The following issues were found
drivers/infiniband/core/cma.c
23 issues
Line: 816
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rdma_restrack_add(&id_priv->res);
mutex_unlock(&lock);
addr = (struct sockaddr_ib *)cma_src_addr(id_priv);
memcpy(&addr->sib_addr, &sgid, sizeof(sgid));
cma_translate_ib(addr, &id_priv->id.route.addr.dev_addr);
return 0;
}
static void cma_id_get(struct rdma_id_private *id_priv)
Reported by FlawFinder.
Line: 1252
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (path) {
ib->sib_pkey = path->pkey;
ib->sib_flowinfo = path->flow_label;
memcpy(&ib->sib_addr, &path->sgid, 16);
ib->sib_sid = path->service_id;
ib->sib_scope_id = 0;
} else {
ib->sib_pkey = listen_ib->sib_pkey;
ib->sib_flowinfo = listen_ib->sib_flowinfo;
Reported by FlawFinder.
Line: 1270
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (path) {
ib->sib_pkey = path->pkey;
ib->sib_flowinfo = path->flow_label;
memcpy(&ib->sib_addr, &path->dgid, 16);
}
}
}
static void cma_save_ip4_info(struct sockaddr_in *src_addr,
Reported by FlawFinder.
Line: 2330
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
event.event = RDMA_CM_EVENT_DISCONNECTED;
break;
case IW_CM_EVENT_CONNECT_REPLY:
memcpy(cma_src_addr(id_priv), laddr,
rdma_addr_size(laddr));
memcpy(cma_dst_addr(id_priv), raddr,
rdma_addr_size(raddr));
switch (iw_event->status) {
case 0:
Reported by FlawFinder.
Line: 2332
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case IW_CM_EVENT_CONNECT_REPLY:
memcpy(cma_src_addr(id_priv), laddr,
rdma_addr_size(laddr));
memcpy(cma_dst_addr(id_priv), raddr,
rdma_addr_size(raddr));
switch (iw_event->status) {
case 0:
event.event = RDMA_CM_EVENT_ESTABLISHED;
event.param.conn.initiator_depth = iw_event->ird;
Reported by FlawFinder.
Line: 2428
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cm_id->context = conn_id;
cm_id->cm_handler = cma_iw_handler;
memcpy(cma_src_addr(conn_id), laddr, rdma_addr_size(laddr));
memcpy(cma_dst_addr(conn_id), raddr, rdma_addr_size(raddr));
ret = cma_cm_event_handler(conn_id, &event);
if (ret) {
/* User wants to destroy the CM ID */
Reported by FlawFinder.
Line: 2429
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cm_id->cm_handler = cma_iw_handler;
memcpy(cma_src_addr(conn_id), laddr, rdma_addr_size(laddr));
memcpy(cma_dst_addr(conn_id), raddr, rdma_addr_size(raddr));
ret = cma_cm_event_handler(conn_id, &event);
if (ret) {
/* User wants to destroy the CM ID */
conn_id->cm_id.iw = NULL;
Reported by FlawFinder.
Line: 2482
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
id->afonly = id_priv->afonly;
id_priv->cm_id.iw = id;
memcpy(&id_priv->cm_id.iw->local_addr, cma_src_addr(id_priv),
rdma_addr_size(cma_src_addr(id_priv)));
ret = iw_cm_listen(id_priv->cm_id.iw, backlog);
if (ret) {
Reported by FlawFinder.
Line: 2531
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return PTR_ERR(dev_id_priv);
dev_id_priv->state = RDMA_CM_ADDR_BOUND;
memcpy(cma_src_addr(dev_id_priv), cma_src_addr(id_priv),
rdma_addr_size(cma_src_addr(id_priv)));
_cma_attach_to_dev(dev_id_priv, cma_dev);
rdma_restrack_add(&dev_id_priv->res);
cma_id_get(id_priv);
Reported by FlawFinder.
Line: 3255
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* to cancel the cma listen operation correctly.
*/
addr = cma_src_addr(id_priv);
memcpy(&old_addr, addr, rdma_addr_size(addr));
memcpy(addr, src_addr, rdma_addr_size(src_addr));
if (!status && !id_priv->cma_dev) {
status = cma_acquire_dev_by_src_ip(id_priv);
if (status)
pr_debug_ratelimited("RDMA CM: ADDR_ERROR: failed to acquire device. status %d\n",
Reported by FlawFinder.
arch/um/drivers/mconsole_kern.c
23 issues
Line: 109
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
char version[256];
sprintf(version, "%s %s %s %s %s", utsname()->sysname,
utsname()->nodename, utsname()->release, utsname()->version,
utsname()->machine);
mconsole_reply(req, version, 0, 0);
}
Reported by FlawFinder.
