The following issues were found
tools/testing/selftests/nci/nci_dev.c
24 issues
Line: 181
CWE codes:
908
if (na->nla_type == CTRL_ATTR_FAMILY_ID)
id = *(__u16 *)NLA_DATA(na);
return id;
}
static int send_cmd_with_idx(int sd, __u16 nlmsg_type, __u32 nlmsg_pid,
__u8 genl_cmd, int dev_id)
{
Reported by Cppcheck.
Line: 145
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
char family_name[100];
nla_get_family_len = strlen(NFC_GENL_NAME) + 1;
strcpy(family_name, NFC_GENL_NAME);
nla_get_family_data = family_name;
return send_cmd_mt_nla(sd, GENL_ID_CTRL, pid, CTRL_CMD_GETFAMILY,
1, &nla_get_family_type,
&nla_get_family_data, &nla_get_family_len);
Reported by FlawFinder.
Line: 64
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct msgtemplate {
struct nlmsghdr n;
struct genlmsghdr g;
char buf[MAX_MSG_SIZE];
};
static int create_nl_socket(void)
{
int fd;
Reported by FlawFinder.
Line: 114
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
na->nla_len = nla_len[cnt] + NLA_HDRLEN;
if (nla_len > 0)
memcpy(NLA_DATA(na), nla_data[cnt], nla_len[cnt]);
msg.n.nlmsg_len += NLMSG_ALIGN(na->nla_len);
prv_len = na->nla_len;
}
Reported by FlawFinder.
Line: 142
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u16 nla_get_family_type = CTRL_ATTR_FAMILY_NAME;
void *nla_get_family_data;
int nla_get_family_len;
char family_name[100];
nla_get_family_len = strlen(NFC_GENL_NAME) + 1;
strcpy(family_name, NFC_GENL_NAME);
nla_get_family_data = family_name;
Reported by FlawFinder.
Line: 158
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
struct nlmsghdr n;
struct genlmsghdr g;
char buf[512];
} ans;
struct nlattr *na;
int rep_len;
__u16 id;
int rc;
Reported by FlawFinder.
Line: 267
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void *virtual_dev_open(void *data)
{
char buf[258];
int dev_fd;
int len;
dev_fd = *(int *)data;
Reported by FlawFinder.
Line: 310
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void *virtual_dev_open_v2(void *data)
{
char buf[258];
int dev_fd;
int len;
dev_fd = *(int *)data;
Reported by FlawFinder.
Line: 370
Column: 25
CWE codes:
362
self->fid = get_family_id(self->sd, self->pid);
ASSERT_NE(self->fid, -1);
self->virtual_nci_fd = open("/dev/virtual_nci", O_RDWR);
ASSERT_GT(self->virtual_nci_fd, -1);
rc = ioctl(self->virtual_nci_fd, IOCTL_GET_NCIDEV_IDX, &self->dev_idex);
ASSERT_EQ(rc, 0);
Reported by FlawFinder.
Line: 399
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void *virtual_deinit(void *data)
{
char buf[258];
int dev_fd;
int len;
dev_fd = *(int *)data;
Reported by FlawFinder.
drivers/cpufreq/cpufreq.c
24 issues
Line: 50
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define for_each_governor(__governor) \
list_for_each_entry(__governor, &cpufreq_governor_list, governor_list)
static char default_governor[CPUFREQ_NAME_LEN];
/*
* The "cpufreq driver" - the arch- or hardware-dependent low
* level driver of CPUFreq support, and its spinlock. This lock
* also protects the cpufreq_cpu_data array.
Reported by FlawFinder.
Line: 593
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t show_boost(struct kobject *kobj,
struct kobj_attribute *attr, char *buf)
{
return sprintf(buf, "%d\n", cpufreq_driver->boost_enabled);
}
static ssize_t store_boost(struct kobject *kobj, struct kobj_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 688
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t show_##file_name \
(struct cpufreq_policy *policy, char *buf) \
{ \
return sprintf(buf, "%u\n", policy->object); \
}
show_one(cpuinfo_min_freq, cpuinfo.min_freq);
show_one(cpuinfo_max_freq, cpuinfo.max_freq);
show_one(cpuinfo_transition_latency, cpuinfo.transition_latency);
Reported by FlawFinder.
