The following issues were found
security/selinux/selinuxfs.c
22 issues
Line: 825
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
rc = -EINVAL;
if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4)
goto out;
rc = security_context_str_to_sid(state, oldcon, &osid, GFP_KERNEL);
if (rc)
goto out;
Reported by FlawFinder.
Line: 935
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
length = -EINVAL;
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
goto out;
length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
if (length)
goto out;
Reported by FlawFinder.
Line: 995
Column: 10
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
length = -EINVAL;
nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
if (nargs < 3 || nargs > 4)
goto out;
if (nargs == 4) {
/*
* If and when the name of new object to be queried contains
Reported by FlawFinder.
Line: 1092
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
length = -EINVAL;
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
goto out;
length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
if (length)
goto out;
Reported by FlawFinder.
Line: 1153
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
length = -EINVAL;
if (sscanf(buf, "%s %s", con, user) != 2)
goto out;
length = security_context_str_to_sid(state, con, &sid, GFP_KERNEL);
if (length)
goto out;
Reported by FlawFinder.
Line: 1218
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
length = -EINVAL;
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
goto out;
length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
if (length)
goto out;
Reported by FlawFinder.
Line: 129
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
char tmpbuf[TMPBUFLEN];
ssize_t length;
length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
enforcing_enabled(fsi->state));
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
Reported by FlawFinder.
Line: 209
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
struct selinux_state *state = fsi->state;
char tmpbuf[TMPBUFLEN];
ssize_t length;
ino_t ino = file_inode(filp)->i_ino;
int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
security_get_reject_unknown(state) :
!security_get_allow_unknown(state);
Reported by FlawFinder.
Line: 342
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
size_t count, loff_t *ppos)
{
char tmpbuf[TMPBUFLEN];
ssize_t length;
length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX);
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
}
Reported by FlawFinder.
Line: 377
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
char tmpbuf[TMPBUFLEN];
ssize_t length;
length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
security_mls_enabled(fsi->state));
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
Reported by FlawFinder.
drivers/net/wireless/ath/ath9k/common-spectral.c
22 issues
Line: 171
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fft_sample_20.tsf = __cpu_to_be64(tsf);
memcpy(fft_sample_20.data, sample_buf, SPECTRAL_HT20_NUM_BINS);
ath_dbg(common, SPECTRAL_SCAN, "FFT HT20 frame: max mag 0x%X,"
"max_mag_idx %i\n",
magnitude >> max_exp,
max_index);
Reported by FlawFinder.
Line: 310
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fft_sample_40.tsf = __cpu_to_be64(tsf);
memcpy(fft_sample_40.data, sample_buf, SPECTRAL_HT20_40_NUM_BINS);
ath_dbg(common, SPECTRAL_SCAN, "FFT HT20/40 frame: lower mag 0x%X,"
"lower_mag_idx %i, upper mag 0x%X,"
"upper_mag_idx %i\n",
lower_mag >> max_exp,
Reported by FlawFinder.
Line: 417
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (sample_bytes - sample_len) {
case -1:
/* First byte missing */
memcpy(&out[1], in,
sample_len - 1);
break;
case 0:
/* Length correct, nothing to do. */
memcpy(out, in, sample_len);
Reported by FlawFinder.
Line: 422
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 0:
/* Length correct, nothing to do. */
memcpy(out, in, sample_len);
break;
case 1:
/* MAC added 2 extra bytes AND first byte
* is missing.
*/
Reported by FlawFinder.
Line: 428
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* MAC added 2 extra bytes AND first byte
* is missing.
*/
memcpy(&out[1], in, 30);
out[31] = in[31];
memcpy(&out[32], &in[33],
sample_len - 32);
break;
case 2:
Reported by FlawFinder.
Line: 430
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
memcpy(&out[1], in, 30);
out[31] = in[31];
memcpy(&out[32], &in[33],
sample_len - 32);
break;
case 2:
/* MAC added 2 extra bytes at bin 30 and 32,
* remove them.
Reported by FlawFinder.
Line: 437
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* MAC added 2 extra bytes at bin 30 and 32,
* remove them.
*/
memcpy(out, in, 30);
out[30] = in[31];
memcpy(&out[31], &in[33],
sample_len - 31);
break;
default:
Reported by FlawFinder.
Line: 439
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
memcpy(out, in, 30);
out[30] = in[31];
memcpy(&out[31], &in[33],
sample_len - 31);
break;
default:
break;
}
Reported by FlawFinder.
