The following issues were found
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
22 issues
Line: 1132
CWE codes:
562
};
if (bssid)
addr = vif->bss_conf.bssid;
if (enable)
ether_addr_copy(req.addr, addr);
return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MUAR_UPDATE), &req,
Reported by Cppcheck.
Line: 12
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "eeprom.h"
struct mt7915_patch_hdr {
char build_date[16];
char platform[4];
__be32 hw_sw_ver;
__be32 patch_ver;
__be16 checksum;
u16 reserved;
Reported by FlawFinder.
Line: 13
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mt7915_patch_hdr {
char build_date[16];
char platform[4];
__be32 hw_sw_ver;
__be32 patch_ver;
__be16 checksum;
u16 reserved;
struct {
Reported by FlawFinder.
Line: 51
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 format_ver;
u8 format_flag;
u8 reserved[2];
char fw_ver[10];
char build_date[15];
u32 crc;
} __packed;
struct mt7915_fw_region {
Reported by FlawFinder.
Line: 52
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 format_flag;
u8 reserved[2];
char fw_ver[10];
char build_date[15];
u32 crc;
} __packed;
struct mt7915_fw_region {
__le32 decomp_crc;
Reported by FlawFinder.
Line: 778
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u16 ntlv;
ptlv = skb_put(skb, len);
memcpy(ptlv, &tlv, sizeof(tlv));
ntlv = le16_to_cpu(ntlv_hdr->tlv_num);
ntlv_hdr->tlv_num = cpu_to_le16(ntlv + 1);
if (sta_hdr) {
Reported by FlawFinder.
Line: 808
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
};
ptlv = skb_put(skb, sub_len);
memcpy(ptlv, &tlv, sizeof(tlv));
le16_add_cpu(sub_ntlv, 1);
le16_add_cpu(len, sub_len);
return ptlv;
Reported by FlawFinder.
Line: 868
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bss->active = enable;
if (vif->type != NL80211_IFTYPE_MONITOR) {
memcpy(bss->bssid, vif->bss_conf.bssid, ETH_ALEN);
bss->bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int);
bss->dtim_period = vif->bss_conf.dtim_period;
bss->phy_mode = mt7915_get_phy_mode(vif, NULL);
} else {
memcpy(bss->bssid, phy->mt76->macaddr, ETH_ALEN);
Reported by FlawFinder.
Line: 873
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bss->dtim_period = vif->bss_conf.dtim_period;
bss->phy_mode = mt7915_get_phy_mode(vif, NULL);
} else {
memcpy(bss->bssid, phy->mt76->macaddr, ETH_ALEN);
}
return 0;
}
Reported by FlawFinder.
Line: 1214
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sec_key->cipher_id = MCU_CIPHER_AES_CCMP;
sec_key->key_id = bip->keyidx;
sec_key->key_len = 16;
memcpy(sec_key->key, bip->key, 16);
sec_key = &sec->key[1];
sec_key->cipher_id = MCU_CIPHER_BIP_CMAC_128;
sec_key->cipher_len = sizeof(*sec_key);
sec_key->key_len = 16;
Reported by FlawFinder.
drivers/net/wireless/ath/ath9k/common-spectral.c
22 issues
Line: 171
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fft_sample_20.tsf = __cpu_to_be64(tsf);
memcpy(fft_sample_20.data, sample_buf, SPECTRAL_HT20_NUM_BINS);
ath_dbg(common, SPECTRAL_SCAN, "FFT HT20 frame: max mag 0x%X,"
"max_mag_idx %i\n",
magnitude >> max_exp,
max_index);
Reported by FlawFinder.
Line: 310
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fft_sample_40.tsf = __cpu_to_be64(tsf);
memcpy(fft_sample_40.data, sample_buf, SPECTRAL_HT20_40_NUM_BINS);
ath_dbg(common, SPECTRAL_SCAN, "FFT HT20/40 frame: lower mag 0x%X,"
"lower_mag_idx %i, upper mag 0x%X,"
"upper_mag_idx %i\n",
lower_mag >> max_exp,
Reported by FlawFinder.
Line: 417
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (sample_bytes - sample_len) {
case -1:
/* First byte missing */
memcpy(&out[1], in,
sample_len - 1);
break;
case 0:
/* Length correct, nothing to do. */
memcpy(out, in, sample_len);
Reported by FlawFinder.
