The following issues were found
drivers/crypto/ccp/ccp-crypto-aes-xts.c
4 issues
Line: 70
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
return ret;
memcpy(req->iv, rctx->iv, AES_BLOCK_SIZE);
return 0;
}
static int ccp_aes_xts_setkey(struct crypto_skcipher *tfm, const u8 *key,
Reported by FlawFinder.
Line: 91
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
switch (key_len) {
case AES_KEYSIZE_128 * 2:
memcpy(ctx->u.aes.key, key, key_len);
break;
case AES_KEYSIZE_256 * 2:
if (ccpversion > CCP_VERSION(3, 0))
memcpy(ctx->u.aes.key, key, key_len);
break;
Reported by FlawFinder.
Line: 95
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case AES_KEYSIZE_256 * 2:
if (ccpversion > CCP_VERSION(3, 0))
memcpy(ctx->u.aes.key, key, key_len);
break;
}
ctx->u.aes.key_len = key_len / 2;
sg_init_one(&ctx->u.aes.key_sg, ctx->u.aes.key, key_len);
Reported by FlawFinder.
Line: 164
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
}
memcpy(rctx->iv, req->iv, AES_BLOCK_SIZE);
sg_init_one(&rctx->iv_sg, rctx->iv, AES_BLOCK_SIZE);
memset(&rctx->cmd, 0, sizeof(rctx->cmd));
INIT_LIST_HEAD(&rctx->cmd.entry);
rctx->cmd.engine = CCP_ENGINE_XTS_AES_128;
Reported by FlawFinder.
drivers/crypto/ccp/ccp-crypto-sha.c
4 issues
Line: 50
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Update result area if supplied */
if (req->result && rctx->final)
memcpy(req->result, rctx->ctx, digest_size);
e_free:
sg_free_table(&rctx->data_sg);
return ret;
Reported by FlawFinder.
Line: 199
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ctx->u.sha.key_len) {
/* Buffer the HMAC key for first update */
memcpy(rctx->buf, ctx->u.sha.ipad, block_size);
rctx->buf_count = block_size;
}
return 0;
}
Reported by FlawFinder.
Line: 248
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(state.buf, rctx->buf, sizeof(state.buf));
/* 'out' may not be aligned so memcpy from local variable */
memcpy(out, &state, sizeof(state));
return 0;
}
static int ccp_sha_import(struct ahash_request *req, const void *in)
Reported by FlawFinder.
Line: 298
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
key_len = digest_size;
} else {
memcpy(ctx->u.sha.key, key, key_len);
}
for (i = 0; i < block_size; i++) {
ctx->u.sha.ipad[i] = ctx->u.sha.key[i] ^ HMAC_IPAD_VALUE;
ctx->u.sha.opad[i] = ctx->u.sha.key[i] ^ HMAC_OPAD_VALUE;
Reported by FlawFinder.
drivers/crypto/ccree/cc_cipher.c
4 issues
Line: 321
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
}
memcpy(&hki, key, keylen);
/* The real key len for crypto op is the size of the HW key
* referenced by the HW key slot, not the hardware key token
*/
keylen = hki.keylen;
Reported by FlawFinder.
Line: 472
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dma_sync_single_for_cpu(dev, ctx_p->user.key_dma_addr,
max_key_buf_size, DMA_TO_DEVICE);
memcpy(ctx_p->user.key, key, keylen);
if (ctx_p->cipher_mode == DRV_CIPHER_ESSIV) {
/* sha256 for key2 - use sw implementation */
int err;
Reported by FlawFinder.
Line: 870
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err != -EINPROGRESS) {
/* Not a BACKLOG notification */
cc_unmap_cipher_request(dev, req_ctx, ivsize, src, dst);
memcpy(req->iv, req_ctx->iv, ivsize);
kfree_sensitive(req_ctx->iv);
}
skcipher_request_complete(req, err);
}
Reported by FlawFinder.
Line: 1428
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
alg = &t_alg->skcipher_alg;
memcpy(alg, &tmpl->template_skcipher, sizeof(*alg));
snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s", tmpl->name);
snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
tmpl->driver_name);
alg->base.cra_module = THIS_MODULE;
Reported by FlawFinder.
drivers/crypto/hisilicon/hpre/hpre_main.c
4 issues
Line: 209
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{"INT_STATUS ", HPRE_INT_STATUS},
};
static const char *hpre_dfx_files[HPRE_DFX_FILE_NUM] = {
"send_cnt",
"recv_cnt",
"send_fail_cnt",
"send_busy_cnt",
"over_thrhld_cnt",
Reported by FlawFinder.