Line: 795
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath_spec_scan_priv *spec_priv = file->private_data;
struct ath_common *common = ath9k_hw_common(spec_priv->ah);
char buf[32];
ssize_t len;
if (IS_ENABLED(CONFIG_ATH9K_TX99))
return -EOPNOTSUPP;
Reported by FlawFinder.
Line: 845
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath_spec_scan_priv *spec_priv = file->private_data;
char buf[32];
unsigned int len;
len = sprintf(buf, "%d\n", spec_priv->spec_config.short_repeat);
return simple_read_from_buffer(user_buf, count, ppos, buf, len);
}
Reported by FlawFinder.
arch/sparc/kernel/traps_64.c
22 issues
Line: 90
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void bad_trap(struct pt_regs *regs, long lvl)
{
char buffer[36];
if (notify_die(DIE_TRAP, "bad trap", regs,
0, lvl, SIGTRAP) == NOTIFY_STOP)
return;
Reported by FlawFinder.
Line: 97
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return;
if (lvl < 0x100) {
sprintf(buffer, "Bad hw trap %lx at tl0\n", lvl);
die_if_kernel(buffer, regs);
}
lvl -= 0x100;
if (regs->tstate & TSTATE_PRIV) {
Reported by FlawFinder.
Line: 103
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
lvl -= 0x100;
if (regs->tstate & TSTATE_PRIV) {
sprintf(buffer, "Kernel bad sw trap %lx", lvl);
die_if_kernel(buffer, regs);
}
if (test_thread_flag(TIF_32BIT)) {
regs->tpc &= 0xffffffff;
regs->tnpc &= 0xffffffff;
Reported by FlawFinder.
Line: 116
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void bad_trap_tl1(struct pt_regs *regs, long lvl)
{
char buffer[36];
if (notify_die(DIE_TRAP_TL1, "bad trap tl1", regs,
0, lvl, SIGTRAP) == NOTIFY_STOP)
return;
Reported by FlawFinder.
Line: 124
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
sprintf (buffer, "Bad trap %lx at tl>0", lvl);
die_if_kernel (buffer, regs);
}
#ifdef CONFIG_DEBUG_BUGVERBOSE
void do_BUG(const char *file, int line)
Reported by FlawFinder.
Line: 488
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void spitfire_log_udb_syndrome(unsigned long afar, unsigned long udbh, unsigned long udbl, unsigned long bit)
{
unsigned short scode;
char memmod_str[64], *p;
if (udbl & bit) {
scode = ecc_syndrome_table[udbl & 0xff];
if (sprintf_dimm(scode, afar, memmod_str, sizeof(memmod_str)) < 0)
p = syndrome_unknown;
Reported by FlawFinder.
Line: 934
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Now patch trap tables. */
memcpy(tl0_fecc, cheetah_fecc_trap_vector, (8 * 4));
memcpy(tl1_fecc, cheetah_fecc_trap_vector_tl1, (8 * 4));
memcpy(tl0_cee, cheetah_cee_trap_vector, (8 * 4));
memcpy(tl1_cee, cheetah_cee_trap_vector_tl1, (8 * 4));
memcpy(tl0_iae, cheetah_deferred_trap_vector, (8 * 4));
memcpy(tl1_iae, cheetah_deferred_trap_vector_tl1, (8 * 4));
Reported by FlawFinder.
Line: 935
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Now patch trap tables. */
memcpy(tl0_fecc, cheetah_fecc_trap_vector, (8 * 4));
memcpy(tl1_fecc, cheetah_fecc_trap_vector_tl1, (8 * 4));
memcpy(tl0_cee, cheetah_cee_trap_vector, (8 * 4));
memcpy(tl1_cee, cheetah_cee_trap_vector_tl1, (8 * 4));
memcpy(tl0_iae, cheetah_deferred_trap_vector, (8 * 4));
memcpy(tl1_iae, cheetah_deferred_trap_vector_tl1, (8 * 4));
memcpy(tl0_dae, cheetah_deferred_trap_vector, (8 * 4));
Reported by FlawFinder.
Line: 936
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Now patch trap tables. */
memcpy(tl0_fecc, cheetah_fecc_trap_vector, (8 * 4));
memcpy(tl1_fecc, cheetah_fecc_trap_vector_tl1, (8 * 4));
memcpy(tl0_cee, cheetah_cee_trap_vector, (8 * 4));
memcpy(tl1_cee, cheetah_cee_trap_vector_tl1, (8 * 4));
memcpy(tl0_iae, cheetah_deferred_trap_vector, (8 * 4));
memcpy(tl1_iae, cheetah_deferred_trap_vector_tl1, (8 * 4));
memcpy(tl0_dae, cheetah_deferred_trap_vector, (8 * 4));
memcpy(tl1_dae, cheetah_deferred_trap_vector_tl1, (8 * 4));
Reported by FlawFinder.