Line: 422
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 0:
/* Length correct, nothing to do. */
memcpy(out, in, sample_len);
break;
case 1:
/* MAC added 2 extra bytes AND first byte
* is missing.
*/
Reported by FlawFinder.
Line: 428
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* MAC added 2 extra bytes AND first byte
* is missing.
*/
memcpy(&out[1], in, 30);
out[31] = in[31];
memcpy(&out[32], &in[33],
sample_len - 32);
break;
case 2:
Reported by FlawFinder.
Line: 430
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
memcpy(&out[1], in, 30);
out[31] = in[31];
memcpy(&out[32], &in[33],
sample_len - 32);
break;
case 2:
/* MAC added 2 extra bytes at bin 30 and 32,
* remove them.
Reported by FlawFinder.
Line: 437
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* MAC added 2 extra bytes at bin 30 and 32,
* remove them.
*/
memcpy(out, in, 30);
out[30] = in[31];
memcpy(&out[31], &in[33],
sample_len - 31);
break;
default:
Reported by FlawFinder.
Line: 439
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
memcpy(out, in, 30);
out[30] = in[31];
memcpy(&out[31], &in[33],
sample_len - 31);
break;
default:
break;
}
Reported by FlawFinder.
Line: 795
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath_spec_scan_priv *spec_priv = file->private_data;
struct ath_common *common = ath9k_hw_common(spec_priv->ah);
char buf[32];
ssize_t len;
if (IS_ENABLED(CONFIG_ATH9K_TX99))
return -EOPNOTSUPP;
Reported by FlawFinder.
Line: 845
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath_spec_scan_priv *spec_priv = file->private_data;
char buf[32];
unsigned int len;
len = sprintf(buf, "%d\n", spec_priv->spec_config.short_repeat);
return simple_read_from_buffer(user_buf, count, ppos, buf, len);
}
Reported by FlawFinder.
drivers/input/joystick/tmdc.c
22 issues
Line: 298
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
for (i = 0; i < 4; i++)
port->btno[i] = model->btno[i];
snprintf(port->name, sizeof(port->name), model->name,
port->absc, (data[TMDC_BYTE_DEF] & 0xf) << 3, port->mode);
snprintf(port->phys, sizeof(port->phys), "%s/input%d", tmdc->gameport->phys, i);
port->dev = input_dev;
Reported by FlawFinder.
Line: 48
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define TMDC_ABS_HAT 4
#define TMDC_BTN 16
static const unsigned char tmdc_byte_a[16] = { 0, 1, 3, 4, 6, 7 };
static const unsigned char tmdc_byte_d[16] = { 2, 5, 8, 9 };
static const signed char tmdc_abs[TMDC_ABS] =
{ ABS_X, ABS_Y, ABS_RUDDER, ABS_THROTTLE, ABS_RX, ABS_RY, ABS_RZ };
static const signed char tmdc_abs_hat[TMDC_ABS_HAT] =
Reported by FlawFinder.
Line: 49
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define TMDC_BTN 16
static const unsigned char tmdc_byte_a[16] = { 0, 1, 3, 4, 6, 7 };
static const unsigned char tmdc_byte_d[16] = { 2, 5, 8, 9 };
static const signed char tmdc_abs[TMDC_ABS] =
{ ABS_X, ABS_Y, ABS_RUDDER, ABS_THROTTLE, ABS_RX, ABS_RY, ABS_RZ };
static const signed char tmdc_abs_hat[TMDC_ABS_HAT] =
{ ABS_HAT0X, ABS_HAT0Y, ABS_HAT1X, ABS_HAT1Y };
Reported by FlawFinder.
Line: 51
Column: 21
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const unsigned char tmdc_byte_a[16] = { 0, 1, 3, 4, 6, 7 };
static const unsigned char tmdc_byte_d[16] = { 2, 5, 8, 9 };
static const signed char tmdc_abs[TMDC_ABS] =
{ ABS_X, ABS_Y, ABS_RUDDER, ABS_THROTTLE, ABS_RX, ABS_RY, ABS_RZ };
static const signed char tmdc_abs_hat[TMDC_ABS_HAT] =
{ ABS_HAT0X, ABS_HAT0Y, ABS_HAT1X, ABS_HAT1Y };
static const signed char tmdc_abs_at[TMDC_ABS] =
{ ABS_X, ABS_Y, ABS_RUDDER, -1, ABS_THROTTLE };
Reported by FlawFinder.
