The following issues were found
fs/nfs/nfs4namespace.c
4 issues
Line: 77
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const struct nfs4_string *component = &pathname->components[i];
*p++ = '/';
memcpy(p, component->data, component->len);
p += component->len;
}
*p = 0;
return buf;
Reported by FlawFinder.
Line: 337
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rpc_set_port(&ctx->nfs_server.address, NFS_PORT);
memcpy(ctx->nfs_server.hostname, buf->data, buf->len);
ctx->nfs_server.hostname[buf->len] = '\0';
p = source;
memcpy(p, buf->data, buf->len);
p += buf->len;
Reported by FlawFinder.
Line: 341
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ctx->nfs_server.hostname[buf->len] = '\0';
p = source;
memcpy(p, buf->data, buf->len);
p += buf->len;
*p++ = ':';
memcpy(p, ctx->nfs_server.export_path, ctx->nfs_server.export_path_len);
p += ctx->nfs_server.export_path_len;
*p = 0;
Reported by FlawFinder.
Line: 344
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(p, buf->data, buf->len);
p += buf->len;
*p++ = ':';
memcpy(p, ctx->nfs_server.export_path, ctx->nfs_server.export_path_len);
p += ctx->nfs_server.export_path_len;
*p = 0;
ret = nfs4_get_referral_tree(fc);
if (ret == 0)
Reported by FlawFinder.
include/linux/isdn/capilli.h
4 issues
Line: 43
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* filled in before calling attach_capi_ctr */
struct module *owner;
void *driverdata; /* driver specific */
char name[32]; /* name of controller */
char *driver_name; /* name of driver */
int (*load_firmware)(struct capi_ctr *, capiloaddata *);
void (*reset_ctr)(struct capi_ctr *);
void (*register_appl)(struct capi_ctr *, u16 appl,
capi_register_params *);
Reported by FlawFinder.
Line: 74
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int traceflag; /* capi trace */
struct proc_dir_entry *procent;
char procfn[128];
};
int attach_capi_ctr(struct capi_ctr *);
int detach_capi_ctr(struct capi_ctr *);
Reported by FlawFinder.
Line: 88
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// needed for AVM capi drivers
struct capi_driver {
char name[32]; /* driver name */
char revision[32];
/* management information for kcapi */
struct list_head list;
};
Reported by FlawFinder.
Line: 89
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct capi_driver {
char name[32]; /* driver name */
char revision[32];
/* management information for kcapi */
struct list_head list;
};
Reported by FlawFinder.
drivers/xen/xen-balloon.c
3 issues
Line: 141
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
struct device_attribute *attr, \
char *buf) \
{ \
return sprintf(buf, format, ##args); \
} \
static DEVICE_ATTR_RO(name)
BALLOON_SHOW(current_kb, "%lu\n", PAGES2KB(balloon_stats.current_pages));
BALLOON_SHOW(low_kb, "%lu\n", PAGES2KB(balloon_stats.balloon_low));
Reported by FlawFinder.
Line: 158
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t target_kb_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "%lu\n", PAGES2KB(balloon_stats.target_pages));
}
static ssize_t target_kb_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 183
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t target_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "%llu\n",
(unsigned long long)balloon_stats.target_pages
<< PAGE_SHIFT);
}
static ssize_t target_store(struct device *dev,
Reported by FlawFinder.
fs/xfs/libxfs/xfs_format.h
3 issues
Line: 116
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint16_t sb_sectsize; /* volume sector size, bytes */
uint16_t sb_inodesize; /* inode size, bytes */
uint16_t sb_inopblock; /* inodes per block */
char sb_fname[XFSLABEL_MAX]; /* file system name */
uint8_t sb_blocklog; /* log2 of sb_blocksize */
uint8_t sb_sectlog; /* log2 of sb_sectsize */
uint8_t sb_inodelog; /* log2 of sb_inodesize */
uint8_t sb_inopblog; /* log2 of sb_inopblock */
uint8_t sb_agblklog; /* log2 of sb_agblocks (rounded up) */
Reported by FlawFinder.