Line: 709
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
freq = arch_freq_get_on_cpu(policy->cpu);
if (freq)
ret = sprintf(buf, "%u\n", freq);
else if (cpufreq_driver->setpolicy && cpufreq_driver->get)
ret = sprintf(buf, "%u\n", cpufreq_driver->get(policy->cpu));
else
ret = sprintf(buf, "%u\n", policy->cur);
return ret;
Reported by FlawFinder.
Line: 711
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (freq)
ret = sprintf(buf, "%u\n", freq);
else if (cpufreq_driver->setpolicy && cpufreq_driver->get)
ret = sprintf(buf, "%u\n", cpufreq_driver->get(policy->cpu));
else
ret = sprintf(buf, "%u\n", policy->cur);
return ret;
}
Reported by FlawFinder.
Line: 713
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else if (cpufreq_driver->setpolicy && cpufreq_driver->get)
ret = sprintf(buf, "%u\n", cpufreq_driver->get(policy->cpu));
else
ret = sprintf(buf, "%u\n", policy->cur);
return ret;
}
/*
* cpufreq_per_cpu_attr_write() / store_##file_name() - sysfs write access
Reported by FlawFinder.
Line: 747
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
unsigned int cur_freq = __cpufreq_get(policy);
if (cur_freq)
return sprintf(buf, "%u\n", cur_freq);
return sprintf(buf, "<unknown>\n");
}
/*
Reported by FlawFinder.
Line: 749
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (cur_freq)
return sprintf(buf, "%u\n", cur_freq);
return sprintf(buf, "<unknown>\n");
}
/*
* show_scaling_governor - show the current policy for the specified CPU
*/
Reported by FlawFinder.
Line: 758
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t show_scaling_governor(struct cpufreq_policy *policy, char *buf)
{
if (policy->policy == CPUFREQ_POLICY_POWERSAVE)
return sprintf(buf, "powersave\n");
else if (policy->policy == CPUFREQ_POLICY_PERFORMANCE)
return sprintf(buf, "performance\n");
else if (policy->governor)
return scnprintf(buf, CPUFREQ_NAME_PLEN, "%s\n",
policy->governor->name);
Reported by FlawFinder.
Line: 760
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (policy->policy == CPUFREQ_POLICY_POWERSAVE)
return sprintf(buf, "powersave\n");
else if (policy->policy == CPUFREQ_POLICY_PERFORMANCE)
return sprintf(buf, "performance\n");
else if (policy->governor)
return scnprintf(buf, CPUFREQ_NAME_PLEN, "%s\n",
policy->governor->name);
return -EINVAL;
}
Reported by FlawFinder.
drivers/staging/rtl8188eu/core/rtw_mlme.c
24 issues
Line: 247
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
__le16 val;
memcpy((u8 *)&val, rtw_get_capability_from_ie(bss->ies), 2);
return le16_to_cpu(val);
}
u8 *rtw_get_beacon_interval_from_ie(u8 *ie)
Reported by FlawFinder.
Line: 284
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u16 s_cap, d_cap;
__le16 le_scap, le_dcap;
memcpy((u8 *)&le_scap, rtw_get_capability_from_ie(src->ies), 2);
memcpy((u8 *)&le_dcap, rtw_get_capability_from_ie(dst->ies), 2);
s_cap = le16_to_cpu(le_scap);
d_cap = le16_to_cpu(le_dcap);
Reported by FlawFinder.
Line: 285
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__le16 le_scap, le_dcap;
memcpy((u8 *)&le_scap, rtw_get_capability_from_ie(src->ies), 2);
memcpy((u8 *)&le_dcap, rtw_get_capability_from_ie(dst->ies), 2);
s_cap = le16_to_cpu(le_scap);
d_cap = le16_to_cpu(le_dcap);
return ((src->ssid.ssid_length == dst->ssid.ssid_length) &&
Reported by FlawFinder.
Line: 353
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
if (update_ie)
memcpy((u8 *)dst, (u8 *)src, get_wlan_bssid_ex_sz(src));
dst->PhyInfo.SignalStrength = ss_final;
dst->PhyInfo.SignalQuality = sq_final;
dst->Rssi = rssi_final;
}
Reported by FlawFinder.