Line: 53
Column: 21
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const signed char tmdc_abs[TMDC_ABS] =
{ ABS_X, ABS_Y, ABS_RUDDER, ABS_THROTTLE, ABS_RX, ABS_RY, ABS_RZ };
static const signed char tmdc_abs_hat[TMDC_ABS_HAT] =
{ ABS_HAT0X, ABS_HAT0Y, ABS_HAT1X, ABS_HAT1Y };
static const signed char tmdc_abs_at[TMDC_ABS] =
{ ABS_X, ABS_Y, ABS_RUDDER, -1, ABS_THROTTLE };
static const signed char tmdc_abs_fm[TMDC_ABS] =
{ ABS_RX, ABS_RY, ABS_X, ABS_Y };
Reported by FlawFinder.
Line: 55
Column: 21
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{ ABS_X, ABS_Y, ABS_RUDDER, ABS_THROTTLE, ABS_RX, ABS_RY, ABS_RZ };
static const signed char tmdc_abs_hat[TMDC_ABS_HAT] =
{ ABS_HAT0X, ABS_HAT0Y, ABS_HAT1X, ABS_HAT1Y };
static const signed char tmdc_abs_at[TMDC_ABS] =
{ ABS_X, ABS_Y, ABS_RUDDER, -1, ABS_THROTTLE };
static const signed char tmdc_abs_fm[TMDC_ABS] =
{ ABS_RX, ABS_RY, ABS_X, ABS_Y };
static const short tmdc_btn_pad[TMDC_BTN] =
Reported by FlawFinder.
Line: 57
Column: 21
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{ ABS_HAT0X, ABS_HAT0Y, ABS_HAT1X, ABS_HAT1Y };
static const signed char tmdc_abs_at[TMDC_ABS] =
{ ABS_X, ABS_Y, ABS_RUDDER, -1, ABS_THROTTLE };
static const signed char tmdc_abs_fm[TMDC_ABS] =
{ ABS_RX, ABS_RY, ABS_X, ABS_Y };
static const short tmdc_btn_pad[TMDC_BTN] =
{ BTN_A, BTN_B, BTN_C, BTN_X, BTN_Y, BTN_Z, BTN_START, BTN_SELECT, BTN_TL, BTN_TR };
static const short tmdc_btn_joy[TMDC_BTN] =
Reported by FlawFinder.
Line: 81
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *name;
char abs;
char hats;
char btnc[4];
char btno[4];
const signed char *axes;
const short *buttons;
} tmdc_models[] = {
{ 1, "ThrustMaster Millenium 3D Inceptor", 6, 2, { 4, 2 }, { 4, 6 }, tmdc_abs, tmdc_btn_joy },
Reported by FlawFinder.
Line: 82
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char abs;
char hats;
char btnc[4];
char btno[4];
const signed char *axes;
const short *buttons;
} tmdc_models[] = {
{ 1, "ThrustMaster Millenium 3D Inceptor", 6, 2, { 4, 2 }, { 4, 6 }, tmdc_abs, tmdc_btn_joy },
{ 3, "ThrustMaster Rage 3D Gamepad", 2, 0, { 8, 2 }, { 0, 0 }, tmdc_abs, tmdc_btn_pad },
Reported by FlawFinder.
Line: 97
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tmdc_port {
struct input_dev *dev;
char name[64];
char phys[32];
int mode;
const signed char *abs;
const short *btn;
unsigned char absc;
Reported by FlawFinder.
drivers/s390/net/qeth_l3_sys.c
22 issues
Line: 35
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
switch (route->type) {
case PRIMARY_ROUTER:
return sprintf(buf, "%s\n", "primary router");
case SECONDARY_ROUTER:
return sprintf(buf, "%s\n", "secondary router");
case MULTICAST_ROUTER:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "multicast router+");
Reported by FlawFinder.
Line: 37
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case PRIMARY_ROUTER:
return sprintf(buf, "%s\n", "primary router");
case SECONDARY_ROUTER:
return sprintf(buf, "%s\n", "secondary router");
case MULTICAST_ROUTER:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "multicast router+");
else
return sprintf(buf, "%s\n", "multicast router");
Reported by FlawFinder.
Line: 40
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "%s\n", "secondary router");
case MULTICAST_ROUTER:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "multicast router+");
else
return sprintf(buf, "%s\n", "multicast router");
case PRIMARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "primary connector+");
Reported by FlawFinder.