Line: 107
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void mconsole_version(struct mc_request *req)
{
char version[256];
sprintf(version, "%s %s %s %s %s", utsname()->sysname,
utsname()->nodename, utsname()->release, utsname()->version,
utsname()->machine);
mconsole_reply(req, version, 0, 0);
Reported by FlawFinder.
Line: 384
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mem_get_config(char *name, char *str, int size, char **error_out)
{
char buf[sizeof("18446744073709551615")];
int len = 0;
sprintf(buf, "%ld", uml_physmem);
CONFIG_CHUNK(str, size, len, buf, 1);
Reported by FlawFinder.
Line: 387
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char buf[sizeof("18446744073709551615")];
int len = 0;
sprintf(buf, "%ld", uml_physmem);
CONFIG_CHUNK(str, size, len, buf, 1);
return len;
}
Reported by FlawFinder.
Line: 433
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char **),
struct mc_request *req, char *name)
{
char default_buf[CONFIG_BUF_SIZE], *error, *buf;
int n, size;
if (get_config == NULL) {
mconsole_reply(req, "No get_config routine defined", 1, 0);
return;
Reported by FlawFinder.
Line: 502
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mc_device *dev;
char *ptr = req->request.data, *err_msg = "";
char error[256];
int err, start, end, n;
ptr += strlen("remove");
ptr = skip_spaces(ptr);
dev = mconsole_find_dev(ptr);
Reported by FlawFinder.
Line: 522
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto out;
}
else if ((n < start) || (n > end)) {
sprintf(error, "Invalid device number - must be between "
"%d and %d", start, end);
err_msg = error;
goto out;
}
Reported by FlawFinder.
Line: 556
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static DEFINE_SPINLOCK(client_lock);
static LIST_HEAD(clients);
static char console_buf[MCONSOLE_MAX_DATA];
static void console_write(struct console *console, const char *string,
unsigned int len)
{
struct list_head *ele;
Reported by FlawFinder.
Line: 722
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* long to avoid size mismatch warnings from gcc */
long sock;
int err;
char file[UNIX_PATH_MAX];
mount_proc();
if (umid_file_name("mconsole", file, sizeof(file)))
return -1;
Reported by FlawFinder.
Line: 120
Column: 9
CWE codes:
126
int len;
char *ptr = req->request.data;
ptr += strlen("log ");
len = req->len - (ptr - req->request.data);
printk(KERN_WARNING "%.*s", len, ptr);
mconsole_reply(req, "", 0, 0);
}
Reported by FlawFinder.
drivers/parport/procfs.c
23 issues
Line: 54
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (dev = port->devices; dev ; dev = dev->next) {
if(dev == port->cad) {
len += sprintf(buffer, "%s\n", dev->name);
}
}
if(!len) {
len += sprintf(buffer, "%s\n", "none");
Reported by FlawFinder.
Line: 59
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
if(!len) {
len += sprintf(buffer, "%s\n", "none");
}
if (len > *lenp)
len = *lenp;
else
Reported by FlawFinder.
Line: 90
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
if ((str = info->class_name) != NULL)
len += sprintf (buffer + len, "CLASS:%s;\n", str);
if ((str = info->model) != NULL)
len += sprintf (buffer + len, "MODEL:%s;\n", str);
if ((str = info->mfr) != NULL)
Reported by FlawFinder.
Line: 93
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
len += sprintf (buffer + len, "CLASS:%s;\n", str);
if ((str = info->model) != NULL)
len += sprintf (buffer + len, "MODEL:%s;\n", str);
if ((str = info->mfr) != NULL)
len += sprintf (buffer + len, "MANUFACTURER:%s;\n", str);
if ((str = info->description) != NULL)
Reported by FlawFinder.
Line: 96
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
len += sprintf (buffer + len, "MODEL:%s;\n", str);
if ((str = info->mfr) != NULL)
len += sprintf (buffer + len, "MANUFACTURER:%s;\n", str);
if ((str = info->description) != NULL)
len += sprintf (buffer + len, "DESCRIPTION:%s;\n", str);
if ((str = info->cmdset) != NULL)
Reported by FlawFinder.