Line: 404
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rtw_hal_get_def_var(adapter, HAL_DEF_CURRENT_ANTENNA,
&target->PhyInfo.Optimum_antenna);
memcpy(&pnetwork->network, target,
get_wlan_bssid_ex_sz(target));
/* variable initialize */
pnetwork->fixed = false;
pnetwork->last_scanned = jiffies;
Reported by FlawFinder.
Line: 429
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
target->Length = bssid_ex_sz;
rtw_hal_get_def_var(adapter, HAL_DEF_CURRENT_ANTENNA,
&target->PhyInfo.Optimum_antenna);
memcpy(&pnetwork->network, target, bssid_ex_sz);
pnetwork->last_scanned = jiffies;
/* bss info not receiving from the right channel */
if (pnetwork->network.PhyInfo.SignalQuality == 101)
Reported by FlawFinder.
Line: 528
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!memcmp(&pmlmepriv->cur_network.network.MacAddress, pnetwork->MacAddress, ETH_ALEN)) {
struct wlan_network *ibss_wlan = NULL;
memcpy(pmlmepriv->cur_network.network.ies, pnetwork->ies, 8);
spin_lock_bh(&pmlmepriv->scanned_queue.lock);
ibss_wlan = rtw_find_network(&pmlmepriv->scanned_queue, pnetwork->MacAddress);
if (ibss_wlan) {
memcpy(ibss_wlan->network.ies, pnetwork->ies, 8);
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
Reported by FlawFinder.
Line: 532
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock_bh(&pmlmepriv->scanned_queue.lock);
ibss_wlan = rtw_find_network(&pmlmepriv->scanned_queue, pnetwork->MacAddress);
if (ibss_wlan) {
memcpy(ibss_wlan->network.ies, pnetwork->ies, 8);
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
goto exit;
}
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
}
Reported by FlawFinder.
Line: 584
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
_clr_fwstate_(pmlmepriv, _FW_UNDER_SURVEY);
memcpy(&pdev_network->ssid, &pmlmepriv->assoc_ssid, sizeof(struct ndis_802_11_ssid));
rtw_update_registrypriv_dev_network(adapter);
rtw_generate_random_ibss(pibss);
pmlmepriv->fw_state = WIFI_ADHOC_MASTER_STATE;
Reported by FlawFinder.
Line: 842
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct wlan_network *cur_network = &pmlmepriv->cur_network;
/* why not use ptarget_wlan?? */
memcpy(&cur_network->network, &pnetwork->network, pnetwork->network.Length);
/* some ies in pnetwork is wrong, so we should use ptarget_wlan ies */
cur_network->network.ie_length = ptarget_wlan->network.ie_length;
memcpy(&cur_network->network.ies[0], &ptarget_wlan->network.ies[0], MAX_IE_SZ);
cur_network->aid = pnetwork->join_res;
Reported by FlawFinder.
sound/pci/rme9652/hdsp.c
24 issues
Line: 4555
Column: 26
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (RPM != hdsp->io_type) {
hdsp->creg_spdif_stream = hdsp->creg_spdif;
hdsp->spdif_ctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE;
snd_ctl_notify(hdsp->card, SNDRV_CTL_EVENT_MASK_VALUE |
SNDRV_CTL_EVENT_MASK_INFO, &hdsp->spdif_ctl->id);
}
return 0;
}
Reported by FlawFinder.
Line: 4574
Column: 26
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
spin_unlock_irq(&hdsp->lock);
if (RPM != hdsp->io_type) {
hdsp->spdif_ctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE;
snd_ctl_notify(hdsp->card, SNDRV_CTL_EVENT_MASK_VALUE |
SNDRV_CTL_EVENT_MASK_INFO, &hdsp->spdif_ctl->id);
}
return 0;
}
Reported by FlawFinder.
Line: 5008
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
hdsp->pcm = pcm;
pcm->private_data = hdsp;
strcpy(pcm->name, hdsp->card_name);
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK, &snd_hdsp_playback_ops);
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_CAPTURE, &snd_hdsp_capture_ops);
pcm->info_flags = SNDRV_PCM_INFO_JOINT_DUPLEX;
Reported by FlawFinder.
Line: 5157
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!(hdsp->state & HDSP_InitializationComplete)) {
strcpy(card->shortname, "Hammerfall DSP");
sprintf(card->longname, "%s at 0x%lx, irq %d", hdsp->card_name,
hdsp->port, hdsp->irq);
err = snd_card_register(card);
if (err < 0) {
dev_err(card->dev,
Reported by FlawFinder.