Line: 42
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "multicast router+");
else
return sprintf(buf, "%s\n", "multicast router");
case PRIMARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "primary connector+");
else
return sprintf(buf, "%s\n", "primary connector");
Reported by FlawFinder.
Line: 45
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "%s\n", "multicast router");
case PRIMARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "primary connector+");
else
return sprintf(buf, "%s\n", "primary connector");
case SECONDARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "secondary connector+");
Reported by FlawFinder.
Line: 47
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "primary connector+");
else
return sprintf(buf, "%s\n", "primary connector");
case SECONDARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "secondary connector+");
else
return sprintf(buf, "%s\n", "secondary connector");
Reported by FlawFinder.
Line: 50
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "%s\n", "primary connector");
case SECONDARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "secondary connector+");
else
return sprintf(buf, "%s\n", "secondary connector");
default:
return sprintf(buf, "%s\n", "no");
}
Reported by FlawFinder.
Line: 52
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "secondary connector+");
else
return sprintf(buf, "%s\n", "secondary connector");
default:
return sprintf(buf, "%s\n", "no");
}
}
Reported by FlawFinder.
Line: 54
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
return sprintf(buf, "%s\n", "secondary connector");
default:
return sprintf(buf, "%s\n", "no");
}
}
static ssize_t qeth_l3_dev_route4_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 203
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
memcpy(tmp_hsuid, card->options.hsuid, sizeof(tmp_hsuid));
EBCASC(tmp_hsuid, 8);
return sprintf(buf, "%s\n", tmp_hsuid);
}
static ssize_t qeth_l3_dev_hsuid_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
drivers/infiniband/ulp/srp/ib_srp.c
22 issues
Line: 890
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* recognized by the I/O Class they report.
*/
if (target->io_class == SRP_REV10_IB_IO_CLASS) {
memcpy(ipi, &target->sgid.global.interface_id, 8);
memcpy(ipi + 8, &target->initiator_ext, 8);
memcpy(tpi, &target->ioc_guid, 8);
memcpy(tpi + 8, &target->id_ext, 8);
} else {
memcpy(ipi, &target->initiator_ext, 8);
Reported by FlawFinder.
Line: 891
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (target->io_class == SRP_REV10_IB_IO_CLASS) {
memcpy(ipi, &target->sgid.global.interface_id, 8);
memcpy(ipi + 8, &target->initiator_ext, 8);
memcpy(tpi, &target->ioc_guid, 8);
memcpy(tpi + 8, &target->id_ext, 8);
} else {
memcpy(ipi, &target->initiator_ext, 8);
memcpy(ipi + 8, &target->sgid.global.interface_id, 8);
Reported by FlawFinder.
Line: 892
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (target->io_class == SRP_REV10_IB_IO_CLASS) {
memcpy(ipi, &target->sgid.global.interface_id, 8);
memcpy(ipi + 8, &target->initiator_ext, 8);
memcpy(tpi, &target->ioc_guid, 8);
memcpy(tpi + 8, &target->id_ext, 8);
} else {
memcpy(ipi, &target->initiator_ext, 8);
memcpy(ipi + 8, &target->sgid.global.interface_id, 8);
memcpy(tpi, &target->id_ext, 8);
Reported by FlawFinder.
Line: 893
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ipi, &target->sgid.global.interface_id, 8);
memcpy(ipi + 8, &target->initiator_ext, 8);
memcpy(tpi, &target->ioc_guid, 8);
memcpy(tpi + 8, &target->id_ext, 8);
} else {
memcpy(ipi, &target->initiator_ext, 8);
memcpy(ipi + 8, &target->sgid.global.interface_id, 8);
memcpy(tpi, &target->id_ext, 8);
memcpy(tpi + 8, &target->ioc_guid, 8);
Reported by FlawFinder.
Line: 895
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(tpi, &target->ioc_guid, 8);
memcpy(tpi + 8, &target->id_ext, 8);
} else {
memcpy(ipi, &target->initiator_ext, 8);
memcpy(ipi + 8, &target->sgid.global.interface_id, 8);
memcpy(tpi, &target->id_ext, 8);
memcpy(tpi + 8, &target->ioc_guid, 8);
}
Reported by FlawFinder.
Line: 896
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(tpi + 8, &target->id_ext, 8);
} else {
memcpy(ipi, &target->initiator_ext, 8);
memcpy(ipi + 8, &target->sgid.global.interface_id, 8);
memcpy(tpi, &target->id_ext, 8);
memcpy(tpi + 8, &target->ioc_guid, 8);
}
/*
Reported by FlawFinder.