Line: 207
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be16 sb_sectsize; /* volume sector size, bytes */
__be16 sb_inodesize; /* inode size, bytes */
__be16 sb_inopblock; /* inodes per block */
char sb_fname[XFSLABEL_MAX]; /* file system name */
__u8 sb_blocklog; /* log2 of sb_blocksize */
__u8 sb_sectlog; /* log2 of sb_sectsize */
__u8 sb_inodelog; /* log2 of sb_inodesize */
__u8 sb_inopblog; /* log2 of sb_inopblock */
__u8 sb_agblklog; /* log2 of sb_agblocks (rounded up) */
Reported by FlawFinder.
Line: 1402
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
typedef struct xfs_dqblk {
struct xfs_disk_dquot dd_diskdq; /* portion living incore as well */
char dd_fill[4];/* filling for posterity */
/*
* These two are only present on filesystems with the CRC bits set.
*/
__be32 dd_crc; /* checksum */
Reported by FlawFinder.
fs/ecryptfs/debug.c
3 issues
Line: 20
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok)
{
char salt[ECRYPTFS_SALT_SIZE * 2 + 1];
char sig[ECRYPTFS_SIG_SIZE_HEX + 1];
ecryptfs_printk(KERN_DEBUG, "Auth tok at mem loc [%p]:\n",
auth_tok);
if (auth_tok->flags & ECRYPTFS_PRIVATE_KEY) {
Reported by FlawFinder.
Line: 21
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok)
{
char salt[ECRYPTFS_SALT_SIZE * 2 + 1];
char sig[ECRYPTFS_SIG_SIZE_HEX + 1];
ecryptfs_printk(KERN_DEBUG, "Auth tok at mem loc [%p]:\n",
auth_tok);
if (auth_tok->flags & ECRYPTFS_PRIVATE_KEY) {
ecryptfs_printk(KERN_DEBUG, " * private key type\n");
Reported by FlawFinder.
Line: 37
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ECRYPTFS_PERSISTENT_PASSWORD) {
ecryptfs_printk(KERN_DEBUG, " * persistent\n");
}
memcpy(sig, auth_tok->token.password.signature,
ECRYPTFS_SIG_SIZE_HEX);
sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
ecryptfs_printk(KERN_DEBUG, " * signature = [%s]\n", sig);
}
ecryptfs_printk(KERN_DEBUG, " * session_key.flags = [0x%x]\n",
Reported by FlawFinder.
drivers/w1/masters/ds2490.c
3 issues
Line: 295
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ds_dump_status(dev, dev->st_buf, count);
if (st && count >= sizeof(*st))
memcpy(st, dev->st_buf, sizeof(*st));
return count;
}
static void ds_reset_device(struct ds_device *dev)
Reported by FlawFinder.
Line: 813
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct ds_status st;
u8 buf[9];
memcpy(buf, &init, 8);
buf[8] = BRANCH_MAIN;
err = ds_send_data(dev, buf, sizeof(buf));
if (err)
return err;
Reported by FlawFinder.
Line: 915
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err = ds_read_block(dev, tbuf, len);
if (err >= 0)
memcpy(buf, tbuf, len);
kfree(tbuf);
return err >= 0 ? len : 0;
}
Reported by FlawFinder.
fs/xfs/xfs_extfree_item.c
3 issues
Line: 197
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(src_efi_fmt->efi_nextents - 1) * sizeof(xfs_extent_64_t);
if (buf->i_len == len) {
memcpy((char *)dst_efi_fmt, (char*)src_efi_fmt, len);
return 0;
} else if (buf->i_len == len32) {
xfs_efi_log_format_32_t *src_efi_fmt_32 = buf->i_addr;
dst_efi_fmt->efi_type = src_efi_fmt_32->efi_type;
Reported by FlawFinder.
Line: 669
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tp->t_flags |= XFS_TRANS_DIRTY;
efdp = xfs_trans_get_efd(tp, EFI_ITEM(intent), count);
efdp->efd_next_extent = count;
memcpy(efdp->efd_format.efd_extents, extp, count * sizeof(*extp));
set_bit(XFS_LI_DIRTY, &efdp->efd_item.li_flags);
efip = xfs_efi_init(tp->t_mountp, count);
memcpy(efip->efi_format.efi_extents, extp, count * sizeof(*extp));
atomic_set(&efip->efi_next_extent, count);
Reported by FlawFinder.
