The following issues were found
fs/ocfs2/dlm/dlmconvert.c
3 issues
Line: 196
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mlog(0, "doing in-place convert for nonlocal lock\n");
lock->ml.type = type;
if (lock->lksb->flags & DLM_LKSB_PUT_LVB)
memcpy(res->lvb, lock->lksb->lvb, DLM_LVB_LEN);
/*
* Move the lock to the tail because it may be the only lock which has
* an invalid lvb.
*/
Reported by FlawFinder.
Line: 372
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
convert.cookie = lock->ml.cookie;
convert.namelen = res->lockname.len;
convert.flags = cpu_to_be32(flags);
memcpy(convert.name, res->lockname.name, convert.namelen);
vec[0].iov_len = sizeof(struct dlm_convert_lock);
vec[0].iov_base = &convert;
if (flags & LKM_PUT_LVB) {
Reported by FlawFinder.
Line: 508
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (flags & LKM_PUT_LVB) {
BUG_ON(lksb->flags & (DLM_LKSB_PUT_LVB|DLM_LKSB_GET_LVB));
lksb->flags |= DLM_LKSB_PUT_LVB;
memcpy(&lksb->lvb[0], &cnv->lvb[0], DLM_LVB_LEN);
} else if (flags & LKM_GET_LVB) {
BUG_ON(lksb->flags & (DLM_LKSB_PUT_LVB|DLM_LKSB_GET_LVB));
lksb->flags |= DLM_LKSB_GET_LVB;
}
Reported by FlawFinder.
drivers/video/fbdev/w100fb.c
3 issues
Line: 84
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct fb_info *info = dev_get_drvdata(dev);
struct w100fb_par *par=info->par;
return sprintf(buf, "%d\n",par->flip);
}
static ssize_t flip_store(struct device *dev, struct device_attribute *attr, const char *buf, size_t count)
{
unsigned int flip;
Reported by FlawFinder.
Line: 143
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct fb_info *info = dev_get_drvdata(dev);
struct w100fb_par *par=info->par;
return sprintf(buf, "%d\n",par->fastpll_mode);
}
static ssize_t fastpllclk_store(struct device *dev, struct device_attribute *attr, const char *buf, size_t count)
{
struct fb_info *info = dev_get_drvdata(dev);
Reported by FlawFinder.
Line: 717
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
info->screen_base = remapped_fbuf + (W100_FB_BASE-MEM_WINDOW_BASE);
info->screen_size = REMAPPED_FB_LEN;
strcpy(info->fix.id, "w100fb");
info->fix.type = FB_TYPE_PACKED_PIXELS;
info->fix.type_aux = 0;
info->fix.accel = FB_ACCEL_NONE;
info->fix.smem_start = mem->start+W100_FB_BASE;
info->fix.mmio_start = mem->start+W100_REG_BASE;
Reported by FlawFinder.
fs/cifs/xattr.c
3 issues
Line: 539
CWE codes:
476
.set = cifs_xattr_set,
};
const struct xattr_handler *cifs_xattr_handlers[] = {
&cifs_user_xattr_handler,
&cifs_os2_xattr_handler,
&cifs_cifs_acl_xattr_handler,
&smb3_acl_xattr_handler, /* alias for above since avoiding "cifs" */
&cifs_cifs_ntsd_xattr_handler,
Reported by Cppcheck.
Line: 171
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!pacl) {
rc = -ENOMEM;
} else {
memcpy(pacl, value, size);
if (pTcon->ses->server->ops->set_acl) {
int aclflags = 0;
rc = 0;
switch (handler->flags) {
Reported by FlawFinder.
Line: 359
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (acllen > size)
acllen = -ERANGE;
else
memcpy(value, pacl, acllen);
}
rc = acllen;
kfree(pacl);
}
break;
Reported by FlawFinder.
fs/cifs/smbdirect.c
3 issues
Line: 1456
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MAX_NAME_LEN 80
static int allocate_caches_and_workqueue(struct smbd_connection *info)
{
char name[MAX_NAME_LEN];
int rc;
scnprintf(name, MAX_NAME_LEN, "smbd_request_%p", info);
info->request_cache =
kmem_cache_create(
Reported by FlawFinder.