Line: 937
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(tl0_fecc, cheetah_fecc_trap_vector, (8 * 4));
memcpy(tl1_fecc, cheetah_fecc_trap_vector_tl1, (8 * 4));
memcpy(tl0_cee, cheetah_cee_trap_vector, (8 * 4));
memcpy(tl1_cee, cheetah_cee_trap_vector_tl1, (8 * 4));
memcpy(tl0_iae, cheetah_deferred_trap_vector, (8 * 4));
memcpy(tl1_iae, cheetah_deferred_trap_vector_tl1, (8 * 4));
memcpy(tl0_dae, cheetah_deferred_trap_vector, (8 * 4));
memcpy(tl1_dae, cheetah_deferred_trap_vector_tl1, (8 * 4));
if (tlb_type == cheetah_plus) {
Reported by FlawFinder.
drivers/s390/net/qeth_l3_sys.c
22 issues
Line: 35
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
switch (route->type) {
case PRIMARY_ROUTER:
return sprintf(buf, "%s\n", "primary router");
case SECONDARY_ROUTER:
return sprintf(buf, "%s\n", "secondary router");
case MULTICAST_ROUTER:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "multicast router+");
Reported by FlawFinder.
Line: 37
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case PRIMARY_ROUTER:
return sprintf(buf, "%s\n", "primary router");
case SECONDARY_ROUTER:
return sprintf(buf, "%s\n", "secondary router");
case MULTICAST_ROUTER:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "multicast router+");
else
return sprintf(buf, "%s\n", "multicast router");
Reported by FlawFinder.
Line: 40
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "%s\n", "secondary router");
case MULTICAST_ROUTER:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "multicast router+");
else
return sprintf(buf, "%s\n", "multicast router");
case PRIMARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "primary connector+");
Reported by FlawFinder.
Line: 42
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "multicast router+");
else
return sprintf(buf, "%s\n", "multicast router");
case PRIMARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "primary connector+");
else
return sprintf(buf, "%s\n", "primary connector");
Reported by FlawFinder.
Line: 45
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "%s\n", "multicast router");
case PRIMARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "primary connector+");
else
return sprintf(buf, "%s\n", "primary connector");
case SECONDARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "secondary connector+");
Reported by FlawFinder.
Line: 47
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "primary connector+");
else
return sprintf(buf, "%s\n", "primary connector");
case SECONDARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "secondary connector+");
else
return sprintf(buf, "%s\n", "secondary connector");
Reported by FlawFinder.
Line: 50
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "%s\n", "primary connector");
case SECONDARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "secondary connector+");
else
return sprintf(buf, "%s\n", "secondary connector");
default:
return sprintf(buf, "%s\n", "no");
}
Reported by FlawFinder.
Line: 52
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "secondary connector+");
else
return sprintf(buf, "%s\n", "secondary connector");
default:
return sprintf(buf, "%s\n", "no");
}
}
Reported by FlawFinder.
Line: 54
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
return sprintf(buf, "%s\n", "secondary connector");
default:
return sprintf(buf, "%s\n", "no");
}
}
static ssize_t qeth_l3_dev_route4_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 203
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
memcpy(tmp_hsuid, card->options.hsuid, sizeof(tmp_hsuid));
EBCASC(tmp_hsuid, 8);
return sprintf(buf, "%s\n", tmp_hsuid);
}
static ssize_t qeth_l3_dev_hsuid_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
tools/lib/bpf/linker.c
22 issues
Line: 1493
CWE codes:
476
{
const char *reason;
if (main_def->map_type != extra_def->map_type) {
reason = "type";
goto mismatch;
}
/* check key type/size match */
Reported by Cppcheck.
Line: 1493
CWE codes:
476
{
const char *reason;
if (main_def->map_type != extra_def->map_type) {
reason = "type";
goto mismatch;
}
/* check key type/size match */
Reported by Cppcheck.
Line: 1493
CWE codes:
476
{
const char *reason;
if (main_def->map_type != extra_def->map_type) {
reason = "type";
goto mismatch;
}
/* check key type/size match */
Reported by Cppcheck.
