The following issues were found
arch/powerpc/crypto/sha1.c
4 issues
Line: 52
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (partial) {
done = -partial;
memcpy(sctx->buffer + partial, data, done + 64);
src = sctx->buffer;
}
do {
powerpc_sha_transform(sctx->state, src);
Reported by FlawFinder.
Line: 64
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
partial = 0;
}
memcpy(sctx->buffer + partial, src, len - done);
return 0;
}
Reported by FlawFinder.
Line: 103
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct sha1_state *sctx = shash_desc_ctx(desc);
memcpy(out, sctx, sizeof(*sctx));
return 0;
}
static int powerpc_sha1_import(struct shash_desc *desc, const void *in)
{
Reported by FlawFinder.
Line: 111
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct sha1_state *sctx = shash_desc_ctx(desc);
memcpy(sctx, in, sizeof(*sctx));
return 0;
}
static struct shash_alg alg = {
.digestsize = SHA1_DIGEST_SIZE,
Reported by FlawFinder.
arch/sparc/kernel/sysfs.c
4 issues
Line: 24
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf) \
{ \
struct hv_mmu_statistics *p = &per_cpu(mmu_stats, dev->id); \
return sprintf(buf, "%lu\n", p->NAME); \
} \
static DEVICE_ATTR(NAME, 0444, show_##NAME, NULL)
SHOW_MMUSTAT_ULONG(immu_tsb_hits_ctx0_8k_tte);
SHOW_MMUSTAT_ULONG(immu_tsb_ticks_ctx0_8k_tte);
Reported by FlawFinder.
Line: 128
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
long val = work_on_cpu(s->id, read_mmustat_enable, NULL);
return sprintf(buf, "%lx\n", val);
}
static ssize_t store_mmustat_enable(struct device *s,
struct device_attribute *attr, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 177
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf) \
{ \
cpuinfo_sparc *c = &cpu_data(dev->id); \
return sprintf(buf, "%lu\n", c->MEMBER); \
}
#define SHOW_CPUDATA_UINT_NAME(NAME, MEMBER) \
static ssize_t show_##NAME(struct device *dev, \
struct device_attribute *attr, char *buf) \
Reported by FlawFinder.
Line: 185
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf) \
{ \
cpuinfo_sparc *c = &cpu_data(dev->id); \
return sprintf(buf, "%u\n", c->MEMBER); \
}
SHOW_CPUDATA_ULONG_NAME(clock_tick, clock_tick);
SHOW_CPUDATA_UINT_NAME(l1_dcache_size, dcache_size);
SHOW_CPUDATA_UINT_NAME(l1_dcache_line_size, dcache_line_size);
Reported by FlawFinder.
arch/sparc/kernel/sys_sparc_64.c
4 issues
Line: 527
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
SYSCALL_DEFINE2(getdomainname, char __user *, name, int, len)
{
int nlen, err;
char tmp[__NEW_UTS_LEN + 1];
if (len < 0)
return -EINVAL;
down_read(&uts_sem);
Reported by FlawFinder.
Line: 538
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err = -EINVAL;
if (nlen > len)
goto out_unlock;
memcpy(tmp, utsname()->domainname, nlen);
up_read(&uts_sem);
if (copy_to_user(name, tmp, nlen))
return -EFAULT;
Reported by FlawFinder.
Line: 653
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
p[0]--;
current_thread_info()->utraps[0] = 1;
memcpy(current_thread_info()->utraps+1, p+1,
UT_TRAP_INSTRUCTION_31*sizeof(long));
}
}
if (old_p) {
if (put_user((utrap_handler_t)(current_thread_info()->utraps[type]), old_p))
Reported by FlawFinder.
Line: 534
Column: 9
CWE codes:
126
down_read(&uts_sem);
nlen = strlen(utsname()->domainname) + 1;
err = -EINVAL;
if (nlen > len)
goto out_unlock;
memcpy(tmp, utsname()->domainname, nlen);
Reported by FlawFinder.
arch/sparc/kernel/sun4d_smp.c
4 issues
Line: 405
CWE codes:
570
int i;
/* Patch ipi15 trap table */
t_nmi[1] = t_nmi[1] + (linux_trap_ipi15_sun4d - linux_trap_ipi15_sun4m);
sparc32_ipi_ops = &sun4d_ipi_ops;
for (i = 0; i < NR_CPUS; i++) {
ccall_info.processors_in[i] = 1;
Reported by Cppcheck.
Line: 43
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void smp4d_ipi_init(void);
static unsigned char cpu_leds[32];
static inline void show_leds(int cpuid)
{
cpuid &= 0x1e;
__asm__ __volatile__ ("stba %0, [%1] %2" : :
Reported by FlawFinder.