Line: 1828
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
to_copy = min_t(int, data_length - offset, to_read);
memcpy(
buf + data_read,
(char *)data_transfer + data_offset + offset,
to_copy);
/* move on to the next buffer? */
Reported by FlawFinder.
Line: 2064
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
buflen, nvecs);
for (j = 0; j < nvecs; j++) {
vec.iov_base =
(char *)iov[start].iov_base +
j*max_iov_size;
vec.iov_len = max_iov_size;
if (j == nvecs-1)
vec.iov_len =
buflen -
Reported by FlawFinder.
fs/hfsplus/xattr_security.c
3 issues
Line: 53
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!strcmp(xattr->name, ""))
continue;
strcpy(xattr_name, XATTR_SECURITY_PREFIX);
strcpy(xattr_name +
XATTR_SECURITY_PREFIX_LEN, xattr->name);
memset(xattr_name +
XATTR_SECURITY_PREFIX_LEN + strlen(xattr->name), 0, 1);
Reported by FlawFinder.
Line: 54
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
continue;
strcpy(xattr_name, XATTR_SECURITY_PREFIX);
strcpy(xattr_name +
XATTR_SECURITY_PREFIX_LEN, xattr->name);
memset(xattr_name +
XATTR_SECURITY_PREFIX_LEN + strlen(xattr->name), 0, 1);
err = __hfsplus_setxattr(inode, xattr_name,
Reported by FlawFinder.
Line: 57
Column: 32
CWE codes:
126
strcpy(xattr_name +
XATTR_SECURITY_PREFIX_LEN, xattr->name);
memset(xattr_name +
XATTR_SECURITY_PREFIX_LEN + strlen(xattr->name), 0, 1);
err = __hfsplus_setxattr(inode, xattr_name,
xattr->value, xattr->value_len, 0);
if (err)
break;
Reported by FlawFinder.
include/linux/node.h
3 issues
Line: 70
Column: 14
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
#ifdef CONFIG_HMEM_REPORTING
void node_add_cache(unsigned int nid, struct node_cache_attrs *cache_attrs);
void node_set_perf_attrs(unsigned int nid, struct node_hmem_attrs *hmem_attrs,
unsigned access);
#else
static inline void node_add_cache(unsigned int nid,
struct node_cache_attrs *cache_attrs)
{
}
Reported by FlawFinder.
Line: 79
Column: 21
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static inline void node_set_perf_attrs(unsigned int nid,
struct node_hmem_attrs *hmem_attrs,
unsigned access)
{
}
#endif
struct node {
Reported by FlawFinder.
Line: 145
Column: 19
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
extern int register_memory_node_under_compute_node(unsigned int mem_nid,
unsigned int cpu_nid,
unsigned access);
#ifdef CONFIG_HUGETLBFS
extern void register_hugetlbfs_with_node(node_registration_func_t doregister,
node_registration_func_t unregister);
#endif
Reported by FlawFinder.
drivers/video/fbdev/via/viamode.h
3 issues
Line: 15
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct VPITTable {
unsigned char Misc;
unsigned char SR[StdSR];
unsigned char GR[StdGR];
unsigned char AR[StdAR];
};
struct patch_table {
Reported by FlawFinder.
Line: 16
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct VPITTable {
unsigned char Misc;
unsigned char SR[StdSR];
unsigned char GR[StdGR];
unsigned char AR[StdAR];
};
struct patch_table {
int table_length;
Reported by FlawFinder.
Line: 17
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char Misc;
unsigned char SR[StdSR];
unsigned char GR[StdGR];
unsigned char AR[StdAR];
};
struct patch_table {
int table_length;
struct io_reg *io_reg_table;
Reported by FlawFinder.
fs/ocfs2/aops.c
3 issues
Line: 101
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mlog(ML_ERROR, "couldn't kmap!\n");
goto bail;
}
memcpy(kaddr + (bh_result->b_size * iblock),
buffer_cache_bh->b_data,
bh_result->b_size);
kunmap_atomic(kaddr);
set_buffer_uptodate(bh_result);
}
Reported by FlawFinder.