Line: 305
Column: 15
CWE codes:
362
if (!linker->filename)
return -ENOMEM;
linker->fd = open(file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (linker->fd < 0) {
err = -errno;
pr_warn("failed to create '%s': %d\n", file, err);
return err;
}
Reported by FlawFinder.
Line: 560
Column: 12
CWE codes:
362
obj->filename = filename;
obj->fd = open(filename, O_RDONLY);
if (obj->fd < 0) {
err = -errno;
pr_warn("failed to open file '%s': %d\n", filename, err);
return err;
}
Reported by FlawFinder.
Line: 1130
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* pad dst section, if it's alignment forced size increase */
memset(dst->raw_data + dst->sec_sz, 0, dst_align_sz - dst->sec_sz);
/* now copy src data at a properly aligned offset */
memcpy(dst->raw_data + dst_align_sz, src->data->d_buf, src->shdr->sh_size);
}
dst->sec_sz = dst_final_sz;
dst->shdr->sh_size = dst_final_sz;
dst->data->d_size = dst_final_sz;
Reported by FlawFinder.
Line: 1555
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (main_def->parts & MAP_DEF_INNER_MAP) {
char inner_map_name[128];
snprintf(inner_map_name, sizeof(inner_map_name), "%s.inner", sym_name);
return map_defs_match(inner_map_name,
main_btf, main_inner_def, NULL,
Reported by FlawFinder.
Line: 2414
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ext_data->recs = tmp;
tmp += ext_data->rec_cnt * ext_data->rec_sz;
memcpy(tmp, src_rec, ext_data->rec_sz);
ext_data->rec_cnt++;
return tmp;
}
Reported by FlawFinder.
Line: 2738
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cur += sizeof(struct btf_ext_info_sec);
sz = sec_data->rec_cnt * sec_data->rec_sz;
memcpy(cur, sec_data->recs, sz);
cur += sz;
return cur - output;
}
Reported by FlawFinder.
Line: 1495
Column: 8
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
if (main_def->map_type != extra_def->map_type) {
reason = "type";
goto mismatch;
}
/* check key type/size match */
if (main_def->key_size != extra_def->key_size) {
reason = "key_size";
Reported by FlawFinder.
drivers/s390/block/dasd_fba.c
22 issues
Line: 673
Column: 8
CWE codes:
134
Suggestion:
Make format string constant
"No memory to dump sense data");
return;
}
len = sprintf(page, PRINTK_HEADER
" I/O status report for device %s:\n",
dev_name(&device->cdev->dev));
len += sprintf(page + len, PRINTK_HEADER
" in req: %p CS: 0x%02X DS: 0x%02X\n", req,
irb->scsw.cmd.cstat, irb->scsw.cmd.dstat);
Reported by FlawFinder.
Line: 676
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
len = sprintf(page, PRINTK_HEADER
" I/O status report for device %s:\n",
dev_name(&device->cdev->dev));
len += sprintf(page + len, PRINTK_HEADER
" in req: %p CS: 0x%02X DS: 0x%02X\n", req,
irb->scsw.cmd.cstat, irb->scsw.cmd.dstat);
len += sprintf(page + len, PRINTK_HEADER
" device %s: Failing CCW: %p\n",
dev_name(&device->cdev->dev),
Reported by FlawFinder.
Line: 679
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
len += sprintf(page + len, PRINTK_HEADER
" in req: %p CS: 0x%02X DS: 0x%02X\n", req,
irb->scsw.cmd.cstat, irb->scsw.cmd.dstat);
len += sprintf(page + len, PRINTK_HEADER
" device %s: Failing CCW: %p\n",
dev_name(&device->cdev->dev),
(void *) (addr_t) irb->scsw.cmd.cpa);
if (irb->esw.esw0.erw.cons) {
for (sl = 0; sl < 4; sl++) {
Reported by FlawFinder.
Line: 685
Column: 11
CWE codes:
134
Suggestion:
Make format string constant
(void *) (addr_t) irb->scsw.cmd.cpa);
if (irb->esw.esw0.erw.cons) {
for (sl = 0; sl < 4; sl++) {
len += sprintf(page + len, PRINTK_HEADER
" Sense(hex) %2d-%2d:",
(8 * sl), ((8 * sl) + 7));
for (sct = 0; sct < 8; sct++) {
len += sprintf(page + len, " %02x",
Reported by FlawFinder.