Line: 598
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *pos)
{
struct hpre_debugfs_file *file = filp->private_data;
char tbuf[HPRE_DBGFS_VAL_MAX_LEN];
u32 val;
int ret;
spin_lock_irq(&file->lock);
switch (file->type) {
Reported by FlawFinder.
Line: 623
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *pos)
{
struct hpre_debugfs_file *file = filp->private_data;
char tbuf[HPRE_DBGFS_VAL_MAX_LEN];
unsigned long val;
int len, ret;
if (*pos != 0)
return 0;
Reported by FlawFinder.
Line: 749
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
u8 clusters_num = hpre_cluster_num(qm);
struct device *dev = &qm->pdev->dev;
char buf[HPRE_DBGFS_VAL_MAX_LEN];
struct debugfs_regset32 *regset;
struct dentry *tmp_d;
int i, ret;
for (i = 0; i < clusters_num; i++) {
Reported by FlawFinder.
drivers/crypto/hisilicon/trng/trng.c
4 issues
Line: 141
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data[i] = readl(trng->base + SW_DRBG_DATA(i));
if (dlen - currsize >= SW_DRBG_BYTES) {
memcpy(dstn + currsize, data, SW_DRBG_BYTES);
currsize += SW_DRBG_BYTES;
} else {
memcpy(dstn + currsize, data, dlen - currsize);
currsize = dlen;
}
Reported by FlawFinder.
Line: 144
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dstn + currsize, data, SW_DRBG_BYTES);
currsize += SW_DRBG_BYTES;
} else {
memcpy(dstn + currsize, data, dlen - currsize);
currsize = dlen;
}
writel(0x1, trng->base + SW_DRBG_GEN);
} while (currsize < dlen);
Reported by FlawFinder.
Line: 199
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return currsize;
if (max - currsize >= HISI_TRNG_BYTES) {
memcpy(buf + currsize, &val, HISI_TRNG_BYTES);
currsize += HISI_TRNG_BYTES;
if (currsize == max)
return currsize;
continue;
}
Reported by FlawFinder.
Line: 207
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* copy remaining bytes */
memcpy(buf + currsize, &val, max - currsize);
currsize = max;
} while (currsize < max);
return currsize;
}
Reported by FlawFinder.
drivers/crypto/inside-secure/safexcel_ring.c
4 issues
Line: 126
Column: 20
CWE codes:
120
20
void *safexcel_ring_next_rptr(struct safexcel_crypto_priv *priv,
struct safexcel_desc_ring *ring)
{
void *ptr = ring->read;
if (ring->write == ring->read)
return ERR_PTR(-ENOENT);
if (ring->read == ring->base_end)
Reported by FlawFinder.
Line: 144
Column: 14
CWE codes:
120
20
{
struct safexcel_desc_ring *rdr = &priv->ring[ring].rdr;
return rdr->read;
}
inline int safexcel_ring_first_rdr_index(struct safexcel_crypto_priv *priv,
int ring)
{
Reported by FlawFinder.
Line: 167
Column: 27
CWE codes:
120
20
void safexcel_ring_rollback_wptr(struct safexcel_crypto_priv *priv,
struct safexcel_desc_ring *ring)
{
if (ring->write == ring->read)
return;
if (ring->write == ring->base) {
ring->write = ring->base_end;
ring->shwrite = ring->shbase_end;
Reported by FlawFinder.
drivers/crypto/omap-aes.c
4 issues
Line: 588
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_debug("enter, keylen: %d\n", keylen);
memcpy(ctx->key, key, keylen);
ctx->keylen = keylen;
crypto_skcipher_clear_flags(ctx->fallback, CRYPTO_TFM_REQ_MASK);
crypto_skcipher_set_flags(ctx->fallback, tfm->base.crt_flags &
CRYPTO_TFM_REQ_MASK);
Reported by FlawFinder.
Line: 1010
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err = -ENODEV;
goto err;
}
memcpy(res, r, sizeof(*res));
/* Only OMAP2/3 can be non-DT */
dd->pdata = &omap_aes_pdata_omap2;
err:
Reported by FlawFinder.