Line: 99
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
len += sprintf (buffer + len, "MANUFACTURER:%s;\n", str);
if ((str = info->description) != NULL)
len += sprintf (buffer + len, "DESCRIPTION:%s;\n", str);
if ((str = info->cmdset) != NULL)
len += sprintf (buffer + len, "COMMAND SET:%s;\n", str);
if (len > *lenp)
Reported by FlawFinder.
Line: 102
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
len += sprintf (buffer + len, "DESCRIPTION:%s;\n", str);
if ((str = info->cmdset) != NULL)
len += sprintf (buffer + len, "COMMAND SET:%s;\n", str);
if (len > *lenp)
len = *lenp;
else
*lenp = len;
Reported by FlawFinder.
Line: 216
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
#define printmode(x) \
do { \
if (port->modes & PARPORT_MODE_##x) \
len += sprintf(buffer + len, "%s%s", f++ ? "," : "", #x); \
} while (0)
int f = 0;
printmode(PCSPP);
printmode(TRISTATE);
printmode(COMPAT);
Reported by FlawFinder.
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *result, size_t *lenp, loff_t *ppos)
{
struct parport *port = (struct parport *)table->extra1;
char buffer[256];
struct pardevice *dev;
int len = 0;
if (write) /* can't happen anyway */
return -EACCES;
Reported by FlawFinder.
Line: 68
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*lenp = len;
*ppos += len;
memcpy(result, buffer, len);
return 0;
}
#ifdef CONFIG_PARPORT_1284
static int do_autoprobe(struct ctl_table *table, int write,
Reported by FlawFinder.
Documentation/sphinx/maintainers_include.py
23 issues
Line: 4
Column: 1
#!/usr/bin/env python
# SPDX-License-Identifier: GPL-2.0
# -*- coding: utf-8; mode: python -*-
# pylint: disable=R0903, C0330, R0914, R0912, E0401
u"""
maintainers-include
~~~~~~~~~~~~~~~~~~~
Reported by Pylint.
Line: 190
Column: 13
try:
self.state.document.settings.record_dependencies.add(path)
lines = self.parse_maintainers(path)
except IOError as error:
raise self.severe('Problems with "%s" directive path:\n%s.' %
(self.name, ErrorString(error)))
return []
Reported by Pylint.
Line: 20
Column: 1
effort to avoid needing to heavily mark up the original plain text.
"""
import sys
import re
import os.path
from docutils import statemachine
from docutils.utils.error_reporting import ErrorString
Reported by Pylint.
Line: 26
Column: 1
from docutils import statemachine
from docutils.utils.error_reporting import ErrorString
from docutils.parsers.rst import Directive
from docutils.parsers.rst.directives.misc import Include
__version__ = '1.0'
def setup(app):
Reported by Pylint.
Line: 80
Column: 21
line = line.rstrip()
# Linkify all non-wildcard refs to ReST files in Documentation/.
pat = '(Documentation/([^\s\?\*]*)\.rst)'
m = re.search(pat, line)
if m:
# maintainers.rst is in a subdirectory, so include "../".
line = re.sub(pat, ':doc:`%s <../%s>`' % (m.group(2), m.group(2)), line)
Reported by Pylint.
Line: 80
Column: 28
line = line.rstrip()
# Linkify all non-wildcard refs to ReST files in Documentation/.
pat = '(Documentation/([^\s\?\*]*)\.rst)'
m = re.search(pat, line)
if m:
# maintainers.rst is in a subdirectory, so include "../".
line = re.sub(pat, ':doc:`%s <../%s>`' % (m.group(2), m.group(2)), line)
Reported by Pylint.
Line: 80
Column: 19
line = line.rstrip()
# Linkify all non-wildcard refs to ReST files in Documentation/.
pat = '(Documentation/([^\s\?\*]*)\.rst)'
m = re.search(pat, line)
if m:
# maintainers.rst is in a subdirectory, so include "../".
line = re.sub(pat, ':doc:`%s <../%s>`' % (m.group(2), m.group(2)), line)
Reported by Pylint.
Line: 80
Column: 23
line = line.rstrip()
# Linkify all non-wildcard refs to ReST files in Documentation/.
pat = '(Documentation/([^\s\?\*]*)\.rst)'
m = re.search(pat, line)
if m:
# maintainers.rst is in a subdirectory, so include "../".
line = re.sub(pat, ':doc:`%s <../%s>`' % (m.group(2), m.group(2)), line)
Reported by Pylint.