Line: 696
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
len += sprintf(page + len, "\n");
}
} else {
len += sprintf(page + len, PRINTK_HEADER
" SORRY - NO VALID SENSE AVAILABLE\n");
}
printk(KERN_ERR "%s", page);
/* dump the Channel Program */
Reported by FlawFinder.
Line: 706
Column: 8
CWE codes:
134
Suggestion:
Make format string constant
act = req->cpaddr;
for (last = act; last->flags & (CCW_FLAG_CC | CCW_FLAG_DC); last++);
end = min(act + 8, last);
len = sprintf(page, PRINTK_HEADER " Related CP in req: %p\n", req);
while (act <= end) {
len += sprintf(page + len, PRINTK_HEADER
" CCW %p: %08X %08X DAT:",
act, ((int *) act)[0], ((int *) act)[1]);
for (count = 0; count < 32 && count < act->count;
Reported by FlawFinder.
Line: 708
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
end = min(act + 8, last);
len = sprintf(page, PRINTK_HEADER " Related CP in req: %p\n", req);
while (act <= end) {
len += sprintf(page + len, PRINTK_HEADER
" CCW %p: %08X %08X DAT:",
act, ((int *) act)[0], ((int *) act)[1]);
for (count = 0; count < 32 && count < act->count;
count += sizeof(int))
len += sprintf(page + len, " %08X",
Reported by FlawFinder.
Line: 726
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
len = 0;
if (act < ((struct ccw1 *)(addr_t) irb->scsw.cmd.cpa) - 2) {
act = ((struct ccw1 *)(addr_t) irb->scsw.cmd.cpa) - 2;
len += sprintf(page + len, PRINTK_HEADER "......\n");
}
end = min((struct ccw1 *)(addr_t) irb->scsw.cmd.cpa + 2, last);
while (act <= end) {
len += sprintf(page + len, PRINTK_HEADER
" CCW %p: %08X %08X DAT:",
Reported by FlawFinder.
Line: 730
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
}
end = min((struct ccw1 *)(addr_t) irb->scsw.cmd.cpa + 2, last);
while (act <= end) {
len += sprintf(page + len, PRINTK_HEADER
" CCW %p: %08X %08X DAT:",
act, ((int *) act)[0], ((int *) act)[1]);
for (count = 0; count < 32 && count < act->count;
count += sizeof(int))
len += sprintf(page + len, " %08X",
Reported by FlawFinder.
Line: 745
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
/* print last CCWs */
if (act < last - 2) {
act = last - 2;
len += sprintf(page + len, PRINTK_HEADER "......\n");
}
while (act <= last) {
len += sprintf(page + len, PRINTK_HEADER
" CCW %p: %08X %08X DAT:",
act, ((int *) act)[0], ((int *) act)[1]);
Reported by FlawFinder.
drivers/s390/block/dasd_devmap.c
22 issues
Line: 734
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
ff_flag = (devmap->features & DASD_FEATURE_FAILFAST) != 0;
else
ff_flag = (DASD_FEATURE_DEFAULT & DASD_FEATURE_FAILFAST) != 0;
return snprintf(buf, PAGE_SIZE, ff_flag ? "1\n" : "0\n");
}
static ssize_t dasd_ff_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 776
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
spin_unlock(&dasd_devmap_lock);
out:
return snprintf(buf, PAGE_SIZE, ro_flag ? "1\n" : "0\n");
}
static ssize_t
dasd_ro_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 837
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
erplog = (devmap->features & DASD_FEATURE_ERPLOG) != 0;
else
erplog = (DASD_FEATURE_DEFAULT & DASD_FEATURE_ERPLOG) != 0;
return snprintf(buf, PAGE_SIZE, erplog ? "1\n" : "0\n");
}
static ssize_t
dasd_erplog_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 872
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
use_diag = (devmap->features & DASD_FEATURE_USEDIAG) != 0;
else
use_diag = (DASD_FEATURE_DEFAULT & DASD_FEATURE_USEDIAG) != 0;
return sprintf(buf, use_diag ? "1\n" : "0\n");
}
static ssize_t
dasd_use_diag_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 921
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
use_raw = (devmap->features & DASD_FEATURE_USERAW) != 0;
else
use_raw = (DASD_FEATURE_DEFAULT & DASD_FEATURE_USERAW) != 0;
return sprintf(buf, use_raw ? "1\n" : "0\n");
}
static ssize_t
dasd_use_raw_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 1204
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
eer_flag = dasd_eer_enabled(devmap->device);
else
eer_flag = 0;
return snprintf(buf, PAGE_SIZE, eer_flag ? "1\n" : "0\n");
}
static ssize_t
dasd_eer_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 1581
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
else
flag = (DASD_FEATURE_DEFAULT &
DASD_FEATURE_PATH_AUTODISABLE) != 0;
return snprintf(buf, PAGE_SIZE, flag ? "1\n" : "0\n");
}
static ssize_t
dasd_path_autodisable_store(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 49
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct dasd_devmap {
struct list_head list;
char bus_id[DASD_BUS_ID_SIZE];
unsigned int devindex;
unsigned short features;
struct dasd_device *device;
};
Reported by FlawFinder.
