_sai_sub_data *sai = snd_kcontrol_chip(kcontrol);
mutex_lock(&sai->ctrl_lock);
memcpy(sai->iec958.status, uctl->value.iec958.status, 4);
mutex_unlock(&sai->ctrl_lock);
return 0;
}
Reported by FlawFinder.
Line: 475
Column: 48
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
*p++ = *s++;
i++;
}
STM_SAI_IS_SUB_A(sai) ? strcat(p, "a_mclk") : strcat(p, "b_mclk");
mclk->hw.init = CLK_HW_INIT(mclk_name, pname, &mclk_ops, 0);
mclk->sai_data = sai;
hw = &mclk->hw;
Reported by FlawFinder.
Line: 475
Column: 26
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
*p++ = *s++;
i++;
}
STM_SAI_IS_SUB_A(sai) ? strcat(p, "a_mclk") : strcat(p, "b_mclk");
mclk->hw.init = CLK_HW_INIT(mclk_name, pname, &mclk_ops, 0);
mclk->sai_data = sai;
hw = &mclk->hw;
Reported by FlawFinder.
sound/soc/atmel/mchp-spdiftx.c
4 issues
Line: 186
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define SPDIFTX_UD_BITS 192
struct mchp_spdiftx_mixer_control {
unsigned char ch_stat[SPDIFTX_CS_BITS / 8];
unsigned char user_data[SPDIFTX_UD_BITS / 8];
spinlock_t lock; /* exclusive access to control data */
};
struct mchp_spdiftx_dev {
Reported by FlawFinder.
Line: 187
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mchp_spdiftx_mixer_control {
unsigned char ch_stat[SPDIFTX_CS_BITS / 8];
unsigned char user_data[SPDIFTX_UD_BITS / 8];
spinlock_t lock; /* exclusive access to control data */
};
struct mchp_spdiftx_dev {
struct mchp_spdiftx_mixer_control control;
Reported by FlawFinder.
Line: 580
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct mchp_spdiftx_mixer_control *ctrl = &dev->control;
spin_lock_irqsave(&ctrl->lock, flags);
memcpy(uvalue->value.iec958.status, ctrl->ch_stat,
sizeof(ctrl->ch_stat));
spin_unlock_irqrestore(&ctrl->lock, flags);
return 0;
}
Reported by FlawFinder.
Line: 640
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned long flags;
spin_lock_irqsave(&ctrl->lock, flags);
memcpy(uvalue->value.iec958.subcode, ctrl->user_data,
sizeof(ctrl->user_data));
spin_unlock_irqrestore(&ctrl->lock, flags);
return 0;
}
Reported by FlawFinder.
sound/soc/atmel/mchp-spdifrx.c
4 issues
Line: 213
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define SPDIFRX_CHANNELS 2
struct mchp_spdifrx_ch_stat {
unsigned char data[SPDIFRX_CS_BITS / 8];
struct completion done;
};
struct mchp_spdifrx_user_data {
unsigned char data[SPDIFRX_UD_BITS / 8];
Reported by FlawFinder.
Line: 218
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct mchp_spdifrx_user_data {
unsigned char data[SPDIFRX_UD_BITS / 8];
struct completion done;
spinlock_t lock; /* protect access to user data */
};
struct mchp_spdifrx_mixer_control {
Reported by FlawFinder.
Line: 528
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
channel);
}
memcpy(uvalue->value.iec958.status, ch_stat->data,
sizeof(ch_stat->data));
return 0;
}
Reported by FlawFinder.
Line: 582
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
spin_lock_irqsave(&user_data->lock, flags);
memcpy(uvalue->value.iec958.subcode, user_data->data,
sizeof(user_data->data));
spin_unlock_irqrestore(&user_data->lock, flags);
return 0;
}
Reported by FlawFinder.
scripts/selinux/mdp/mdp.c
4 issues
Line: 149
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
fprintf(fout, "sid %s ", name);
else
fprintf(fout, "sid unused%d\n", i);
fprintf(fout, SUBJUSERROLETYPE "%s\n",
mls ? ":" SYSTEMLOW : "");
}
fprintf(fout, "\n");
#define FS_USE(behavior, fstype) \
Reported by FlawFinder.
Line: 33
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Class/perm mapping support */
struct security_class_mapping {
const char *name;
const char *perms[sizeof(unsigned) * 8 + 1];
};
#include "classmap.h"
#include "initial_sid_to_string.h"
#include "policycap_names.h"
Reported by FlawFinder.