Line: 93
Column: 4
output = "| %s" % (line.replace("\\", "\\\\"))
# Look for and record field letter to field name mappings:
# R: Designated *reviewer*: FullName <address@domain>
m = re.search("\s(\S):\s", line)
if m:
field_letter = m.group(1)
if field_letter and not field_letter in fields:
m = re.search("\*([^\*]+)\*", line)
if m:
Reported by Pylint.
Line: 93
Column: 1
output = "| %s" % (line.replace("\\", "\\\\"))
# Look for and record field letter to field name mappings:
# R: Designated *reviewer*: FullName <address@domain>
m = re.search("\s(\S):\s", line)
if m:
field_letter = m.group(1)
if field_letter and not field_letter in fields:
m = re.search("\*([^\*]+)\*", line)
if m:
Reported by Pylint.
tools/testing/selftests/bpf/progs/test_xdp_noinline.c
23 issues
Line: 211
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} ctl_array SEC(".maps");
struct eth_hdr {
unsigned char eth_dest[6];
unsigned char eth_source[6];
unsigned short eth_proto;
};
static __noinline __u64 calc_offset(bool is_ipv6, bool is_icmp)
Reported by FlawFinder.
Line: 212
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct eth_hdr {
unsigned char eth_dest[6];
unsigned char eth_source[6];
unsigned short eth_proto;
};
static __noinline __u64 calc_offset(bool is_ipv6, bool is_icmp)
{
Reported by FlawFinder.
Line: 299
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (new_eth + 1 > data_end ||
old_eth + 1 > data_end || ip6h + 1 > data_end)
return 0;
memcpy(new_eth->eth_dest, cval->mac, 6);
memcpy(new_eth->eth_source, old_eth->eth_dest, 6);
new_eth->eth_proto = 56710;
ip6h->version = 6;
ip6h->priority = 0;
memset(ip6h->flow_lbl, 0, sizeof(ip6h->flow_lbl));
Reported by FlawFinder.
Line: 300
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
old_eth + 1 > data_end || ip6h + 1 > data_end)
return 0;
memcpy(new_eth->eth_dest, cval->mac, 6);
memcpy(new_eth->eth_source, old_eth->eth_dest, 6);
new_eth->eth_proto = 56710;
ip6h->version = 6;
ip6h->priority = 0;
memset(ip6h->flow_lbl, 0, sizeof(ip6h->flow_lbl));
Reported by FlawFinder.
Line: 316
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ip6h->saddr.in6_u.u6_addr32[1] = 2;
ip6h->saddr.in6_u.u6_addr32[2] = 3;
ip6h->saddr.in6_u.u6_addr32[3] = ip_suffix;
memcpy(ip6h->daddr.in6_u.u6_addr32, dst->dstv6, 16);
return 1;
}
static __attribute__ ((noinline))
bool encap_v4(struct xdp_md *xdp, struct ctl_value *cval,
Reported by FlawFinder.
Line: 347
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (new_eth + 1 > data_end ||
old_eth + 1 > data_end || iph + 1 > data_end)
return 0;
memcpy(new_eth->eth_dest, cval->mac, 6);
memcpy(new_eth->eth_source, old_eth->eth_dest, 6);
new_eth->eth_proto = 8;
iph->version = 4;
iph->ihl = 5;
iph->frag_off = 0;
Reported by FlawFinder.
Line: 348
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
old_eth + 1 > data_end || iph + 1 > data_end)
return 0;
memcpy(new_eth->eth_dest, cval->mac, 6);
memcpy(new_eth->eth_source, old_eth->eth_dest, 6);
new_eth->eth_proto = 8;
iph->version = 4;
iph->ihl = 5;
iph->frag_off = 0;
iph->protocol = IPPROTO_IPIP;
Reported by FlawFinder.
Line: 382
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
old_eth = *data;
new_eth = *data + sizeof(struct ipv6hdr);
memcpy(new_eth->eth_source, old_eth->eth_source, 6);
memcpy(new_eth->eth_dest, old_eth->eth_dest, 6);
if (inner_v4)
new_eth->eth_proto = 8;
else
new_eth->eth_proto = 56710;
Reported by FlawFinder.
