The following issues were found
fs/ocfs2/stackglue.h
3 issues
Line: 58
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct fsdlm_lksb_plus_lvb {
struct dlm_lksb lksb;
char lvb[DLM_LVB_LEN];
};
/*
* A union of all lock status structures. We define it here so that the
* size of the union is known. Lock status structures are embedded in
Reported by FlawFinder.
Line: 93
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* locking compatibility.
*/
struct ocfs2_cluster_connection {
char cc_name[GROUP_NAME_MAX + 1];
int cc_namelen;
char cc_cluster_name[CLUSTER_NAME_MAX + 1];
int cc_cluster_name_len;
struct ocfs2_protocol_version cc_version;
struct ocfs2_locking_protocol *cc_proto;
Reported by FlawFinder.
Line: 95
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ocfs2_cluster_connection {
char cc_name[GROUP_NAME_MAX + 1];
int cc_namelen;
char cc_cluster_name[CLUSTER_NAME_MAX + 1];
int cc_cluster_name_len;
struct ocfs2_protocol_version cc_version;
struct ocfs2_locking_protocol *cc_proto;
void (*cc_recovery_handler)(int node_num, void *recovery_data);
void *cc_recovery_data;
Reported by FlawFinder.
fs/squashfs/lzo_wrapper.c
3 issues
Line: 80
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int avail = min(bytes, ((int)bvec->bv_len) - offset);
data = page_address(bvec->bv_page) + bvec->bv_offset;
memcpy(buff, data + offset, avail);
buff += avail;
bytes -= avail;
offset = 0;
}
Reported by FlawFinder.
Line: 96
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buff = stream->output;
while (data) {
if (bytes <= PAGE_SIZE) {
memcpy(data, buff, bytes);
break;
} else {
memcpy(data, buff, PAGE_SIZE);
buff += PAGE_SIZE;
bytes -= PAGE_SIZE;
Reported by FlawFinder.
Line: 99
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(data, buff, bytes);
break;
} else {
memcpy(data, buff, PAGE_SIZE);
buff += PAGE_SIZE;
bytes -= PAGE_SIZE;
data = squashfs_next_page(output);
}
}
Reported by FlawFinder.
fs/efivarfs/super.c
3 issues
Line: 123
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!entry)
return err;
memcpy(entry->var.VariableName, name16, name_size);
memcpy(&(entry->var.VendorGuid), &vendor, sizeof(efi_guid_t));
len = ucs2_utf8size(entry->var.VariableName);
/* name, plus '-', plus GUID, plus NUL*/
Reported by FlawFinder.
Line: 124
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return err;
memcpy(entry->var.VariableName, name16, name_size);
memcpy(&(entry->var.VendorGuid), &vendor, sizeof(efi_guid_t));
len = ucs2_utf8size(entry->var.VariableName);
/* name, plus '-', plus GUID, plus NUL*/
name = kmalloc(len + 1 + EFI_VARIABLE_GUID_LEN + 1, GFP_KERNEL);
Reported by FlawFinder.
Line: 93
Column: 10
CWE codes:
126
int err;
q.name = name;
q.len = strlen(name);
err = efivarfs_d_hash(parent, &q);
if (err)
return ERR_PTR(err);
Reported by FlawFinder.
fs/squashfs/lz4_wrapper.c
3 issues
Line: 105
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int avail = min(bytes, ((int)bvec->bv_len) - offset);
data = page_address(bvec->bv_page) + bvec->bv_offset;
memcpy(buff, data + offset, avail);
buff += avail;
bytes -= avail;
offset = 0;
}
Reported by FlawFinder.
Line: 122
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buff = stream->output;
while (data) {
if (bytes <= PAGE_SIZE) {
memcpy(data, buff, bytes);
break;
}
memcpy(data, buff, PAGE_SIZE);
buff += PAGE_SIZE;
bytes -= PAGE_SIZE;
Reported by FlawFinder.
Line: 125
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(data, buff, bytes);
break;
}
memcpy(data, buff, PAGE_SIZE);
buff += PAGE_SIZE;
bytes -= PAGE_SIZE;
data = squashfs_next_page(output);
}
squashfs_finish_page(output);
Reported by FlawFinder.
tools/usb/usbip/libsrc/usbip_host_common.h
3 issues
Line: 25
Column: 8
CWE codes:
362
struct usbip_host_driver;
struct usbip_host_driver_ops {
int (*open)(struct usbip_host_driver *hdriver);
void (*close)(struct usbip_host_driver *hdriver);
int (*refresh_device_list)(struct usbip_host_driver *hdriver);
struct usbip_exported_device * (*get_device)(
struct usbip_host_driver *hdriver, int num);
Reported by FlawFinder.
Line: 57
Column: 20
CWE codes:
362
/* External API to access the driver */
static inline int usbip_driver_open(struct usbip_host_driver *hdriver)
{
if (!hdriver->ops.open)
return -EOPNOTSUPP;
return hdriver->ops.open(hdriver);
}
static inline void usbip_driver_close(struct usbip_host_driver *hdriver)
Reported by FlawFinder.