Line: 5477
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto free_card;
strcpy(card->shortname, "Hammerfall DSP");
sprintf(card->longname, "%s at 0x%lx, irq %d", hdsp->card_name,
hdsp->port, hdsp->irq);
err = snd_card_register(card);
if (err) {
free_card:
snd_card_free(card);
Reported by FlawFinder.
Line: 35
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <asm/current.h>
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP; /* Enable this card */
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for RME Hammerfall DSP interface.");
module_param_array(id, charp, NULL, 0444);
Reported by FlawFinder.
Line: 502
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
where the data for that channel can be read/written from/to.
*/
static const char channel_map_df_ss[HDSP_MAX_CHANNELS] = {
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17,
18, 19, 20, 21, 22, 23, 24, 25
};
static const char channel_map_mf_ss[HDSP_MAX_CHANNELS] = { /* Multiface */
Reported by FlawFinder.
Line: 507
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
18, 19, 20, 21, 22, 23, 24, 25
};
static const char channel_map_mf_ss[HDSP_MAX_CHANNELS] = { /* Multiface */
/* Analog */
0, 1, 2, 3, 4, 5, 6, 7,
/* ADAT 2 */
16, 17, 18, 19, 20, 21, 22, 23,
/* SPDIF */
Reported by FlawFinder.
Line: 517
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
-1, -1, -1, -1, -1, -1, -1, -1
};
static const char channel_map_ds[HDSP_MAX_CHANNELS] = {
/* ADAT channels are remapped */
1, 3, 5, 7, 9, 11, 13, 15, 17, 19, 21, 23,
/* channels 12 and 13 are S/PDIF */
24, 25,
/* others don't exist */
Reported by FlawFinder.
Line: 526
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
};
static const char channel_map_H9632_ss[HDSP_MAX_CHANNELS] = {
/* ADAT channels */
0, 1, 2, 3, 4, 5, 6, 7,
/* SPDIF */
8, 9,
/* Analog */
Reported by FlawFinder.
drivers/platform/x86/wmi.c
24 issues
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static LIST_HEAD(wmi_block_list);
struct guid_block {
char guid[16];
union {
char object_id[2];
struct {
unsigned char notify_id;
unsigned char reserved;
Reported by FlawFinder.
Line: 44
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct guid_block {
char guid[16];
union {
char object_id[2];
struct {
unsigned char notify_id;
unsigned char reserved;
};
};
Reported by FlawFinder.
Line: 181
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static acpi_status wmi_method_enable(struct wmi_block *wblock, int enable)
{
struct guid_block *block = NULL;
char method[5];
acpi_status status;
acpi_handle handle;
block = &wblock->gblock;
handle = wblock->acpi_device->handle;
Reported by FlawFinder.
Line: 260
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
acpi_status status;
struct acpi_object_list input;
union acpi_object params[3];
char method[5] = "WM";
wblock = container_of(wdev, struct wmi_block, dev);
block = &wblock->gblock;
handle = wblock->acpi_device->handle;
Reported by FlawFinder.
Line: 307
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
acpi_status status, wc_status = AE_ERROR;
struct acpi_object_list input;
union acpi_object wq_params[1];
char method[5];
char wc_method[5] = "WC";
if (!out)
return AE_BAD_PARAMETER;
Reported by FlawFinder.
Line: 308
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct acpi_object_list input;
union acpi_object wq_params[1];
char method[5];
char wc_method[5] = "WC";
if (!out)
return AE_BAD_PARAMETER;
block = &wblock->gblock;
Reported by FlawFinder.
Line: 346
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
wc_status = acpi_execute_simple_method(handle, wc_method, 1);
}
strcpy(method, "WQ");
strncat(method, block->object_id, 2);
status = acpi_evaluate_object(handle, method, &input, out);
/*
Reported by FlawFinder.
Line: 413
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
acpi_handle handle;
struct acpi_object_list input;
union acpi_object params[2];
char method[5] = "WS";
if (!guid_string || !in)
return AE_BAD_DATA;
if (!find_guid(guid_string, &wblock))
Reported by FlawFinder.