Line: 897
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memcpy(ipi, &target->initiator_ext, 8);
memcpy(ipi + 8, &target->sgid.global.interface_id, 8);
memcpy(tpi, &target->id_ext, 8);
memcpy(tpi + 8, &target->ioc_guid, 8);
}
/*
* Topspin/Cisco SRP targets will reject our login unless we
Reported by FlawFinder.
Line: 898
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ipi, &target->initiator_ext, 8);
memcpy(ipi + 8, &target->sgid.global.interface_id, 8);
memcpy(tpi, &target->id_ext, 8);
memcpy(tpi + 8, &target->ioc_guid, 8);
}
/*
* Topspin/Cisco SRP targets will reject our login unless we
* zero out the first 8 bytes of our initiator port ID and set
Reported by FlawFinder.
Line: 912
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"activated for target GUID %016llx\n",
be64_to_cpu(target->ioc_guid));
memset(ipi, 0, 8);
memcpy(ipi + 8, &target->srp_host->srp_dev->dev->node_guid, 8);
}
if (target->using_rdma_cm)
status = rdma_connect(ch->rdma_cm.cm_id, &req->rdma_param);
else
Reported by FlawFinder.
Line: 1764
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(struct srp_indirect_buf);
len += count * sizeof (struct srp_direct_buf);
memcpy(indirect_hdr->desc_list, req->indirect_desc,
count * sizeof (struct srp_direct_buf));
if (!target->global_rkey) {
ret = srp_map_idb(ch, req, state.gen.next, state.gen.end,
idb_len, &idb_rkey);
Reported by FlawFinder.
fs/ceph/mds_client.c
22 issues
Line: 1003
Column: 10
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
*/
static int __choose_mds(struct ceph_mds_client *mdsc,
struct ceph_mds_request *req,
bool *random)
{
struct inode *inode;
struct ceph_inode_info *ci;
struct ceph_cap *cap;
int mode = req->r_direct_mode;
Reported by FlawFinder.
Line: 1013
Column: 6
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
u32 hash = req->r_direct_hash;
bool is_hash = test_bit(CEPH_MDS_R_DIRECT_IS_HASH, &req->r_req_flags);
if (random)
*random = false;
/*
* is there a specific mds we should try? ignore hint if we have
* no session and the mds is not up (active or recovering).
Reported by FlawFinder.
Line: 1029
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
if (mode == USE_RANDOM_MDS)
goto random;
inode = NULL;
if (req->r_inode) {
if (ceph_snap(req->r_inode) != CEPH_SNAPDIR) {
inode = req->r_inode;
Reported by FlawFinder.
Line: 1080
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
dout("%s %p is_hash=%d (0x%x) mode %d\n", __func__, inode, (int)is_hash,
hash, mode);
if (!inode)
goto random;
ci = ceph_inode(inode);
if (is_hash && S_ISDIR(inode->i_mode)) {
struct ceph_inode_frag frag;
int found;
Reported by FlawFinder.
Line: 1134
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
if (!cap) {
spin_unlock(&ci->i_ceph_lock);
iput(inode);
goto random;
}
mds = cap->session->s_mds;
dout("%s %p %llx.%llx mds%d (%scap %p)\n", __func__,
inode, ceph_vinop(inode), mds,
cap == ci->i_auth_cap ? "auth " : "", cap);
Reported by FlawFinder.
Line: 1145
Column: 1
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
iput(inode);
return mds;
random:
if (random)
*random = true;
mds = ceph_mdsmap_get_random_mds(mdsc->mdsmap);
dout("%s chose random mds%d\n", __func__, mds);
Reported by FlawFinder.
Line: 1146
Column: 6
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
return mds;
random:
if (random)
*random = true;
mds = ceph_mdsmap_get_random_mds(mdsc->mdsmap);
dout("%s chose random mds%d\n", __func__, mds);
return mds;
Reported by FlawFinder.
Line: 2800
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
struct ceph_mds_session *session = NULL;
int mds = -1;
int err = 0;
bool random;
if (req->r_err || test_bit(CEPH_MDS_R_GOT_RESULT, &req->r_req_flags)) {
if (test_bit(CEPH_MDS_R_ABORTED, &req->r_req_flags))
__unregister_request(mdsc, req);
return;
Reported by FlawFinder.