Line: 81
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* it is named 'dasd' to directly be filled by insmod with the comma separated
* strings when running as a module.
*/
static char *dasd[DASD_MAX_PARAMS];
module_param_array(dasd, charp, NULL, S_IRUGO);
/*
* Single spinlock to protect devmap and servermap structures and lists.
*/
Reported by FlawFinder.
Line: 315
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int from, from_id0, from_id1;
int to, to_id0, to_id1;
int features;
char bus_id[DASD_BUS_ID_SIZE + 1];
char *features_str = NULL;
char *from_str = NULL;
char *to_str = NULL;
int rc = 0;
char *tmp;
Reported by FlawFinder.
drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
22 issues
Line: 676
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
reg = rvu_read64(rvu, block->addr, NIX_AF_AQ_STATUS);
head = (reg >> 4) & AQ_PTR_MASK;
memcpy((void *)(aq->inst->base + (head * aq->inst->entry_sz)),
(void *)inst, aq->inst->entry_sz);
memset(result, 0, sizeof(*result));
/* sync into memory */
wmb();
Reported by FlawFinder.
Line: 816
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (req->op) {
case NIX_AQ_INSTOP_WRITE:
if (req->ctype == NIX_AQ_CTYPE_RQ)
memcpy(mask, &req->rq_mask,
sizeof(struct nix_rq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_SQ)
memcpy(mask, &req->sq_mask,
sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
Reported by FlawFinder.
Line: 819
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(mask, &req->rq_mask,
sizeof(struct nix_rq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_SQ)
memcpy(mask, &req->sq_mask,
sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
memcpy(mask, &req->cq_mask,
sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
Reported by FlawFinder.
Line: 822
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(mask, &req->sq_mask,
sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
memcpy(mask, &req->cq_mask,
sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
memcpy(mask, &req->rss_mask,
sizeof(struct nix_rsse_s));
else if (req->ctype == NIX_AQ_CTYPE_MCE)
Reported by FlawFinder.
Line: 825
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(mask, &req->cq_mask,
sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
memcpy(mask, &req->rss_mask,
sizeof(struct nix_rsse_s));
else if (req->ctype == NIX_AQ_CTYPE_MCE)
memcpy(mask, &req->mce_mask,
sizeof(struct nix_rx_mce_s));
else if (req->ctype == NIX_AQ_CTYPE_BANDPROF)
Reported by FlawFinder.
Line: 828
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(mask, &req->rss_mask,
sizeof(struct nix_rsse_s));
else if (req->ctype == NIX_AQ_CTYPE_MCE)
memcpy(mask, &req->mce_mask,
sizeof(struct nix_rx_mce_s));
else if (req->ctype == NIX_AQ_CTYPE_BANDPROF)
memcpy(mask, &req->prof_mask,
sizeof(struct nix_bandprof_s));
fallthrough;
Reported by FlawFinder.
Line: 831
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(mask, &req->mce_mask,
sizeof(struct nix_rx_mce_s));
else if (req->ctype == NIX_AQ_CTYPE_BANDPROF)
memcpy(mask, &req->prof_mask,
sizeof(struct nix_bandprof_s));
fallthrough;
case NIX_AQ_INSTOP_INIT:
if (req->ctype == NIX_AQ_CTYPE_RQ)
memcpy(ctx, &req->rq, sizeof(struct nix_rq_ctx_s));
Reported by FlawFinder.
Line: 836
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fallthrough;
case NIX_AQ_INSTOP_INIT:
if (req->ctype == NIX_AQ_CTYPE_RQ)
memcpy(ctx, &req->rq, sizeof(struct nix_rq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_SQ)
memcpy(ctx, &req->sq, sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
memcpy(ctx, &req->cq, sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
Reported by FlawFinder.