Line: 680
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct wmi_block *wblock = dev_to_wblock(dev);
return sprintf(buf, "wmi:%pUL\n", wblock->gblock.guid);
}
static DEVICE_ATTR_RO(modalias);
static ssize_t guid_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 689
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct wmi_block *wblock = dev_to_wblock(dev);
return sprintf(buf, "%pUL\n", wblock->gblock.guid);
}
static DEVICE_ATTR_RO(guid);
static ssize_t instance_count_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
drivers/power/supply/bq2415x_charger.c
24 issues
Line: 1101
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct bq2415x_device *bq = power_supply_get_drvdata(psy);
if (bq->timer_error)
return sprintf(buf, "%s\n", bq->timer_error);
if (bq->autotimer)
return sprintf(buf, "auto\n");
return sprintf(buf, "off\n");
}
Reported by FlawFinder.
Line: 1062
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret = bq2415x_exec_command(bq, command);
if (ret < 0)
return ret;
return sprintf(buf, "%d\n", ret);
}
/*
* set timer entry:
* auto - enable auto mode
Reported by FlawFinder.
Line: 1104
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "%s\n", bq->timer_error);
if (bq->autotimer)
return sprintf(buf, "auto\n");
return sprintf(buf, "off\n");
}
/*
* set mode entry:
Reported by FlawFinder.
Line: 1105
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (bq->autotimer)
return sprintf(buf, "auto\n");
return sprintf(buf, "off\n");
}
/*
* set mode entry:
* auto - if automode is supported, enable it and set mode to reported
Reported by FlawFinder.
Line: 1178
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ssize_t ret = 0;
if (bq->automode > 0)
ret += sprintf(buf+ret, "auto (");
switch (bq->mode) {
case BQ2415X_MODE_OFF:
ret += sprintf(buf+ret, "off");
break;
Reported by FlawFinder.
Line: 1182
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
switch (bq->mode) {
case BQ2415X_MODE_OFF:
ret += sprintf(buf+ret, "off");
break;
case BQ2415X_MODE_NONE:
ret += sprintf(buf+ret, "none");
break;
case BQ2415X_MODE_HOST_CHARGER:
Reported by FlawFinder.
Line: 1185
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret += sprintf(buf+ret, "off");
break;
case BQ2415X_MODE_NONE:
ret += sprintf(buf+ret, "none");
break;
case BQ2415X_MODE_HOST_CHARGER:
ret += sprintf(buf+ret, "host");
break;
case BQ2415X_MODE_DEDICATED_CHARGER:
Reported by FlawFinder.
Line: 1188
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret += sprintf(buf+ret, "none");
break;
case BQ2415X_MODE_HOST_CHARGER:
ret += sprintf(buf+ret, "host");
break;
case BQ2415X_MODE_DEDICATED_CHARGER:
ret += sprintf(buf+ret, "dedicated");
break;
case BQ2415X_MODE_BOOST:
Reported by FlawFinder.
Line: 1191
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret += sprintf(buf+ret, "host");
break;
case BQ2415X_MODE_DEDICATED_CHARGER:
ret += sprintf(buf+ret, "dedicated");
break;
case BQ2415X_MODE_BOOST:
ret += sprintf(buf+ret, "boost");
break;
}
Reported by FlawFinder.
Line: 1194
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret += sprintf(buf+ret, "dedicated");
break;
case BQ2415X_MODE_BOOST:
ret += sprintf(buf+ret, "boost");
break;
}
if (bq->automode > 0)
ret += sprintf(buf+ret, ")");
Reported by FlawFinder.
fs/ecryptfs/crypto.c
24 issues
Line: 741
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
mount_crypt_stat);
ecryptfs_set_default_sizes(crypt_stat);
strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES;
crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID);
crypt_stat->file_version = ECRYPTFS_FILE_VERSION;
crypt_stat->mount_crypt_stat = mount_crypt_stat;
}
Reported by FlawFinder.
Line: 969
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
str[0] = '\0';
for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
if (cipher_code == ecryptfs_cipher_code_str_map[i].cipher_code)
strcpy(str, ecryptfs_cipher_code_str_map[i].cipher_str);
if (str[0] == '\0') {
ecryptfs_printk(KERN_WARNING, "Cipher code not recognized: "
"[%d]\n", cipher_code);
rc = -EINVAL;
}
Reported by FlawFinder.