Line: 2840
Column: 33
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
put_request_session(req);
mds = __choose_mds(mdsc, req, &random);
if (mds < 0 ||
ceph_mdsmap_get_state(mdsc->mdsmap, mds) < CEPH_MDS_STATE_ACTIVE) {
if (test_bit(CEPH_MDS_R_ASYNC, &req->r_req_flags)) {
err = -EJUKEBOX;
goto finish;
Reported by FlawFinder.
Line: 2896
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
if (err)
goto out_session;
/* retry the same mds later */
if (random)
req->r_resend_mds = mds;
}
list_add(&req->r_wait, &session->s_waiting);
goto out_session;
}
Reported by FlawFinder.
drivers/scsi/pm8001/pm80xx_hwi.c
22 issues
Line: 104
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
pm8001_ha->forensic_info.data_buf.direct_data = buf;
if (pm8001_ha->chip_id == chip_8001) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->forensic_info.data_buf.direct_data,
"Not supported for SPC controller");
return (char *)pm8001_ha->forensic_info.data_buf.direct_data -
(char *)buf;
}
/* initialize variables for very first call from host application */
Reported by FlawFinder.
Line: 174
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* If accumulated length is zero fail the attempt */
if (accum_len == 0) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", 0xFFFFFFFF);
return (char *)pm8001_ha->forensic_info.data_buf.direct_data -
(char *)buf;
}
/* Accumulated length is good so start capturing the first data */
Reported by FlawFinder.
Line: 213
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (pm8001_ha->forensic_last_offset >= length_to_read) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", 3);
for (index = 0; index <
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4); index++) {
pm8001_ha->forensic_info.data_buf.direct_data +=
Reported by FlawFinder.
Line: 219
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4); index++) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(
pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", *(temp + index));
}
pm8001_ha->fatal_bar_loc = 0;
Reported by FlawFinder.
Line: 240
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
if (pm8001_ha->fatal_bar_loc < (64 * 1024)) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->
forensic_info.data_buf.direct_data,
"%08x ", 2);
for (index = 0; index <
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4); index++) {
Reported by FlawFinder.
Line: 247
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4); index++) {
pm8001_ha->forensic_info.data_buf.direct_data
+= sprintf(pm8001_ha->
forensic_info.data_buf.direct_data,
"%08x ", *(temp + index));
}
status = 0;
offset = (int)
Reported by FlawFinder.
Line: 264
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* Increment the MEMBASE II Shifting Register value by 0x100.*/
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", 2);
for (index = 0; index <
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4) ; index++) {
pm8001_ha->forensic_info.data_buf.direct_data +=
Reported by FlawFinder.
Line: 270
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4) ; index++) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->
forensic_info.data_buf.direct_data,
"%08x ", *(temp + index));
}
pm8001_ha->fatal_forensic_shift_offset += 0x100;
pm8001_cw32(pm8001_ha, 0, MEMBASE_II_SHIFT_REGISTER,
Reported by FlawFinder.
Line: 325
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
reg_val);
/* Fail the dump if a timeout occurs */
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(
pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", 0xFFFFFFFF);
return((char *)
pm8001_ha->forensic_info.data_buf.direct_data
- (char *)buf);
Reported by FlawFinder.
Line: 349
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
reg_val);
/* Fail the dump if a timeout occurs */
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(
pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", 0xFFFFFFFF);
return((char *)pm8001_ha->forensic_info.data_buf.direct_data -
(char *)buf);
}
Reported by FlawFinder.
drivers/net/wireless/ath/ath6kl/cfg80211.c
22 issues
Line: 952
CWE codes:
476
ssid_found = false;
for (j = 0; j < n_ssids; j++) {
if ((match_set[i].ssid.ssid_len ==
ssid_list[j].ssid.ssid_len) &&
(!memcmp(ssid_list[j].ssid.ssid,
match_set[i].ssid.ssid,
match_set[i].ssid.ssid_len))) {
ssid_list[j].flag |= MATCH_SSID_FLAG;
Reported by Cppcheck.
Line: 350
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (pos + 2 + pos[1] > ies + ies_len)
break;
if (!(ath6kl_is_wpa_ie(pos) || ath6kl_is_rsn_ie(pos))) {
memcpy(buf + len, pos, 2 + pos[1]);
len += 2 + pos[1];
}
if (ath6kl_is_wps_ie(pos))
ar->connect_ctrl_flags |= CONNECT_WPS_FLAG;
Reported by FlawFinder.