Line: 60
Column: 9
CWE codes:
362
polout = *arg++;
ctxout = *arg;
fout = fopen(polout, "w");
if (!fout) {
printf("Could not open %s for writing\n", polout);
usage(argv[0]);
}
Reported by FlawFinder.
Line: 263
Column: 9
CWE codes:
362
fclose(fout);
fout = fopen(ctxout, "w");
if (!fout) {
printf("Wrote policy, but cannot open %s for writing\n", ctxout);
usage(argv[0]);
}
fprintf(fout, "/ " OBJUSERROLETYPE "%s\n", mls ? ":" SYSTEMLOW : "");
Reported by FlawFinder.
sound/drivers/opl3/opl3_oss.c
4 issues
Line: 50
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int snd_opl3_oss_create_port(struct snd_opl3 * opl3)
{
struct snd_seq_port_callback callbacks;
char name[32];
int voices, opl_ver;
voices = (opl3->hardware < OPL3_HW_OPL3) ?
MAX_OPL2_VOICES : MAX_OPL3_VOICES;
opl3->oss_chset = snd_midi_channel_alloc_set(voices);
Reported by FlawFinder.
Line: 67
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
callbacks.private_data = opl3;
opl_ver = (opl3->hardware & OPL3_HW_MASK) >> 8;
sprintf(name, "OPL%i OSS Port", opl_ver);
opl3->oss_chset->client = opl3->seq_client;
opl3->oss_chset->port = snd_seq_event_port_attach(opl3->seq_client, &callbacks,
SNDRV_SEQ_PORT_CAP_WRITE,
SNDRV_SEQ_PORT_TYPE_MIDI_GENERIC |
Reported by FlawFinder.
Line: 181
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct snd_opl3 *opl3;
struct sbi_instrument sbi;
char name[32];
int err, type;
if (snd_BUG_ON(!arg))
return -ENXIO;
opl3 = arg->private_data;
Reported by FlawFinder.
Line: 209
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
memset(name, 0, sizeof(name));
sprintf(name, "Chan%d", sbi.channel);
err = snd_opl3_load_patch(opl3, sbi.channel, 127, type, name, NULL,
sbi.operators);
if (err < 0)
return err;
Reported by FlawFinder.
sound/drivers/opl3/opl3_seq.c
4 issues
Line: 164
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int snd_opl3_synth_create_port(struct snd_opl3 * opl3)
{
struct snd_seq_port_callback callbacks;
char name[32];
int voices, opl_ver;
voices = (opl3->hardware < OPL3_HW_OPL3) ?
MAX_OPL2_VOICES : MAX_OPL3_VOICES;
opl3->chset = snd_midi_channel_alloc_set(16);
Reported by FlawFinder.
Line: 183
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
callbacks.private_data = opl3;
opl_ver = (opl3->hardware & OPL3_HW_MASK) >> 8;
sprintf(name, "OPL%i FM Port", opl_ver);
opl3->chset->client = opl3->seq_client;
opl3->chset->port = snd_seq_event_port_attach(opl3->seq_client, &callbacks,
SNDRV_SEQ_PORT_CAP_WRITE |
SNDRV_SEQ_PORT_CAP_SUBS_WRITE,
Reported by FlawFinder.
Line: 212
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_seq_device *dev = to_seq_dev(_dev);
struct snd_opl3 *opl3;
int client, err;
char name[32];
int opl_ver;
opl3 = *(struct snd_opl3 **)SNDRV_SEQ_DEVICE_ARGPTR(dev);
if (opl3 == NULL)
return -EINVAL;
Reported by FlawFinder.
Line: 225
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* allocate new client */
opl_ver = (opl3->hardware & OPL3_HW_MASK) >> 8;
sprintf(name, "OPL%i FM synth", opl_ver);
client = opl3->seq_client =
snd_seq_create_kernel_client(opl3->card, opl3->seq_dev_num,
name);
if (client < 0)
return client;
Reported by FlawFinder.
sound/sh/aica.c
4 issues
Line: 567
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
}
strcpy(dreamcastcard->card->driver, "snd_aica");
strcpy(dreamcastcard->card->shortname, SND_AICA_DRIVER);
strcpy(dreamcastcard->card->longname,
"Yamaha AICA Super Intelligent Sound Processor for SEGA Dreamcast");
/* Prepare to use the queue */
INIT_WORK(&(dreamcastcard->spu_dma_work), run_spu_dma);
timer_setup(&dreamcastcard->timer, aica_period_elapsed, 0);
Reported by FlawFinder.