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void ecryptfs_from_hex(char *dst, char *src, int dst_size)
{
int x;
char tmp[3] = { 0, };
for (x = 0; x < dst_size; x++) {
tmp[0] = src[x * 2];
tmp[1] = src[x * 2 + 1];
dst[x] = (unsigned char)simple_strtol(tmp, NULL, 16);
Reported by FlawFinder.
Line: 114
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
loff_t offset)
{
int rc = 0;
char dst[MD5_DIGEST_SIZE];
char src[ECRYPTFS_MAX_IV_BYTES + 16];
if (unlikely(ecryptfs_verbosity > 0)) {
ecryptfs_printk(KERN_DEBUG, "root iv:\n");
ecryptfs_dump_hex(crypt_stat->root_iv, crypt_stat->iv_bytes);
Reported by FlawFinder.
Line: 115
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int rc = 0;
char dst[MD5_DIGEST_SIZE];
char src[ECRYPTFS_MAX_IV_BYTES + 16];
if (unlikely(ecryptfs_verbosity > 0)) {
ecryptfs_printk(KERN_DEBUG, "root iv:\n");
ecryptfs_dump_hex(crypt_stat->root_iv, crypt_stat->iv_bytes);
}
Reported by FlawFinder.
Line: 125
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* significant bits of the root IV into an unsigned long and
* add the offset to that rather than go through all this
* hashing business. -Halcrow */
memcpy(src, crypt_stat->root_iv, crypt_stat->iv_bytes);
memset((src + crypt_stat->iv_bytes), 0, 16);
snprintf((src + crypt_stat->iv_bytes), 16, "%lld", offset);
if (unlikely(ecryptfs_verbosity > 0)) {
ecryptfs_printk(KERN_DEBUG, "source:\n");
ecryptfs_dump_hex(src, (crypt_stat->iv_bytes + 16));
Reported by FlawFinder.
Line: 139
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"MD5 while generating IV for a page\n");
goto out;
}
memcpy(iv, dst, crypt_stat->iv_bytes);
if (unlikely(ecryptfs_verbosity > 0)) {
ecryptfs_printk(KERN_DEBUG, "derived iv:\n");
ecryptfs_dump_hex(iv, crypt_stat->iv_bytes);
}
out:
Reported by FlawFinder.
Line: 381
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
pgoff_t page_index = op == ENCRYPT ? src_page->index : dst_page->index;
loff_t extent_base;
char extent_iv[ECRYPTFS_MAX_IV_BYTES];
struct scatterlist src_sg, dst_sg;
size_t extent_size = crypt_stat->extent_size;
int rc;
extent_base = (((loff_t)page_index) * (PAGE_SIZE / extent_size));
Reported by FlawFinder.
Line: 634
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat)
{
int rc = 0;
char dst[MD5_DIGEST_SIZE];
BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE);
BUG_ON(crypt_stat->iv_bytes <= 0);
if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
rc = -EINVAL;
Reported by FlawFinder.
Line: 651
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"MD5 while generating root IV\n");
goto out;
}
memcpy(crypt_stat->root_iv, dst, crypt_stat->iv_bytes);
out:
if (rc) {
memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes);
crypt_stat->flags |= ECRYPTFS_SECURITY_WARNING;
}
Reported by FlawFinder.
arch/s390/crypto/paes_s390.c
24 issues
Line: 81
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
h->version = 0x02; /* TOKVER_CLEAR_KEY */
h->keytype = (keylen - 8) >> 3;
h->len = keylen;
memcpy(kb->keybuf + sizeof(*h), key, keylen);
kb->keylen = sizeof(*h) + keylen;
kb->key = kb->keybuf;
break;
default:
/* other key material, let pkey handle this */
Reported by FlawFinder.
Line: 94
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!kb->key)
return -ENOMEM;
}
memcpy(kb->key, key, keylen);
kb->keylen = keylen;
break;
}
return 0;
Reported by FlawFinder.
Line: 153
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
spin_lock_bh(&ctx->pk_lock);
memcpy(&ctx->pk, &pkey, sizeof(pkey));
spin_unlock_bh(&ctx->pk_lock);
return 0;
}
Reported by FlawFinder.