Line: 838
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (req->ctype == NIX_AQ_CTYPE_RQ)
memcpy(ctx, &req->rq, sizeof(struct nix_rq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_SQ)
memcpy(ctx, &req->sq, sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
memcpy(ctx, &req->cq, sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
memcpy(ctx, &req->rss, sizeof(struct nix_rsse_s));
else if (req->ctype == NIX_AQ_CTYPE_MCE)
Reported by FlawFinder.
Line: 840
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else if (req->ctype == NIX_AQ_CTYPE_SQ)
memcpy(ctx, &req->sq, sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
memcpy(ctx, &req->cq, sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
memcpy(ctx, &req->rss, sizeof(struct nix_rsse_s));
else if (req->ctype == NIX_AQ_CTYPE_MCE)
memcpy(ctx, &req->mce, sizeof(struct nix_rx_mce_s));
else if (req->ctype == NIX_AQ_CTYPE_BANDPROF)
Reported by FlawFinder.
fs/ceph/mds_client.c
22 issues
Line: 1003
Column: 10
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
*/
static int __choose_mds(struct ceph_mds_client *mdsc,
struct ceph_mds_request *req,
bool *random)
{
struct inode *inode;
struct ceph_inode_info *ci;
struct ceph_cap *cap;
int mode = req->r_direct_mode;
Reported by FlawFinder.
Line: 1013
Column: 6
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
u32 hash = req->r_direct_hash;
bool is_hash = test_bit(CEPH_MDS_R_DIRECT_IS_HASH, &req->r_req_flags);
if (random)
*random = false;
/*
* is there a specific mds we should try? ignore hint if we have
* no session and the mds is not up (active or recovering).
Reported by FlawFinder.
Line: 1029
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
if (mode == USE_RANDOM_MDS)
goto random;
inode = NULL;
if (req->r_inode) {
if (ceph_snap(req->r_inode) != CEPH_SNAPDIR) {
inode = req->r_inode;
Reported by FlawFinder.
Line: 1080
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
dout("%s %p is_hash=%d (0x%x) mode %d\n", __func__, inode, (int)is_hash,
hash, mode);
if (!inode)
goto random;
ci = ceph_inode(inode);
if (is_hash && S_ISDIR(inode->i_mode)) {
struct ceph_inode_frag frag;
int found;
Reported by FlawFinder.
Line: 1134
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
if (!cap) {
spin_unlock(&ci->i_ceph_lock);
iput(inode);
goto random;
}
mds = cap->session->s_mds;
dout("%s %p %llx.%llx mds%d (%scap %p)\n", __func__,
inode, ceph_vinop(inode), mds,
cap == ci->i_auth_cap ? "auth " : "", cap);
Reported by FlawFinder.
Line: 1145
Column: 1
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
iput(inode);
return mds;
random:
if (random)
*random = true;
mds = ceph_mdsmap_get_random_mds(mdsc->mdsmap);
dout("%s chose random mds%d\n", __func__, mds);
Reported by FlawFinder.
Line: 1146
Column: 6
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
return mds;
random:
if (random)
*random = true;
mds = ceph_mdsmap_get_random_mds(mdsc->mdsmap);
dout("%s chose random mds%d\n", __func__, mds);
return mds;
Reported by FlawFinder.
Line: 2800
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
struct ceph_mds_session *session = NULL;
int mds = -1;
int err = 0;
bool random;
if (req->r_err || test_bit(CEPH_MDS_R_GOT_RESULT, &req->r_req_flags)) {
if (test_bit(CEPH_MDS_R_ABORTED, &req->r_req_flags))
__unregister_request(mdsc, req);
return;
Reported by FlawFinder.
Line: 2840
Column: 33
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
put_request_session(req);
mds = __choose_mds(mdsc, req, &random);
if (mds < 0 ||
ceph_mdsmap_get_state(mdsc->mdsmap, mds) < CEPH_MDS_STATE_ACTIVE) {
if (test_bit(CEPH_MDS_R_ASYNC, &req->r_req_flags)) {
err = -EJUKEBOX;
goto finish;
Reported by FlawFinder.
Line: 2896
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
if (err)
goto out_session;
/* retry the same mds later */
if (random)
req->r_resend_mds = mds;
}
list_add(&req->r_wait, &session->s_waiting);
goto out_session;
}
Reported by FlawFinder.
drivers/net/wireless/intersil/hostap/hostap_main.c
22 issues
Line: 74
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
hostap_setup_dev(dev, local, type);
dev->needs_free_netdev = true;
sprintf(dev->name, "%s%s", prefix, name);
if (!rtnl_locked)
rtnl_lock();
SET_NETDEV_DEV(dev, mdev->dev.parent);
ret = register_netdevice(dev);
Reported by FlawFinder.