Line: 383
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
old_eth = *data;
new_eth = *data + sizeof(struct ipv6hdr);
memcpy(new_eth->eth_source, old_eth->eth_source, 6);
memcpy(new_eth->eth_dest, old_eth->eth_dest, 6);
if (inner_v4)
new_eth->eth_proto = 8;
else
new_eth->eth_proto = 56710;
if (bpf_xdp_adjust_head(xdp, (int)sizeof(struct ipv6hdr)))
Reported by FlawFinder.
Line: 403
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
old_eth = *data;
new_eth = *data + sizeof(struct iphdr);
memcpy(new_eth->eth_source, old_eth->eth_source, 6);
memcpy(new_eth->eth_dest, old_eth->eth_dest, 6);
new_eth->eth_proto = 8;
if (bpf_xdp_adjust_head(xdp, (int)sizeof(struct iphdr)))
return 0;
*data = (void *)(long)xdp->data;
Reported by FlawFinder.
fs/cifs/sess.c
23 issues
Line: 215
Column: 2
CWE codes:
134
Suggestion:
Make format string constant
/* UNC and paths */
/* XXX: Use ses->server->hostname? */
sprintf(unc, unc_fmt, ses->ip_addr);
ctx.UNC = unc;
ctx.prepath = "";
/* Reuse same version as master connection */
ctx.vals = ses->server->vals;
Reported by FlawFinder.
Line: 457
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(bcc_ptr, "Linux version ");
bcc_ptr += strlen("Linux version ");
strcpy(bcc_ptr, init_utsname()->release);
bcc_ptr += strlen(init_utsname()->release) + 1;
strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
Reported by FlawFinder.
Line: 460
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(bcc_ptr, init_utsname()->release);
bcc_ptr += strlen(init_utsname()->release) + 1;
strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
*pbcc_area = bcc_ptr;
}
Reported by FlawFinder.
Line: 175
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cifs_chan *chan;
struct smb3_fs_context ctx = {NULL};
static const char unc_fmt[] = "\\%s\\foo";
char unc[sizeof(unc_fmt)+SERVER_NAME_LEN_WITH_NULL] = {0};
struct sockaddr_in *ipv4 = (struct sockaddr_in *)&iface->sockaddr;
struct sockaddr_in6 *ipv6 = (struct sockaddr_in6 *)&iface->sockaddr;
int rc;
unsigned int xid = get_xid();
Reported by FlawFinder.
Line: 237
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Use RDMA if possible */
ctx.rdma = iface->rdma_capable;
memcpy(&ctx.dstaddr, &iface->sockaddr, sizeof(struct sockaddr_storage));
/* reuse master con client guid */
memcpy(&ctx.client_guid, ses->server->client_guid,
SMB2_CLIENT_GUID_SIZE);
ctx.use_client_guid = true;
Reported by FlawFinder.
Line: 240
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&ctx.dstaddr, &iface->sockaddr, sizeof(struct sockaddr_storage));
/* reuse master con client guid */
memcpy(&ctx.client_guid, ses->server->client_guid,
SMB2_CLIENT_GUID_SIZE);
ctx.use_client_guid = true;
mutex_lock(&ses->session_mutex);
Reported by FlawFinder.
Line: 455
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* BB check for overflow here */
strcpy(bcc_ptr, "Linux version ");
bcc_ptr += strlen("Linux version ");
strcpy(bcc_ptr, init_utsname()->release);
bcc_ptr += strlen(init_utsname()->release) + 1;
strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
Reported by FlawFinder.
Line: 517
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ses->serverOS = kmalloc(len + 1, GFP_KERNEL);
if (ses->serverOS) {
memcpy(ses->serverOS, bcc_ptr, len);
ses->serverOS[len] = 0;
if (strncmp(ses->serverOS, "OS/2", 4) == 0)
cifs_dbg(FYI, "OS/2 server\n");
}
Reported by FlawFinder.
Line: 534
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ses->serverNOS = kmalloc(len + 1, GFP_KERNEL);
if (ses->serverNOS) {
memcpy(ses->serverNOS, bcc_ptr, len);
ses->serverNOS[len] = 0;
}
bcc_ptr += len + 1;
bleft -= len + 1;
Reported by FlawFinder.
Line: 577
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
}
memcpy(ses->ntlmssp->cryptkey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE);
/* BB we could decode pblob->NegotiateFlags; some may be useful */
/* In particular we can examine sign flags */
/* BB spec says that if AvId field of MsvAvTimestamp is populated then
we must set the MIC field of the AUTHENTICATE_MESSAGE */
ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags);
Reported by FlawFinder.