Line: 277
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long arg3;
unsigned long arg4;
unsigned long arg5;
unsigned char processors_in[NR_CPUS]; /* Set when ipi entered. */
unsigned char processors_out[NR_CPUS]; /* Set when ipi exited. */
} ccall_info __attribute__((aligned(8)));
static DEFINE_SPINLOCK(cross_call_lock);
Reported by FlawFinder.
Line: 278
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long arg4;
unsigned long arg5;
unsigned char processors_in[NR_CPUS]; /* Set when ipi entered. */
unsigned char processors_out[NR_CPUS]; /* Set when ipi exited. */
} ccall_info __attribute__((aligned(8)));
static DEFINE_SPINLOCK(cross_call_lock);
/* Cross calls must be serialized, at least currently. */
Reported by FlawFinder.
arch/arm/crypto/poly1305-glue.c
4 issues
Line: 91
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(dctx->buflen)) {
u32 bytes = min(len, POLY1305_BLOCK_SIZE - dctx->buflen);
memcpy(dctx->buf + dctx->buflen, src, bytes);
src += bytes;
len -= bytes;
dctx->buflen += bytes;
if (dctx->buflen == POLY1305_BLOCK_SIZE) {
Reported by FlawFinder.
Line: 111
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(len)) {
dctx->buflen = len;
memcpy(dctx->buf, src, len);
}
}
static int arm_poly1305_update(struct shash_desc *desc,
const u8 *src, unsigned int srclen)
Reported by FlawFinder.
Line: 148
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(dctx->buflen)) {
u32 bytes = min(nbytes, POLY1305_BLOCK_SIZE - dctx->buflen);
memcpy(dctx->buf + dctx->buflen, src, bytes);
src += bytes;
nbytes -= bytes;
dctx->buflen += bytes;
if (dctx->buflen == POLY1305_BLOCK_SIZE) {
Reported by FlawFinder.
Line: 183
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(nbytes)) {
dctx->buflen = nbytes;
memcpy(dctx->buf, src, nbytes);
}
}
EXPORT_SYMBOL(poly1305_update_arch);
void poly1305_final_arch(struct poly1305_desc_ctx *dctx, u8 *dst)
Reported by FlawFinder.
arch/mips/crypto/poly1305-glue.c
4 issues
Line: 78
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(dctx->buflen)) {
u32 bytes = min(len, POLY1305_BLOCK_SIZE - dctx->buflen);
memcpy(dctx->buf + dctx->buflen, src, bytes);
src += bytes;
len -= bytes;
dctx->buflen += bytes;
if (dctx->buflen == POLY1305_BLOCK_SIZE) {
Reported by FlawFinder.
Line: 97
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(len)) {
dctx->buflen = len;
memcpy(dctx->buf, src, len);
}
return 0;
}
void poly1305_update_arch(struct poly1305_desc_ctx *dctx, const u8 *src,
Reported by FlawFinder.
Line: 108
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(dctx->buflen)) {
u32 bytes = min(nbytes, POLY1305_BLOCK_SIZE - dctx->buflen);
memcpy(dctx->buf + dctx->buflen, src, bytes);
src += bytes;
nbytes -= bytes;
dctx->buflen += bytes;
if (dctx->buflen == POLY1305_BLOCK_SIZE) {
Reported by FlawFinder.
Line: 130
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(nbytes)) {
dctx->buflen = nbytes;
memcpy(dctx->buf, src, nbytes);
}
}
EXPORT_SYMBOL(poly1305_update_arch);
void poly1305_final_arch(struct poly1305_desc_ctx *dctx, u8 *dst)
Reported by FlawFinder.
crypto/asymmetric_keys/asymmetric_type.c
4 issues
Line: 22
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_LICENSE("GPL");
const char *const key_being_used_for[NR__KEY_BEING_USED_FOR] = {
[VERIFYING_MODULE_SIGNATURE] = "mod sig",
[VERIFYING_FIRMWARE_SIGNATURE] = "firmware sig",
[VERIFYING_KEXEC_PE_SIGNATURE] = "kexec PE sig",
[VERIFYING_KEY_SIGNATURE] = "key sig",
[VERIFYING_KEY_SELF_SIGNATURE] = "key self sig",
Reported by FlawFinder.
Line: 147
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!kid)
return ERR_PTR(-ENOMEM);
kid->len = len_1 + len_2;
memcpy(kid->data, val_1, len_1);
memcpy(kid->data + len_1, val_2, len_2);
return kid;
}
EXPORT_SYMBOL_GPL(asymmetric_key_generate_id);
Reported by FlawFinder.