Line: 226
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
spin_lock_bh(&ctx->pk_lock);
memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);
spin_unlock_bh(&ctx->pk_lock);
while ((nbytes = walk.nbytes) != 0) {
/* only use complete blocks */
n = nbytes & ~(AES_BLOCK_SIZE - 1);
Reported by FlawFinder.
Line: 240
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (__paes_convert_key(ctx))
return skcipher_walk_done(&walk, -EIO);
spin_lock_bh(&ctx->pk_lock);
memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);
spin_unlock_bh(&ctx->pk_lock);
}
}
return ret;
}
Reported by FlawFinder.
Line: 341
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
return ret;
memcpy(param.iv, walk.iv, AES_BLOCK_SIZE);
spin_lock_bh(&ctx->pk_lock);
memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);
spin_unlock_bh(&ctx->pk_lock);
while ((nbytes = walk.nbytes) != 0) {
Reported by FlawFinder.
Line: 343
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(param.iv, walk.iv, AES_BLOCK_SIZE);
spin_lock_bh(&ctx->pk_lock);
memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);
spin_unlock_bh(&ctx->pk_lock);
while ((nbytes = walk.nbytes) != 0) {
/* only use complete blocks */
n = nbytes & ~(AES_BLOCK_SIZE - 1);
Reported by FlawFinder.
Line: 352
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
k = cpacf_kmc(ctx->fc | modifier, ¶m,
walk.dst.virt.addr, walk.src.virt.addr, n);
if (k) {
memcpy(walk.iv, param.iv, AES_BLOCK_SIZE);
ret = skcipher_walk_done(&walk, nbytes - k);
}
if (k < n) {
if (__paes_convert_key(ctx))
return skcipher_walk_done(&walk, -EIO);
Reported by FlawFinder.
Line: 359
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (__paes_convert_key(ctx))
return skcipher_walk_done(&walk, -EIO);
spin_lock_bh(&ctx->pk_lock);
memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);
spin_unlock_bh(&ctx->pk_lock);
}
}
return ret;
}
Reported by FlawFinder.
Line: 422
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
spin_lock_bh(&ctx->pk_lock);
memcpy(&ctx->pk[0], &pkey0, sizeof(pkey0));
memcpy(&ctx->pk[1], &pkey1, sizeof(pkey1));
spin_unlock_bh(&ctx->pk_lock);
return 0;
}
Reported by FlawFinder.
drivers/usb/gadget/configfs.c
24 issues
Line: 118
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!str)
return -ENOMEM;
}
strcpy(str, s);
if (str[ret - 1] == '\n')
str[ret - 1] = '\0';
*s_copy = str;
return 0;
}
Reported by FlawFinder.
Line: 236
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_lock(&gi->lock);
udc_name = gi->composite.gadget_driver.udc_name;
ret = sprintf(page, "%s\n", udc_name ?: "");
mutex_unlock(&gi->lock);
return ret;
}
Reported by FlawFinder.
Line: 305
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
enum usb_device_speed speed = to_gadget_info(item)->composite.max_speed;
return sprintf(page, "%s\n", usb_speed_string(speed));
}
static ssize_t gadget_dev_desc_max_speed_store(struct config_item *item,
const char *page, size_t len)
{
Reported by FlawFinder.
Line: 51
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct usb_composite_dev cdev;
bool use_os_desc;
char b_vendor_code;
char qw_sign[OS_STRING_QW_SIGN_LEN];
spinlock_t spinlock;
bool unbind;
};
static inline struct gadget_info *to_gadget_info(struct config_item *item)
Reported by FlawFinder.
Line: 129
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t gadget_dev_desc_##__name##_show(struct config_item *item, \
char *page) \
{ \
return sprintf(page, "0x%02x\n", \
to_gadget_info(item)->cdev.desc.__name); \
}
#define GI_DEVICE_DESC_SIMPLE_R_u16(__name) \
static ssize_t gadget_dev_desc_##__name##_show(struct config_item *item, \
Reported by FlawFinder.
Line: 137
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t gadget_dev_desc_##__name##_show(struct config_item *item, \
char *page) \
{ \
return sprintf(page, "0x%04x\n", \
le16_to_cpup(&to_gadget_info(item)->cdev.desc.__name)); \
}
#define GI_DEVICE_DESC_SIMPLE_W_u8(_name) \
Reported by FlawFinder.