Line: 1022
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t fallback_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "%d\n", aes_fallback_sz);
}
static ssize_t fallback_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t size)
{
Reported by FlawFinder.
Line: 1051
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct omap_aes_dev *dd = dev_get_drvdata(dev);
return sprintf(buf, "%d\n", dd->engine->queue.max_qlen);
}
static ssize_t queue_len_store(struct device *dev,
struct device_attribute *attr, const char *buf,
size_t size)
Reported by FlawFinder.
drivers/crypto/stm32/stm32-hash.c
4 issues
Line: 785
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!req->result)
return -EINVAL;
memcpy(req->result, rctx->digest, rctx->digcnt);
return 0;
}
static void stm32_hash_finish_req(struct ahash_request *req, int err)
Reported by FlawFinder.
Line: 985
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pm_runtime_mark_last_busy(hdev->dev);
pm_runtime_put_autosuspend(hdev->dev);
memcpy(out, rctx, sizeof(*rctx));
return 0;
}
static int stm32_hash_import(struct ahash_request *req, const void *in)
Reported by FlawFinder.
Line: 999
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u32 reg;
unsigned int i;
memcpy(rctx, in, sizeof(*rctx));
preg = rctx->hw_context;
pm_runtime_resume_and_get(hdev->dev);
Reported by FlawFinder.
Line: 1028
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct stm32_hash_ctx *ctx = crypto_ahash_ctx(tfm);
if (keylen <= HASH_MAX_KEY_SIZE) {
memcpy(ctx->key, key, keylen);
ctx->keylen = keylen;
} else {
return -ENOMEM;
}
Reported by FlawFinder.
drivers/cxl/pci.c
4 issues
Line: 652
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!cxl_mem_raw_command_allowed(send_cmd->raw.opcode))
return -EPERM;
memcpy(out_cmd, &temp, sizeof(temp));
return 0;
}
if (send_cmd->flags & ~CXL_MEM_COMMAND_FLAG_MASK)
Reported by FlawFinder.
Line: 682
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (info->size_out >= 0 && send_cmd->out.size < info->size_out)
return -ENOMEM;
memcpy(out_cmd, c, sizeof(*c));
out_cmd->info.size_in = send_cmd->in.size;
/*
* XXX: out_cmd->info.size_out will be controlled by the driver, and the
* specified number of bytes @send_cmd->out.size will be copied back out
* to userspace.
Reported by FlawFinder.
Line: 1545
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
/* See CXL 2.0 Table 175 Identify Memory Device Output Payload */
struct cxl_mbox_identify {
char fw_revision[0x10];
__le64 total_capacity;
__le64 volatile_capacity;
__le64 persistent_capacity;
__le64 partition_align;
__le16 info_event_log_size;
Reported by FlawFinder.
Line: 1579
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
le64_to_cpu(id.persistent_capacity) * SZ_256M - 1;
cxlm->lsa_size = le32_to_cpu(id.lsa_size);
memcpy(cxlm->firmware_version, id.fw_revision, sizeof(id.fw_revision));
return 0;
}
static int cxl_mem_probe(struct pci_dev *pdev, const struct pci_device_id *id)
Reported by FlawFinder.
drivers/dma-buf/sync_debug.c
4 issues
Line: 87
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (fence->ops->timeline_value_str &&
fence->ops->fence_value_str) {
char value[64];
bool success;
fence->ops->fence_value_str(fence, value, sizeof(value));
success = strlen(value);
Reported by FlawFinder.
Line: 124
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void sync_print_sync_file(struct seq_file *s,
struct sync_file *sync_file)
{
char buf[128];
int i;
seq_printf(s, "[%p] %s: %s\n", sync_file,
sync_file_get_name(sync_file, buf, sizeof(buf)),
sync_status_str(dma_fence_get_status(sync_file->fence)));
Reported by FlawFinder.
Line: 91
Column: 13
CWE codes:
126
bool success;
fence->ops->fence_value_str(fence, value, sizeof(value));
success = strlen(value);
if (success) {
seq_printf(s, ": %s", value);
fence->ops->timeline_value_str(fence, value,
Reported by FlawFinder.
Line: 99
Column: 8
CWE codes:
126
fence->ops->timeline_value_str(fence, value,
sizeof(value));
if (strlen(value))
seq_printf(s, " / %s", value);
}
}
seq_putc(s, '\n');
Reported by FlawFinder.