Line: 148
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ERR_PTR(-ENOMEM);
kid->len = len_1 + len_2;
memcpy(kid->data, val_1, len_1);
memcpy(kid->data + len_1, val_2, len_2);
return kid;
}
EXPORT_SYMBOL_GPL(asymmetric_key_generate_id);
/**
Reported by FlawFinder.
Line: 230
Column: 16
CWE codes:
126
if (!*id)
return ERR_PTR(-EINVAL);
asciihexlen = strlen(id);
if (asciihexlen & 1)
return ERR_PTR(-EINVAL);
match_id = kmalloc(sizeof(struct asymmetric_key_id) + asciihexlen / 2,
GFP_KERNEL);
Reported by FlawFinder.
arch/mips/dec/prom/identify.c
4 issues
Line: 47
Column: 14
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
const char *get_system_type(void)
{
#define STR_BUF_LEN 64
static char system[STR_BUF_LEN];
static int called = 0;
if (called == 0) {
called = 1;
snprintf(system, STR_BUF_LEN, "Digital %s",
Reported by FlawFinder.
Line: 52
Column: 12
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
if (called == 0) {
called = 1;
snprintf(system, STR_BUF_LEN, "Digital %s",
dec_system_strings[mips_machtype]);
}
return system;
}
Reported by FlawFinder.
Line: 56
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
dec_system_strings[mips_machtype]);
}
return system;
}
/*
* Setup essential system-specific memory addresses. We need them
Reported by FlawFinder.
Line: 47
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *get_system_type(void)
{
#define STR_BUF_LEN 64
static char system[STR_BUF_LEN];
static int called = 0;
if (called == 0) {
called = 1;
snprintf(system, STR_BUF_LEN, "Digital %s",
Reported by FlawFinder.
arch/mips/dec/prom/memory.c
4 issues
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static __init void pmax_setup_memory_region(void)
{
volatile unsigned char *memory_page, dummy;
char old_handler[0x80];
extern char genexcept_early;
/* Install exception handler */
memcpy(&old_handler, (void *)(CKSEG0 + 0x80), 0x80);
memcpy((void *)(CKSEG0 + 0x80), &genexcept_early, 0x80);
Reported by FlawFinder.
Line: 37
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
extern char genexcept_early;
/* Install exception handler */
memcpy(&old_handler, (void *)(CKSEG0 + 0x80), 0x80);
memcpy((void *)(CKSEG0 + 0x80), &genexcept_early, 0x80);
/* read unmapped and uncached (KSEG1)
* DECstations have at least 4MB RAM
* Assume less than 480MB of RAM, as this is max for 5000/2xx
Reported by FlawFinder.
Line: 38
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Install exception handler */
memcpy(&old_handler, (void *)(CKSEG0 + 0x80), 0x80);
memcpy((void *)(CKSEG0 + 0x80), &genexcept_early, 0x80);
/* read unmapped and uncached (KSEG1)
* DECstations have at least 4MB RAM
* Assume less than 480MB of RAM, as this is max for 5000/2xx
* FIXME this should be replaced by the first free page!
Reported by FlawFinder.
Line: 50
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memory_page += CHUNK_SIZE) {
dummy = *memory_page;
}
memcpy((void *)(CKSEG0 + 0x80), &old_handler, 0x80);
memblock_add(0, (unsigned long)memory_page - CKSEG1 - CHUNK_SIZE);
}
/*
Reported by FlawFinder.
arch/powerpc/boot/treeboot-bamboo.c
4 issues
Line: 18
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define PIBS_MAC0 0xfffc0400
#define PIBS_MAC1 0xfffc0500
char pibs_mac0[6];
char pibs_mac1[6];
static void read_pibs_mac(void)
{
unsigned long long mac64;
Reported by FlawFinder.
Line: 19
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define PIBS_MAC0 0xfffc0400
#define PIBS_MAC1 0xfffc0500
char pibs_mac0[6];
char pibs_mac1[6];
static void read_pibs_mac(void)
{
unsigned long long mac64;
Reported by FlawFinder.
Line: 26
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned long long mac64;
mac64 = strtoull((char *)PIBS_MAC0, 0, 16);
memcpy(&pibs_mac0, (char *)&mac64+2, 6);
mac64 = strtoull((char *)PIBS_MAC1, 0, 16);
memcpy(&pibs_mac1, (char *)&mac64+2, 6);
}
Reported by FlawFinder.
Line: 29
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&pibs_mac0, (char *)&mac64+2, 6);
mac64 = strtoull((char *)PIBS_MAC1, 0, 16);
memcpy(&pibs_mac1, (char *)&mac64+2, 6);
}
void platform_init(void)
{
unsigned long end_of_ram = 0x8000000;
Reported by FlawFinder.