Documentation/sphinx/kfigure.py
23 issues
Line: 52
Column: 1
from os import path
import subprocess
from hashlib import sha1
from docutils import nodes
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives
from docutils.parsers.rst.directives import images
import sphinx
from sphinx.util.nodes import clean_astext
Reported by Pylint.
Line: 53
Column: 1
import subprocess
from hashlib import sha1
from docutils import nodes
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives
from docutils.parsers.rst.directives import images
import sphinx
from sphinx.util.nodes import clean_astext
import kernellog
Reported by Pylint.
Line: 54
Column: 1
from hashlib import sha1
from docutils import nodes
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives
from docutils.parsers.rst.directives import images
import sphinx
from sphinx.util.nodes import clean_astext
import kernellog
Reported by Pylint.
Line: 55
Column: 1
from docutils import nodes
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives
from docutils.parsers.rst.directives import images
import sphinx
from sphinx.util.nodes import clean_astext
import kernellog
# Get Sphinx version
Reported by Pylint.
Line: 56
Column: 1
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives
from docutils.parsers.rst.directives import images
import sphinx
from sphinx.util.nodes import clean_astext
import kernellog
# Get Sphinx version
major, minor, patch = sphinx.version_info[:3]
Reported by Pylint.
Line: 57
Column: 1
from docutils.parsers.rst import directives
from docutils.parsers.rst.directives import images
import sphinx
from sphinx.util.nodes import clean_astext
import kernellog
# Get Sphinx version
major, minor, patch = sphinx.version_info[:3]
if major == 1 and minor > 3:
Reported by Pylint.
Line: 64
Column: 5
major, minor, patch = sphinx.version_info[:3]
if major == 1 and minor > 3:
# patches.Figure only landed in Sphinx 1.4
from sphinx.directives.patches import Figure # pylint: disable=C0413
else:
Figure = images.Figure
__version__ = '1.0.0'
Reported by Pylint.
Line: 336
Column: 5
class kernel_image(nodes.image):
"""Node for ``kernel-image`` directive."""
pass
class KernelImage(images.Image):
u"""KernelImage directive
Earns everything from ``.. image::`` directive, except *remote URI* and
Reported by Pylint.
Line: 427
Suggestion:
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b303-md5
code = literal_block.astext()
hashobj = code.encode('utf-8') # str(node.attributes)
fname = path.join('%s-%s' % (srclang, sha1(hashobj).hexdigest()))
tmp_fname = path.join(
self.builder.outdir, self.builder.imagedir, fname + tmp_ext)
if not path.isfile(tmp_fname):
Reported by Bandit.
Line: 448
Column: 5
class kernel_render(nodes.General, nodes.Inline, nodes.Element):
"""Node for ``kernel-render`` directive."""
pass
class KernelRender(Figure):
u"""KernelRender directive
Render content by external tool. Has all the options known from the
Reported by Pylint.
drivers/net/wireless/microchip/wilc1000/hif.c
23 issues
Line: 193
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < request->n_ssids; i++) {
*buffer++ = request->ssids[i].ssid_len;
memcpy(buffer, request->ssids[i].ssid,
request->ssids[i].ssid_len);
buffer += request->ssids[i].ssid_len;
}
wid_list[index].size = (s32)(valuesize + 1);
index++;
Reported by FlawFinder.
Line: 383
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ssid_elm = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len);
if (ssid_elm) {
if (ssid_elm[1] <= IEEE80211_MAX_SSID_LEN)
memcpy(param->ssid, ssid_elm + 2, ssid_elm[1]);
}
tim_elm = cfg80211_find_ie(WLAN_EID_TIM, ies->data, ies->len);
if (tim_elm && tim_elm[1] >= 2)
param->dtim_period = tim_elm[3];
Reported by FlawFinder.
Line: 399
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rates_len > WILC_MAX_RATES_SUPPORTED)
rates_len = WILC_MAX_RATES_SUPPORTED;
param->supp_rates[0] = rates_len;
memcpy(¶m->supp_rates[1], rates_ie + 2, rates_len);
}
if (rates_len < WILC_MAX_RATES_SUPPORTED) {
supp_rates_ie = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES,
ies->data, ies->len);
Reported by FlawFinder.
