The following issues were found
drivers/acpi/acpica/utpredef.c
4 issues
Line: 130
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
/* If one of the expected types, concatenate the name of this type */
if (expected_btypes & this_rtype) {
strcat(buffer, &ut_rtype_names[i][j]);
j = 0; /* Use name separator from now on */
}
this_rtype <<= 1; /* Next Rtype */
}
Reported by FlawFinder.
Line: 321
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
return (arg_count);
}
strcat(buffer,
ut_external_type_names[this_argument_type] + sub_index);
sub_index = 0;
}
return (arg_count);
Reported by FlawFinder.
Line: 354
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
for (i = 0; i < NUM_RESOURCE_WIDTHS; i++) {
if (types & 1) {
strcat(buffer, &(ut_resource_type_names[i][sub_index]));
sub_index = 0;
found++;
}
types >>= 1;
Reported by FlawFinder.
Line: 117
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
u32 j;
if (!expected_btypes) {
strcpy(buffer, "NONE");
return;
}
j = 1;
buffer[0] = 0;
Reported by FlawFinder.
crypto/asymmetric_keys/x509_cert_parser.c
4 issues
Line: 163
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ctx->last_oid = look_up_OID(value, vlen);
if (ctx->last_oid == OID__NR) {
char buffer[50];
sprint_oid(value, vlen, buffer, sizeof(buffer));
pr_debug("Unknown OID: [%lu] %s\n",
(unsigned long)value - ctx->data, buffer);
}
return 0;
Reported by FlawFinder.
Line: 404
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!buffer)
return -ENOMEM;
memcpy(buffer,
data + ctx->o_offset, ctx->o_size);
buffer[ctx->o_size + 0] = ':';
buffer[ctx->o_size + 1] = ' ';
memcpy(buffer + ctx->o_size + 2,
data + ctx->cn_offset, ctx->cn_size);
Reported by FlawFinder.
Line: 408
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data + ctx->o_offset, ctx->o_size);
buffer[ctx->o_size + 0] = ':';
buffer[ctx->o_size + 1] = ' ';
memcpy(buffer + ctx->o_size + 2,
data + ctx->cn_offset, ctx->cn_size);
buffer[ctx->o_size + 2 + ctx->cn_size] = 0;
goto done;
} else if (ctx->cn_size) {
Reported by FlawFinder.
Line: 428
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buffer = kmalloc(namesize + 1, GFP_KERNEL);
if (!buffer)
return -ENOMEM;
memcpy(buffer, name, namesize);
buffer[namesize] = 0;
done:
*_name = buffer;
ctx->cn_size = 0;
Reported by FlawFinder.
crypto/cfb.c
4 issues
Line: 76
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst += bsize;
} while ((nbytes -= bsize) >= bsize);
memcpy(walk->iv, iv, bsize);
return nbytes;
}
static int crypto_cfb_encrypt_inplace(struct skcipher_walk *walk,
Reported by FlawFinder.
Line: 98
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src += bsize;
} while ((nbytes -= bsize) >= bsize);
memcpy(walk->iv, iv, bsize);
return nbytes;
}
static int crypto_cfb_encrypt(struct skcipher_request *req)
Reported by FlawFinder.
Line: 146
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst += bsize;
} while ((nbytes -= bsize) >= bsize);
memcpy(walk->iv, iv, bsize);
return nbytes;
}
static int crypto_cfb_decrypt_inplace(struct skcipher_walk *walk,
Reported by FlawFinder.
Line: 162
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
do {
crypto_cfb_encrypt_one(tfm, iv, tmp);
memcpy(iv, src, bsize);
crypto_xor(src, tmp, bsize);
src += bsize;
} while ((nbytes -= bsize) >= bsize);
return nbytes;
Reported by FlawFinder.
crypto/crypto_user_base.c
4 issues
Line: 51
Column: 7
CWE codes:
126
if ((q->cra_flags ^ p->cru_type) & p->cru_mask)
continue;
if (strlen(p->cru_driver_name))
match = !strcmp(q->cra_driver_name,
p->cru_driver_name);
else if (!exact)
match = !strcmp(q->cra_name, p->cru_name);
Reported by FlawFinder.
Line: 274
Column: 19
CWE codes:
126
if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
return -EINVAL;
if (priority && !strlen(p->cru_driver_name))
return -EINVAL;
alg = crypto_alg_match(p, 1);
if (!alg)
return -ENOENT;
Reported by FlawFinder.