Line: 673
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
set_bit(XFS_LI_DIRTY, &efdp->efd_item.li_flags);
efip = xfs_efi_init(tp->t_mountp, count);
memcpy(efip->efi_format.efi_extents, extp, count * sizeof(*extp));
atomic_set(&efip->efi_next_extent, count);
xfs_trans_add_item(tp, &efip->efi_item);
set_bit(XFS_LI_DIRTY, &efip->efi_item.li_flags);
return &efip->efi_item;
}
Reported by FlawFinder.
include/linux/jbd2.h
3 issues
Line: 174
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be32 h_sequence;
unsigned char h_chksum_type;
unsigned char h_chksum_size;
unsigned char h_padding[2];
__be32 h_chksum[JBD2_CHECKSUM_BYTES];
__be64 h_commit_sec;
__be32 h_commit_nsec;
};
Reported by FlawFinder.
Line: 1020
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/**
* @j_devname: Journal device name.
*/
char j_devname[BDEVNAME_SIZE+24];
/**
* @j_fs_dev:
*
* Device which holds the client fs. For internal journal this will be
Reported by FlawFinder.
Line: 1787
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct {
struct shash_desc shash;
char ctx[JBD_MAX_CHECKSUM_SIZE];
} desc;
int err;
BUG_ON(crypto_shash_descsize(journal->j_chksum_driver) >
JBD_MAX_CHECKSUM_SIZE);
Reported by FlawFinder.
fs/hfs/bnode.c
3 issues
Line: 37
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bytes_to_read = min_t(int, len - bytes_read, PAGE_SIZE - off);
vaddr = kmap_atomic(page);
memcpy(buf + bytes_read, vaddr + off, bytes_to_read);
kunmap_atomic(vaddr);
pagenum++;
off = 0; /* page offset only applies to the first page */
}
Reported by FlawFinder.
Line: 83
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
off += node->page_offset;
page = node->page[0];
memcpy(kmap(page) + off, buf, len);
kunmap(page);
set_page_dirty(page);
}
void hfs_bnode_write_u16(struct hfs_bnode *node, int off, u16 data)
Reported by FlawFinder.
Line: 126
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src_page = src_node->page[0];
dst_page = dst_node->page[0];
memcpy(kmap(dst_page) + dst, kmap(src_page) + src, len);
kunmap(src_page);
kunmap(dst_page);
set_page_dirty(dst_page);
}
Reported by FlawFinder.
fs/ocfs2/dlm/dlmast.c
3 issues
Line: 180
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mlog(0, "getting lvb from lockres for %s node\n",
lock->ml.node == dlm->node_num ? "master" :
"remote");
memcpy(lksb->lvb, res->lvb, DLM_LVB_LEN);
}
/* Do nothing for lvb put requests - they should be done in
* place when the lock is downconverted - otherwise we risk
* racing gets and puts which could result in old lvb data
* being propagated. We leave the put flag set and clear it
Reported by FlawFinder.
Line: 401
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* if we requested the lvb, fetch it into our lksb now */
if (flags & LKM_GET_LVB) {
BUG_ON(!(lock->lksb->flags & DLM_LKSB_GET_LVB));
memcpy(lock->lksb->lvb, past->lvb, DLM_LVB_LEN);
}
}
spin_unlock(&res->spinlock);
if (past->type == DLM_AST)
Reported by FlawFinder.
Line: 440
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
past.type = msg_type;
past.blocked_type = blocked_type;
past.namelen = res->lockname.len;
memcpy(past.name, res->lockname.name, past.namelen);
past.cookie = lock->ml.cookie;
vec[0].iov_len = sizeof(struct dlm_proxy_ast);
vec[0].iov_base = &past;
if (flags & DLM_LKSB_GET_LVB) {
Reported by FlawFinder.