Line: 334
Column: 24
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
enum { NONE, WEP, OTHER } encrypt_type;
idx = local->crypt_info.tx_keyidx;
if (local->crypt_info.crypt[idx] == NULL ||
local->crypt_info.crypt[idx]->ops == NULL)
encrypt_type = NONE;
else if (strcmp(local->crypt_info.crypt[idx]->ops->name, "WEP") == 0)
encrypt_type = WEP;
else
Reported by FlawFinder.
Line: 335
Column: 24
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
idx = local->crypt_info.tx_keyidx;
if (local->crypt_info.crypt[idx] == NULL ||
local->crypt_info.crypt[idx]->ops == NULL)
encrypt_type = NONE;
else if (strcmp(local->crypt_info.crypt[idx]->ops->name, "WEP") == 0)
encrypt_type = WEP;
else
encrypt_type = OTHER;
Reported by FlawFinder.
Line: 337
Column: 36
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (local->crypt_info.crypt[idx] == NULL ||
local->crypt_info.crypt[idx]->ops == NULL)
encrypt_type = NONE;
else if (strcmp(local->crypt_info.crypt[idx]->ops->name, "WEP") == 0)
encrypt_type = WEP;
else
encrypt_type = OTHER;
if (local->func->get_rid(local->dev, HFA384X_RID_CNFWEPFLAGS, &val, 2,
Reported by FlawFinder.
Line: 385
Column: 26
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
/* 104-bit support seems to require that all the keys are set to the
* same keylen */
keylen = 6; /* first 5 octets */
len = local->crypt_info.crypt[idx]->ops->get_key(keybuf, sizeof(keybuf), NULL,
local->crypt_info.crypt[idx]->priv);
if (idx >= 0 && idx < WEP_KEYS && len > 5)
keylen = WEP_KEY_LEN + 1; /* first 13 octets */
for (i = 0; i < WEP_KEYS; i++) {
Reported by FlawFinder.
Line: 386
Column: 29
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
* same keylen */
keylen = 6; /* first 5 octets */
len = local->crypt_info.crypt[idx]->ops->get_key(keybuf, sizeof(keybuf), NULL,
local->crypt_info.crypt[idx]->priv);
if (idx >= 0 && idx < WEP_KEYS && len > 5)
keylen = WEP_KEY_LEN + 1; /* first 13 octets */
for (i = 0; i < WEP_KEYS; i++) {
memset(keybuf, 0, sizeof(keybuf));
Reported by FlawFinder.
Line: 392
Column: 25
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
for (i = 0; i < WEP_KEYS; i++) {
memset(keybuf, 0, sizeof(keybuf));
if (local->crypt_info.crypt[i]) {
(void) local->crypt_info.crypt[i]->ops->get_key(
keybuf, sizeof(keybuf),
NULL, local->crypt_info.crypt[i]->priv);
}
if (local->func->set_rid(local->dev,
Reported by FlawFinder.
Line: 393
Column: 29
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
for (i = 0; i < WEP_KEYS; i++) {
memset(keybuf, 0, sizeof(keybuf));
if (local->crypt_info.crypt[i]) {
(void) local->crypt_info.crypt[i]->ops->get_key(
keybuf, sizeof(keybuf),
NULL, local->crypt_info.crypt[i]->priv);
}
if (local->func->set_rid(local->dev,
HFA384X_RID_CNFDEFAULTKEY0 + i,
Reported by FlawFinder.
Line: 395
Column: 29
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (local->crypt_info.crypt[i]) {
(void) local->crypt_info.crypt[i]->ops->get_key(
keybuf, sizeof(keybuf),
NULL, local->crypt_info.crypt[i]->priv);
}
if (local->func->set_rid(local->dev,
HFA384X_RID_CNFDEFAULTKEY0 + i,
keybuf, keylen)) {
printk(KERN_DEBUG "Could not set key %d (len=%d)\n",
Reported by FlawFinder.
Line: 161
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (!match && empty && !prism2_wds_special_addr(remote_addr)) {
/* take pre-allocated entry into use */
memcpy(empty->u.wds.remote_addr, remote_addr, ETH_ALEN);
read_unlock_bh(&local->iface_lock);
printk(KERN_DEBUG "%s: using pre-allocated WDS netdevice %s\n",
local->dev->name, empty->dev->name);
return 0;
}
Reported by FlawFinder.