Line: 59
Column: 22
CWE codes:
362
{
if (!hdriver->ops.open)
return -EOPNOTSUPP;
return hdriver->ops.open(hdriver);
}
static inline void usbip_driver_close(struct usbip_host_driver *hdriver)
{
if (!hdriver->ops.close)
Reported by FlawFinder.
tools/testing/selftests/tc-testing/tdc_config.py
3 issues
Line: 35
Column: 5
# put customizations in tdc_config_local.py
try:
from tdc_config_local import *
except ImportError as ie:
pass
try:
NAMES.update(EXTRA_NAMES)
Reported by Pylint.
Line: 36
Column: 1
# put customizations in tdc_config_local.py
try:
from tdc_config_local import *
except ImportError as ie:
pass
try:
NAMES.update(EXTRA_NAMES)
except NameError as ne:
Reported by Pylint.
Line: 41
Column: 1
try:
NAMES.update(EXTRA_NAMES)
except NameError as ne:
pass
Reported by Pylint.
tools/testing/selftests/timens/clock_nanosleep.c
3 issues
Line: 132
Column: 9
CWE codes:
362
if (_settime(CLOCK_BOOTTIME, 9 * 24 * 3600))
return 1;
nsfd = open("/proc/self/ns/time_for_children", O_RDONLY);
if (nsfd < 0)
return pr_perror("Unable to open timens_for_children");
if (setns(nsfd, CLONE_NEWTIME))
return pr_perror("Unable to set timens");
Reported by FlawFinder.
Line: 81
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
ok = 0;
for (j = 0; j < 8; j++) {
/* The maximum timeout is about 5 seconds. */
usleep(10000 << j);
/* Try to interrupt clock_nanosleep(). */
pthread_kill(thread, SIGUSR1);
usleep(10000 << j);
Reported by FlawFinder.
Line: 86
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
/* Try to interrupt clock_nanosleep(). */
pthread_kill(thread, SIGUSR1);
usleep(10000 << j);
/* Check whether clock_nanosleep() has been interrupted or not. */
if (pthread_mutex_trylock(&lock) == 0) {
/**/
ok = 1;
break;
Reported by FlawFinder.
tools/testing/selftests/timens/timens.h
3 issues
Line: 107
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static inline void nscheck(void)
{
if (access("/proc/self/ns/time", F_OK) < 0)
ksft_exit_skip("Time namespaces are not supported\n");
}
#endif
Reported by FlawFinder.
Line: 67
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline int _settime(clockid_t clk_id, time_t offset)
{
int fd, len;
char buf[4096];
if (clk_id == CLOCK_MONOTONIC_COARSE || clk_id == CLOCK_MONOTONIC_RAW)
clk_id = CLOCK_MONOTONIC;
len = snprintf(buf, sizeof(buf), "%d %ld 0", clk_id, offset);
Reported by FlawFinder.
Line: 74
Column: 7
CWE codes:
362
len = snprintf(buf, sizeof(buf), "%d %ld 0", clk_id, offset);
fd = open("/proc/self/timens_offsets", O_WRONLY);
if (fd < 0)
return pr_perror("/proc/self/timens_offsets");
if (write(fd, buf, len) != len)
return pr_perror("/proc/self/timens_offsets");
Reported by FlawFinder.
tools/testing/selftests/timers/inconsistency-check.c
3 issues
Line: 162
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
struct timespec ts;
/* Process arguments */
while ((opt = getopt(argc, argv, "t:c:")) != -1) {
switch (opt) {
case 't':
runtime = atoi(optarg);
break;
case 'c':
Reported by FlawFinder.
Line: 165
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
while ((opt = getopt(argc, argv, "t:c:")) != -1) {
switch (opt) {
case 't':
runtime = atoi(optarg);
break;
case 'c':
userclock = atoi(optarg);
maxclocks = userclock + 1;
break;
Reported by FlawFinder.
Line: 168
Column: 16
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
runtime = atoi(optarg);
break;
case 'c':
userclock = atoi(optarg);
maxclocks = userclock + 1;
break;
default:
printf("Usage: %s [-t <secs>] [-c <clockid>]\n", argv[0]);
printf(" -t: Number of seconds to run\n");
Reported by FlawFinder.
tools/testing/selftests/timers/rtcpie.c
3 issues
Line: 42
Column: 8
CWE codes:
362
rtc = argv[1];
break;
case 1:
fd = open(default_rtc, O_RDONLY);
if (fd == -1) {
printf("Default RTC %s does not exist. Test Skipped!\n", default_rtc);
exit(KSFT_SKIP);
}
close(fd);
Reported by FlawFinder.
Line: 54
Column: 7
CWE codes:
362
return 1;
}
fd = open(rtc, O_RDONLY);
if (fd == -1) {
perror(rtc);
exit(errno);
}
Reported by FlawFinder.
Line: 105
Column: 13
CWE codes:
120
20
for (i=1; i<21; i++) {
gettimeofday(&start, NULL);
/* This blocks */
retval = read(fd, &data, sizeof(unsigned long));
if (retval == -1) {
perror("read");
exit(errno);
}
gettimeofday(&end, NULL);
Reported by FlawFinder.