Line: 419
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (unlikely(err < 0))
return err;
pcm->private_data = dreamcastcard;
strcpy(pcm->name, "AICA PCM");
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK,
&snd_aicapcm_playback_ops);
/* Allocate the DMA buffers */
snd_pcm_set_managed_buffer_all(pcm,
SNDRV_DMA_TYPE_CONTINUOUS,
Reported by FlawFinder.
Line: 566
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
kfree(dreamcastcard);
return err;
}
strcpy(dreamcastcard->card->driver, "snd_aica");
strcpy(dreamcastcard->card->shortname, SND_AICA_DRIVER);
strcpy(dreamcastcard->card->longname,
"Yamaha AICA Super Intelligent Sound Processor for SEGA Dreamcast");
/* Prepare to use the queue */
INIT_WORK(&(dreamcastcard->spu_dma_work), run_spu_dma);
Reported by FlawFinder.
Line: 568
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
strcpy(dreamcastcard->card->driver, "snd_aica");
strcpy(dreamcastcard->card->shortname, SND_AICA_DRIVER);
strcpy(dreamcastcard->card->longname,
"Yamaha AICA Super Intelligent Sound Processor for SEGA Dreamcast");
/* Prepare to use the queue */
INIT_WORK(&(dreamcastcard->spu_dma_work), run_spu_dma);
timer_setup(&dreamcastcard->timer, aica_period_elapsed, 0);
/* Load the PCM 'chip' */
Reported by FlawFinder.
sound/pcmcia/vx/vxpocket.c
4 issues
Line: 179
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
snd_printdd(KERN_DEBUG "vxpocket assign resources: port = 0x%x, irq = %d\n", port, irq);
vxp->port = port;
sprintf(card->shortname, "Digigram %s", card->driver);
sprintf(card->longname, "%s at 0x%x, irq %i",
card->shortname, port, irq);
chip->irq = irq;
card->sync_irq = chip->irq;
Reported by FlawFinder.
Line: 180
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
vxp->port = port;
sprintf(card->shortname, "Digigram %s", card->driver);
sprintf(card->longname, "%s at 0x%x, irq %i",
card->shortname, port, irq);
chip->irq = irq;
card->sync_irq = chip->irq;
Reported by FlawFinder.
Line: 213
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* overwrite the hardware information */
chip->hw = &vxp440_hw;
chip->type = vxp440_hw.type;
strcpy(chip->card->driver, vxp440_hw.name);
}
ret = pcmcia_request_io(link);
if (ret)
goto failed_preirq;
Reported by FlawFinder.
Line: 25
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_LICENSE("GPL");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP; /* Enable switches */
static int ibl[SNDRV_CARDS];
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for VXPocket soundcard.");
Reported by FlawFinder.
sound/pcmcia/pdaudiocf/pdaudiocf.c
4 issues
Line: 165
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return err;
strcpy(card->driver, "PDAudio-CF");
sprintf(card->shortname, "Core Sound %s", card->driver);
sprintf(card->longname, "%s at 0x%x, irq %i",
card->shortname, port, irq);
err = snd_pdacf_pcm_new(pdacf);
if (err < 0)
Reported by FlawFinder.
Line: 166
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(card->driver, "PDAudio-CF");
sprintf(card->shortname, "Core Sound %s", card->driver);
sprintf(card->longname, "%s at 0x%x, irq %i",
card->shortname, port, irq);
err = snd_pdacf_pcm_new(pdacf);
if (err < 0)
return err;
Reported by FlawFinder.
Line: 27
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_LICENSE("GPL");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP; /* Enable switches */
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for " CARD_NAME " soundcard.");
module_param_array(id, charp, NULL, 0444);
Reported by FlawFinder.
Line: 164
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
return err;
strcpy(card->driver, "PDAudio-CF");
sprintf(card->shortname, "Core Sound %s", card->driver);
sprintf(card->longname, "%s at 0x%x, irq %i",
card->shortname, port, irq);
err = snd_pdacf_pcm_new(pdacf);
Reported by FlawFinder.