Line: 413
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
param->supp_rates[0] += ext_rates;
memcpy(¶m->supp_rates[rates_len + 1],
supp_rates_ie + 2,
(param->supp_rates[0] - rates_len));
}
}
Reported by FlawFinder.
Line: 477
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* extract RSN capabilities */
offset += (rsn_ie[offset] * 4) + 2;
offset += (rsn_ie[offset] * 4) + 2;
memcpy(param->rsn_cap, &rsn_ie[offset], 2);
}
if (param->rsn_found) {
int i;
Reported by FlawFinder.
Line: 800
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*cur_byte++ = params->supported_rates_len;
if (params->supported_rates_len > 0)
memcpy(cur_byte, params->supported_rates,
params->supported_rates_len);
cur_byte += params->supported_rates_len;
if (params->ht_capa) {
*cur_byte++ = true;
Reported by FlawFinder.
Line: 806
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (params->ht_capa) {
*cur_byte++ = true;
memcpy(cur_byte, params->ht_capa,
sizeof(struct ieee80211_ht_cap));
} else {
*cur_byte++ = false;
}
cur_byte += sizeof(struct ieee80211_ht_cap);
Reported by FlawFinder.
Line: 953
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cur_byte += 4;
if (set_mc->cnt > 0 && set_mc->mc_list)
memcpy(cur_byte, set_mc->mc_list, set_mc->cnt * ETH_ALEN);
result = wilc_send_config_pkt(vif, WILC_SET_CFG, &wid, 1);
if (result)
netdev_err(vif->ndev, "Failed to send setup multicast\n");
Reported by FlawFinder.
Line: 1069
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
wep_key->index = index;
wep_key->key_len = len;
memcpy(wep_key->key, key, len);
result = wilc_send_config_pkt(vif, WILC_SET_CFG, &wid, 1);
if (result)
netdev_err(vif->ndev,
"Failed to add wep key config packet\n");
Reported by FlawFinder.
Line: 1108
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
wep_key->index = index;
wep_key->key_len = len;
memcpy(wep_key->key, key, len);
result = wilc_send_config_pkt(vif, WILC_SET_CFG, wid_list,
ARRAY_SIZE(wid_list));
if (result)
netdev_err(vif->ndev,
"Failed to add wep ap key config packet\n");
Reported by FlawFinder.
fs/ceph/xattr.c
23 issues
Line: 128
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
char buf[96]; /* NB: reevaluate size if new vxattrs are added */
va_start(args, fmt);
ret = vsnprintf(buf, size ? sizeof(buf) : 0, fmt, args);
va_end(args);
/* Sanity check */
if (size && ret + 1 > sizeof(buf)) {
WARN_ONCE(true, "Returned length too big (%d)", ret);
Reported by FlawFinder.
Line: 66
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
s64 pool = ci->i_layout.pool_id;
const char *pool_name;
const char *ns_field = " pool_namespace=";
char buf[128];
size_t len, total_len = 0;
ssize_t ret;
pool_ns = ceph_try_get_string(ci->i_layout.pool_ns);
Reported by FlawFinder.
Line: 94
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = total_len;
if (size >= total_len) {
memcpy(val, buf, len);
ret = len;
if (pool_name) {
len = strlen(pool_name);
memcpy(val + ret, pool_name, len);
ret += len;
Reported by FlawFinder.
Line: 98
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = len;
if (pool_name) {
len = strlen(pool_name);
memcpy(val + ret, pool_name, len);
ret += len;
}
if (pool_ns) {
len = strlen(ns_field);
memcpy(val + ret, ns_field, len);
Reported by FlawFinder.
Line: 103
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (pool_ns) {
len = strlen(ns_field);
memcpy(val + ret, ns_field, len);
ret += len;
memcpy(val + ret, pool_ns->str, pool_ns->len);
ret += pool_ns->len;
}
}
Reported by FlawFinder.
Line: 105
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = strlen(ns_field);
memcpy(val + ret, ns_field, len);
ret += len;
memcpy(val + ret, pool_ns->str, pool_ns->len);
ret += pool_ns->len;
}
}
up_read(&osdc->lock);
ceph_put_string(pool_ns);
Reported by FlawFinder.
Line: 125
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret;
va_list args;
char buf[96]; /* NB: reevaluate size if new vxattrs are added */
va_start(args, fmt);
ret = vsnprintf(buf, size ? sizeof(buf) : 0, fmt, args);
va_end(args);
Reported by FlawFinder.