Line: 537
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(vif->ssid, 0, sizeof(vif->ssid));
vif->ssid_len = sme->ssid_len;
memcpy(vif->ssid, sme->ssid, sme->ssid_len);
if (sme->channel)
vif->ch_hint = sme->channel->center_freq;
memset(vif->req_bssid, 0, sizeof(vif->req_bssid));
Reported by FlawFinder.
Line: 578
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
key = &vif->keys[sme->key_idx];
key->key_len = sme->key_len;
memcpy(key->key, sme->key, key->key_len);
key->cipher = vif->prwise_crypto;
vif->def_txkey_index = sme->key_idx;
ath6kl_wmi_addkey_cmd(ar->wmi, vif->fw_vif_idx, sme->key_idx,
vif->prwise_crypto,
Reported by FlawFinder.
Line: 717
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
ie[0] = WLAN_EID_SSID;
ie[1] = vif->ssid_len;
memcpy(ie + 2, vif->ssid, vif->ssid_len);
memcpy(ie + 2 + vif->ssid_len, beacon_ie, beacon_ie_len);
bss = cfg80211_inform_bss(ar->wiphy, chan,
CFG80211_BSS_FTYPE_UNKNOWN,
bssid, 0, cap_val, 100,
ie, 2 + vif->ssid_len + beacon_ie_len,
Reported by FlawFinder.
Line: 718
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ie[0] = WLAN_EID_SSID;
ie[1] = vif->ssid_len;
memcpy(ie + 2, vif->ssid, vif->ssid_len);
memcpy(ie + 2 + vif->ssid_len, beacon_ie, beacon_ie_len);
bss = cfg80211_inform_bss(ar->wiphy, chan,
CFG80211_BSS_FTYPE_UNKNOWN,
bssid, 0, cap_val, 100,
ie, 2 + vif->ssid_len + beacon_ie_len,
0, GFP_KERNEL);
Reported by FlawFinder.
Line: 932
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
for (i = 0; i < n_ssids; i++) {
memcpy(ssid_list[i].ssid.ssid,
ssids[i].ssid,
ssids[i].ssid_len);
ssid_list[i].ssid.ssid_len = ssids[i].ssid_len;
if (ssids[i].ssid_len)
Reported by FlawFinder.
Line: 971
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ssid_list[index_to_add].ssid.ssid_len =
match_set[i].ssid.ssid_len;
memcpy(ssid_list[index_to_add].ssid.ssid,
match_set[i].ssid.ssid,
match_set[i].ssid.ssid_len);
ssid_list[index_to_add].flag |= MATCH_SSID_FLAG;
index_to_add++;
}
Reported by FlawFinder.
Line: 1174
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
key->key_len = params->key_len;
memcpy(key->key, params->key, key->key_len);
key->seq_len = seq_len;
memcpy(key->seq, params->seq, key->seq_len);
key->cipher = params->cipher;
switch (key->cipher) {
Reported by FlawFinder.
Line: 1176
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
key->key_len = params->key_len;
memcpy(key->key, params->key, key->key_len);
key->seq_len = seq_len;
memcpy(key->seq, params->seq, key->seq_len);
key->cipher = params->cipher;
switch (key->cipher) {
case WLAN_CIPHER_SUITE_WEP40:
case WLAN_CIPHER_SUITE_WEP104:
Reported by FlawFinder.
drivers/counter/counter.c
22 issues
Line: 55
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (index >= e->num_items)
return -EINVAL;
return sprintf(buf, "%s\n", e->items[index]);
}
EXPORT_SYMBOL_GPL(counter_signal_enum_read);
ssize_t counter_signal_enum_write(struct counter_device *counter,
struct counter_signal *signal, void *priv,
Reported by FlawFinder.
Line: 94
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return 0;
for (i = 0; i < e->num_items; i++)
len += sprintf(buf + len, "%s\n", e->items[i]);
return len;
}
EXPORT_SYMBOL_GPL(counter_signal_enum_available_read);
Reported by FlawFinder.
Line: 118
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (index >= e->num_items)
return -EINVAL;
return sprintf(buf, "%s\n", e->items[index]);
}
EXPORT_SYMBOL_GPL(counter_count_enum_read);
ssize_t counter_count_enum_write(struct counter_device *counter,
struct counter_count *count, void *priv,
Reported by FlawFinder.
Line: 157
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return 0;
for (i = 0; i < e->num_items; i++)
len += sprintf(buf + len, "%s\n", e->items[i]);
return len;
}
EXPORT_SYMBOL_GPL(counter_count_enum_available_read);
Reported by FlawFinder.