Line: 508
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t gadget_config_desc_MaxPower_show(struct config_item *item,
char *page)
{
return sprintf(page, "%u\n", to_config_usb_cfg(item)->c.MaxPower);
}
static ssize_t gadget_config_desc_MaxPower_store(struct config_item *item,
const char *page, size_t len)
{
Reported by FlawFinder.
Line: 528
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t gadget_config_desc_bmAttributes_show(struct config_item *item,
char *page)
{
return sprintf(page, "0x%02x\n",
to_config_usb_cfg(item)->c.bmAttributes);
}
static ssize_t gadget_config_desc_bmAttributes_store(struct config_item *item,
const char *page, size_t len)
Reported by FlawFinder.
Line: 583
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct gadget_info *gi;
struct usb_function_instance *fi;
char buf[MAX_NAME_LEN];
char *func_name;
char *instance_name;
int ret;
ret = snprintf(buf, MAX_NAME_LEN, "%s", name);
Reported by FlawFinder.
Line: 677
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct gadget_info *gi;
struct config_usb_cfg *cfg;
char buf[MAX_NAME_LEN];
char *num_str;
u8 num;
int ret;
gi = container_of(group, struct gadget_info, configs_group);
Reported by FlawFinder.
drivers/edac/edac_mc_sysfs.c
24 issues
Line: 177
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct csrow_info *csrow = to_csrow(dev);
return sprintf(data, "%s\n", edac_mem_types[csrow->channels[0]->dimm->mtype]);
}
static ssize_t csrow_dev_type_show(struct device *dev,
struct device_attribute *mattr, char *data)
{
Reported by FlawFinder.
Line: 185
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct csrow_info *csrow = to_csrow(dev);
return sprintf(data, "%s\n", dev_types[csrow->channels[0]->dimm->dtype]);
}
static ssize_t csrow_edac_mode_show(struct device *dev,
struct device_attribute *mattr,
char *data)
Reported by FlawFinder.
Line: 194
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct csrow_info *csrow = to_csrow(dev);
return sprintf(data, "%s\n", edac_caps[csrow->channels[0]->dimm->edac_mode]);
}
/* show/store functions for DIMM Label attributes */
static ssize_t channel_dimm_label_show(struct device *dev,
struct device_attribute *mattr,
Reported by FlawFinder.
Line: 533
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct dimm_info *dimm = to_dimm(dev);
return sprintf(data, "%s\n", edac_mem_types[dimm->mtype]);
}
static ssize_t dimmdev_dev_type_show(struct device *dev,
struct device_attribute *mattr, char *data)
{
Reported by FlawFinder.
Line: 541
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct dimm_info *dimm = to_dimm(dev);
return sprintf(data, "%s\n", dev_types[dimm->dtype]);
}
static ssize_t dimmdev_edac_mode_show(struct device *dev,
struct device_attribute *mattr,
char *data)
Reported by FlawFinder.
Line: 550
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct dimm_info *dimm = to_dimm(dev);
return sprintf(data, "%s\n", edac_caps[dimm->edac_mode]);
}
static ssize_t dimmdev_ce_count_show(struct device *dev,
struct device_attribute *mattr,
char *data)
Reported by FlawFinder.
Line: 792
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct mem_ctl_info *mci = to_mci(dev);
return sprintf(data, "%s\n", mci->ctl_name);
}
static ssize_t mci_size_mb_show(struct device *dev,
struct device_attribute *mattr,
char *data)
Reported by FlawFinder.
Line: 149
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct csrow_info *csrow = to_csrow(dev);
return sprintf(data, "%u\n", csrow->ue_count);
}
static ssize_t csrow_ce_count_show(struct device *dev,
struct device_attribute *mattr, char *data)
{
Reported by FlawFinder.
Line: 157
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct csrow_info *csrow = to_csrow(dev);
return sprintf(data, "%u\n", csrow->ce_count);
}
static ssize_t csrow_size_show(struct device *dev,
struct device_attribute *mattr, char *data)
{
Reported by FlawFinder.
Line: 169
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < csrow->nr_channels; i++)
nr_pages += csrow->channels[i]->dimm->nr_pages;
return sprintf(data, "%u\n", PAGES_TO_MiB(nr_pages));
}
static ssize_t csrow_mem_type_show(struct device *dev,
struct device_attribute *mattr, char *data)
{
Reported by FlawFinder.