Line: 245
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kaddr = kmap_atomic(page);
if (size)
memcpy(kaddr, di->id2.i_data.id_data, size);
/* Clear the remaining part of the page */
memset(kaddr + size, 0, PAGE_SIZE - size);
flush_dcache_page(page);
kunmap_atomic(kaddr);
Reported by FlawFinder.
Line: 1941
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
kaddr = kmap_atomic(wc->w_target_page);
memcpy(di->id2.i_data.id_data + pos, kaddr + pos, *copied);
kunmap_atomic(kaddr);
trace_ocfs2_write_end_inline(
(unsigned long long)OCFS2_I(inode)->ip_blkno,
(unsigned long long)pos, *copied,
Reported by FlawFinder.
fs/cifs/ioctl.c
3 issues
Line: 446
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pkey_inf.cipher_type =
le16_to_cpu(tcon->ses->server->cipher_type);
pkey_inf.Suid = tcon->ses->Suid;
memcpy(pkey_inf.auth_key, tcon->ses->auth_key.response,
16 /* SMB2_NTLMV2_SESSKEY_SIZE */);
memcpy(pkey_inf.smb3decryptionkey,
tcon->ses->smb3decryptionkey, SMB3_SIGN_KEY_SIZE);
memcpy(pkey_inf.smb3encryptionkey,
tcon->ses->smb3encryptionkey, SMB3_SIGN_KEY_SIZE);
Reported by FlawFinder.
Line: 448
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pkey_inf.Suid = tcon->ses->Suid;
memcpy(pkey_inf.auth_key, tcon->ses->auth_key.response,
16 /* SMB2_NTLMV2_SESSKEY_SIZE */);
memcpy(pkey_inf.smb3decryptionkey,
tcon->ses->smb3decryptionkey, SMB3_SIGN_KEY_SIZE);
memcpy(pkey_inf.smb3encryptionkey,
tcon->ses->smb3encryptionkey, SMB3_SIGN_KEY_SIZE);
if (copy_to_user((void __user *)arg, &pkey_inf,
sizeof(struct smb3_key_debug_info)))
Reported by FlawFinder.
Line: 450
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
16 /* SMB2_NTLMV2_SESSKEY_SIZE */);
memcpy(pkey_inf.smb3decryptionkey,
tcon->ses->smb3decryptionkey, SMB3_SIGN_KEY_SIZE);
memcpy(pkey_inf.smb3encryptionkey,
tcon->ses->smb3encryptionkey, SMB3_SIGN_KEY_SIZE);
if (copy_to_user((void __user *)arg, &pkey_inf,
sizeof(struct smb3_key_debug_info)))
rc = -EFAULT;
else
Reported by FlawFinder.
fs/xfs/xfs_symlink.c
3 issues
Line: 81
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cur_chunk += sizeof(struct xfs_dsymlink_hdr);
}
memcpy(link + offset, cur_chunk, byte_cnt);
pathlen -= byte_cnt;
offset += byte_cnt;
xfs_buf_relse(bp);
Reported by FlawFinder.
Line: 296
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf += xfs_symlink_hdr_set(mp, ip->i_ino, offset,
byte_cnt, bp);
memcpy(buf, cur_chunk, byte_cnt);
cur_chunk += byte_cnt;
pathlen -= byte_cnt;
offset += byte_cnt;
Reported by FlawFinder.
Line: 177
Column: 12
CWE codes:
126
/*
* Check component lengths of the target path name.
*/
pathlen = strlen(target_path);
if (pathlen >= XFS_SYMLINK_MAXLEN) /* total string too long */
return -ENAMETOOLONG;
ASSERT(pathlen > 0);
prid = xfs_get_initial_prid(dp);
Reported by FlawFinder.