Line: 180
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (index >= e->num_items)
return -EINVAL;
return sprintf(buf, "%s\n", e->items[index]);
}
EXPORT_SYMBOL_GPL(counter_device_enum_read);
ssize_t counter_device_enum_write(struct counter_device *counter, void *priv,
const char *buf, size_t len)
Reported by FlawFinder.
Line: 217
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return 0;
for (i = 0; i < e->num_items; i++)
len += sprintf(buf + len, "%s\n", e->items[i]);
return len;
}
EXPORT_SYMBOL_GPL(counter_device_enum_available_read);
Reported by FlawFinder.
Line: 311
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (err)
return err;
return sprintf(buf, "%s\n", counter_signal_value_str[val]);
}
struct counter_name_unit {
const char *name;
};
Reported by FlawFinder.
Line: 324
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
const struct counter_name_unit *const comp = to_counter_attr(attr)->component;
return sprintf(buf, "%s\n", comp->name);
}
static int counter_name_attribute_create(
struct counter_device_attr_group *const group,
const char *const name)
Reported by FlawFinder.
Line: 563
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
synapse->action = action_index;
action = synapse->actions_list[action_index];
return sprintf(buf, "%s\n", counter_synapse_action_str[action]);
}
static ssize_t counter_action_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t len)
Reported by FlawFinder.
Line: 615
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < component->num_actions; i++) {
action = component->actions_list[i];
len += sprintf(buf + len, "%s\n",
counter_synapse_action_str[action]);
}
return len;
}
Reported by FlawFinder.
Documentation/sphinx/kernel_feat.py
22 issues
Line: 41
Column: 1
from os import path
from docutils import nodes, statemachine
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives, Directive
from docutils.utils.error_reporting import ErrorString
from sphinx.util.docutils import switch_source_input
Reported by Pylint.
Line: 42
Column: 1
from os import path
from docutils import nodes, statemachine
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives, Directive
from docutils.utils.error_reporting import ErrorString
from sphinx.util.docutils import switch_source_input
__version__ = '1.0'
Reported by Pylint.
Line: 43
Column: 1
from docutils import nodes, statemachine
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives, Directive
from docutils.utils.error_reporting import ErrorString
from sphinx.util.docutils import switch_source_input
__version__ = '1.0'
Reported by Pylint.
Line: 44
Column: 1
from docutils import nodes, statemachine
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives, Directive
from docutils.utils.error_reporting import ErrorString
from sphinx.util.docutils import switch_source_input
__version__ = '1.0'
def setup(app):
Reported by Pylint.
Line: 45
Column: 1
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives, Directive
from docutils.utils.error_reporting import ErrorString
from sphinx.util.docutils import switch_source_input
__version__ = '1.0'
def setup(app):
Reported by Pylint.
Line: 37
Column: 1
import codecs
import os
import subprocess
import sys
from os import path
from docutils import nodes, statemachine
from docutils.statemachine import ViewList
Reported by Pylint.
Line: 41
Column: 1
from os import path
from docutils import nodes, statemachine
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives, Directive
from docutils.utils.error_reporting import ErrorString
from sphinx.util.docutils import switch_source_input
Reported by Pylint.
Line: 83
Column: 9
if not doc.settings.file_insertion_enabled:
raise self.warning("docutils: file insertion disabled")
env = doc.settings.env
cwd = path.dirname(doc.current_source)
cmd = "get_feat.pl rest --dir "
cmd += self.arguments[0]
if len(self.arguments) > 1:
Reported by Pylint.
Line: 104
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b604_any_other_function_with_shell_equals_true.html
shell_env["PATH"] = path_env
shell_env["srctree"] = srctree
lines = self.runCmd(cmd, shell=True, cwd=cwd, env=shell_env)
nodeList = self.nestedParse(lines, fname)
return nodeList
def runCmd(self, cmd, **kwargs):
u"""Run command ``cmd`` and return it's stdout as unicode."""
Reported by Bandit.
Line: 145
Column: 9
for c, l in enumerate(lines.split("\n")):
content.append(l, fname, c)
buf = self.state.memo.title_styles, self.state.memo.section_level, self.state.memo.reporter
with switch_source_input(self.state, content):
self.state.nested_parse(content, 0, node, match_titles=1)
return node.children
Reported by Pylint.