Line: 349
Column: 6
CWE codes:
126
if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
return -EINVAL;
if (strlen(p->cru_driver_name))
exact = 1;
if (priority && !exact)
return -EINVAL;
Reported by FlawFinder.
Line: 361
Column: 6
CWE codes:
126
return -EEXIST;
}
if (strlen(p->cru_driver_name))
name = p->cru_driver_name;
else
name = p->cru_name;
alg = crypto_alg_mod_lookup(name, p->cru_type, p->cru_mask);
Reported by FlawFinder.
crypto/essiv.c
4 issues
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct crypto_skcipher_spawn skcipher_spawn;
struct crypto_aead_spawn aead_spawn;
} u;
char essiv_cipher_name[CRYPTO_MAX_ALG_NAME];
char shash_driver_name[CRYPTO_MAX_ALG_NAME];
};
struct essiv_tfm_ctx {
union {
Reported by FlawFinder.
Line: 47
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct crypto_aead_spawn aead_spawn;
} u;
char essiv_cipher_name[CRYPTO_MAX_ALG_NAME];
char shash_driver_name[CRYPTO_MAX_ALG_NAME];
};
struct essiv_tfm_ctx {
union {
struct crypto_skcipher *skcipher;
Reported by FlawFinder.
Line: 213
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (nents < 0)
return -EINVAL;
memcpy(iv, req->iv, ivsize);
sg_init_table(rctx->sg, 4);
if (unlikely(nents > 1)) {
/*
* This is a case that rarely occurs in practice, but
Reported by FlawFinder.
Line: 403
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len >= CRYPTO_MAX_ALG_NAME)
return false;
memcpy(essiv_cipher_name, p, len);
essiv_cipher_name[len] = '\0';
return true;
}
static bool essiv_supported_algorithms(const char *essiv_cipher_name,
Reported by FlawFinder.
crypto/md4.c
4 issues
Line: 160
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mctx->byte_count += len;
if (avail > len) {
memcpy((char *)mctx->block + (sizeof(mctx->block) - avail),
data, len);
return 0;
}
memcpy((char *)mctx->block + (sizeof(mctx->block) - avail),
Reported by FlawFinder.
Line: 165
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
}
memcpy((char *)mctx->block + (sizeof(mctx->block) - avail),
data, avail);
md4_transform_helper(mctx);
data += avail;
len -= avail;
Reported by FlawFinder.
Line: 179
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len -= sizeof(mctx->block);
}
memcpy(mctx->block, data, len);
return 0;
}
static int md4_final(struct shash_desc *desc, u8 *out)
Reported by FlawFinder.
Line: 206
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(u64)) / sizeof(u32));
md4_transform(mctx->hash, mctx->block);
cpu_to_le32_array(mctx->hash, ARRAY_SIZE(mctx->hash));
memcpy(out, mctx->hash, sizeof(mctx->hash));
memset(mctx, 0, sizeof(*mctx));
return 0;
}
Reported by FlawFinder.
crypto/sm2.c
4 issues
Line: 219
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sm2_z_digest_update(struct shash_desc *desc,
MPI m, unsigned int pbytes)
{
static const unsigned char zero[32];
unsigned char *in;
unsigned int inlen;
in = mpi_get_buffer(m, &inlen, NULL);
if (!in)
Reported by FlawFinder.
Line: 262
Column: 19
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
int sm2_compute_z_digest(struct crypto_akcipher *tfm,
const unsigned char *id, size_t id_len,
unsigned char dgst[SM3_DIGEST_SIZE])
{
struct mpi_ec_ctx *ec = akcipher_tfm_ctx(tfm);
uint16_t bits_len;
unsigned char entl[2];
Reported by FlawFinder.
Line: 263
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int sm2_compute_z_digest(struct crypto_akcipher *tfm,
const unsigned char *id, size_t id_len,
unsigned char dgst[SM3_DIGEST_SIZE])
{
struct mpi_ec_ctx *ec = akcipher_tfm_ctx(tfm);
uint16_t bits_len;
unsigned char entl[2];
SHASH_DESC_ON_STACK(desc, NULL);
Reported by FlawFinder.