Line: 138
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (ret <= size)
memcpy(val, buf, ret);
return ret;
}
static ssize_t ceph_vxattrcb_layout_stripe_unit(struct ceph_inode_info *ci,
char *val, size_t size)
Reported by FlawFinder.
Line: 174
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (pool_name) {
ret = strlen(pool_name);
if (ret <= size)
memcpy(val, pool_name, ret);
} else {
ret = ceph_fmt_xattr(val, size, "%lld", pool);
}
up_read(&osdc->lock);
return ret;
Reported by FlawFinder.
Line: 191
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ns) {
ret = ns->len;
if (ret <= size)
memcpy(val, ns->str, ret);
ceph_put_string(ns);
}
return ret;
}
Reported by FlawFinder.
drivers/block/paride/pcd.c
23 issues
Line: 345
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
disk->major = major;
disk->first_minor = unit;
disk->minors = 1;
strcpy(disk->disk_name, cd->name); /* umm... */
disk->fops = &pcd_bdops;
disk->flags = GENHD_FL_BLOCK_EVENTS_ON_EXCL_WRITE;
disk->events = DISK_EVENT_MEDIA_CHANGE;
}
}
Reported by FlawFinder.
Line: 209
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct pcd_unit pcd[PCD_UNITS];
static char pcd_scratch[64];
static char pcd_buffer[2048]; /* raw block buffer */
static int pcd_bufblk = -1; /* block in buffer, in CD units,
-1 for nothing there. See also
pd_unit.
*/
Reported by FlawFinder.
Line: 210
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct pcd_unit pcd[PCD_UNITS];
static char pcd_scratch[64];
static char pcd_buffer[2048]; /* raw block buffer */
static int pcd_bufblk = -1; /* block in buffer, in CD units,
-1 for nothing there. See also
pd_unit.
*/
Reported by FlawFinder.
Line: 488
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void pcd_req_sense(struct pcd_unit *cd, char *fun)
{
char rs_cmd[12] = { 0x03, 0, 0, 0, 16, 0, 0, 0, 0, 0, 0, 0 };
char buf[16];
int r, c;
r = pcd_command(cd, rs_cmd, 16, "Request sense");
mdelay(1);
Reported by FlawFinder.
Line: 489
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void pcd_req_sense(struct pcd_unit *cd, char *fun)
{
char rs_cmd[12] = { 0x03, 0, 0, 0, 16, 0, 0, 0, 0, 0, 0, 0 };
char buf[16];
int r, c;
r = pcd_command(cd, rs_cmd, 16, "Request sense");
mdelay(1);
if (!r)
Reported by FlawFinder.
Line: 545
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pcd_lock_door(struct cdrom_device_info *cdi, int lock)
{
char un_cmd[12] = { 0x1e, 0, 0, 0, lock, 0, 0, 0, 0, 0, 0, 0 };
return pcd_atapi(cdi->handle, un_cmd, 0, pcd_scratch,
lock ? "lock door" : "unlock door");
}
Reported by FlawFinder.
Line: 553
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pcd_tray_move(struct cdrom_device_info *cdi, int position)
{
char ej_cmd[12] = { 0x1b, 0, 0, 0, 3 - position, 0, 0, 0, 0, 0, 0, 0 };
return pcd_atapi(cdi->handle, ej_cmd, 0, pcd_scratch,
position ? "eject" : "close tray");
}
Reported by FlawFinder.
Line: 603
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pcd_ready_wait(struct pcd_unit *cd, int tmo)
{
char tr_cmd[12] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
int k, p;
k = 0;
while (k < tmo) {
cd->last_sense = 0;
Reported by FlawFinder.
Line: 623
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pcd_drive_status(struct cdrom_device_info *cdi, int slot_nr)
{
char rc_cmd[12] = { 0x25, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
struct pcd_unit *cd = cdi->handle;
if (pcd_ready_wait(cd, PCD_READY_TMO))
return CDS_DRIVE_NOT_READY;
if (pcd_atapi(cd, rc_cmd, 8, pcd_scratch, DBMSG("check media")))
Reported by FlawFinder.
Line: 636
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pcd_identify(struct pcd_unit *cd, char *id)
{
int k, s;
char id_cmd[12] = { 0x12, 0, 0, 0, 36, 0, 0, 0, 0, 0, 0, 0 };
pcd_bufblk = -1;
s = pcd_atapi(cd, id_cmd, 36, pcd_buffer, "identify");
Reported by FlawFinder.