Line: 267
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mpi_ec_ctx *ec = akcipher_tfm_ctx(tfm);
uint16_t bits_len;
unsigned char entl[2];
SHASH_DESC_ON_STACK(desc, NULL);
unsigned int pbytes;
if (id_len > (USHRT_MAX / 8) || !ec->Q)
return -EINVAL;
Reported by FlawFinder.
drivers/acpi/acpi_dbg.c
4 issues
Line: 53
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long users;
struct mutex lock;
struct task_struct *thread;
char out_buf[ACPI_AML_BUF_SIZE] __aligned(ACPI_AML_BUF_ALIGN);
struct circ_buf out_crc;
char in_buf[ACPI_AML_BUF_SIZE] __aligned(ACPI_AML_BUF_ALIGN);
struct circ_buf in_crc;
acpi_osd_exec_callback function;
void *context;
Reported by FlawFinder.
Line: 55
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct task_struct *thread;
char out_buf[ACPI_AML_BUF_SIZE] __aligned(ACPI_AML_BUF_ALIGN);
struct circ_buf out_crc;
char in_buf[ACPI_AML_BUF_SIZE] __aligned(ACPI_AML_BUF_ALIGN);
struct circ_buf in_crc;
acpi_osd_exec_callback function;
void *context;
unsigned long usages;
};
Reported by FlawFinder.
Line: 264
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
smp_mb();
p = &crc->buf[crc->head];
n = min(len, circ_space_to_end(crc));
memcpy(p, buf, n);
/* sync head after inserting logs */
smp_wmb();
crc->head = (crc->head + n) & (ACPI_AML_BUF_SIZE - 1);
acpi_aml_unlock_fifo(ACPI_AML_OUT_KERN, true);
return n;
Reported by FlawFinder.
Line: 308
Column: 11
CWE codes:
126
if (!acpi_aml_initialized)
return -ENODEV;
if (msg)
count = strlen(msg);
while (count > 0) {
again:
ret = acpi_aml_write_kern(msg + size, count);
if (ret == -EAGAIN) {
ret = wait_event_interruptible(acpi_aml_io.wait,
Reported by FlawFinder.
drivers/acpi/acpi_processor.c
4 issues
Line: 370
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
pr->handle = device->handle;
strcpy(acpi_device_name(device), ACPI_PROCESSOR_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_PROCESSOR_CLASS);
device->driver_data = pr;
result = acpi_processor_get_info(device);
if (result) /* Processor is not physically present or unavailable */
Reported by FlawFinder.
Line: 371
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pr->handle = device->handle;
strcpy(acpi_device_name(device), ACPI_PROCESSOR_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_PROCESSOR_CLASS);
device->driver_data = pr;
result = acpi_processor_get_info(device);
if (result) /* Processor is not physically present or unavailable */
return 0;
Reported by FlawFinder.
Line: 317
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* generated as the following format:
* CPU+CPU ID.
*/
sprintf(acpi_device_bid(device), "CPU%X", pr->id);
dev_dbg(&device->dev, "Processor [%d:%d]\n", pr->id, pr->acpi_id);
if (!object.processor.pblk_address)
dev_dbg(&device->dev, "No PBLK (NULL address)\n");
else if (object.processor.pblk_length != 6)
Reported by FlawFinder.
Line: 880
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
}
memcpy(&info->states[++last_index], &cx, sizeof(cx));
}
acpi_handle_info(handle, "Found %d idle states\n", last_index);
info->count = last_index;
Reported by FlawFinder.
drivers/acpi/acpica/dbtest.c
4 issues
Line: 905
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy the incoming user parameter */
memcpy(¶ms[1], value, sizeof(union acpi_object));
param_objects.count = 2;
param_objects.pointer = params;
acpi_gbl_method_executing = TRUE;
Reported by FlawFinder.
Line: 639
Column: 30
CWE codes:
126
/* Write a new value */
write_value.type = ACPI_TYPE_STRING;
write_value.string.length = strlen(value_to_write);
write_value.string.pointer = value_to_write;
status = acpi_db_write_to_object(node, &write_value);
if (ACPI_FAILURE(status)) {
goto exit;
Reported by FlawFinder.
Line: 661
Column: 30
CWE codes:
126
/* Write back the original value */
write_value.string.length = strlen(temp1->string.pointer);
write_value.string.pointer = temp1->string.pointer;
status = acpi_db_write_to_object(node, &write_value);
if (ACPI_FAILURE(status)) {
goto exit;
Reported by FlawFinder.
Line: 1047
Column: 9
CWE codes:
126
this_param->string.pointer =
"This is the default argument string";
this_param->string.length =
strlen(this_param->string.pointer);
break;
case ACPI_TYPE_BUFFER:
this_param->buffer.pointer = (u8 *)params; /* just a garbage buffer */
Reported by FlawFinder.