The following issues were found
drivers/net/arcnet/arcdevice.h
3 issues
Line: 261
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
spinlock_t lock;
struct led_trigger *tx_led_trig;
char tx_led_trig_name[ARCNET_LED_NAME_SZ];
struct led_trigger *recon_led_trig;
char recon_led_trig_name[ARCNET_LED_NAME_SZ];
struct timer_list timer;
Reported by FlawFinder.
Line: 263
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct led_trigger *tx_led_trig;
char tx_led_trig_name[ARCNET_LED_NAME_SZ];
struct led_trigger *recon_led_trig;
char recon_led_trig_name[ARCNET_LED_NAME_SZ];
struct timer_list timer;
struct net_device *dev;
int reply_status;
Reported by FlawFinder.
Line: 322
Column: 10
CWE codes:
362
int (*status)(struct net_device *dev);
void (*intmask)(struct net_device *dev, int mask);
int (*reset)(struct net_device *dev, int really_reset);
void (*open)(struct net_device *dev);
void (*close)(struct net_device *dev);
void (*datatrigger) (struct net_device * dev, int enable);
void (*recontrigger) (struct net_device * dev, int enable);
void (*copy_to_card)(struct net_device *dev, int bufnum,
Reported by FlawFinder.
drivers/net/caif/caif_serial.c
3 issues
Line: 125
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
if (size > sizeof(ser->rx_data))
size = sizeof(ser->rx_data);
memcpy(ser->rx_data, data, size);
ser->rx_blob.data = ser->rx_data;
ser->rx_blob.size = size;
}
static inline void debugfs_tx(struct ser_device *ser, const u8 *data, int size)
Reported by FlawFinder.
Line: 134
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
if (size > sizeof(ser->tx_data))
size = sizeof(ser->tx_data);
memcpy(ser->tx_data, data, size);
ser->tx_blob.data = ser->tx_data;
ser->tx_blob.size = size;
}
#else
static inline void debugfs_init(struct ser_device *ser, struct tty_struct *tty)
Reported by FlawFinder.
Line: 323
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ser_device *ser;
struct net_device *dev;
char name[64];
int result;
/* No write no play */
if (tty->ops->write == NULL)
return -EOPNOTSUPP;
Reported by FlawFinder.
drivers/net/can/grcan.c
3 issues
Line: 755
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
skb_cf->can_id |= cf.can_id;
memcpy(skb_cf->data, cf.data, sizeof(cf.data));
netif_rx(skb);
}
}
Reported by FlawFinder.
Line: 1510
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{ \
struct net_device *dev = to_net_dev(sdev); \
struct grcan_priv *priv = netdev_priv(dev); \
return sprintf(buf, "%d\n", priv->config.name); \
} \
static DEVICE_ATTR(name, 0644, \
grcan_show_##name, \
grcan_store_##name); \
GRCAN_MODULE_PARAM(name, ushort, GRCAN_NOT_BOOL, desc)
Reported by FlawFinder.
Line: 1600
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev->sysfs_groups[0] = &sysfs_grcan_group;
priv = netdev_priv(dev);
memcpy(&priv->config, &grcan_module_config,
sizeof(struct grcan_device_config));
priv->dev = dev;
priv->regs = base;
priv->can.bittiming_const = &grcan_bittiming_const;
priv->can.do_set_bittiming = grcan_set_bittiming;
Reported by FlawFinder.
drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c
3 issues
Line: 198
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data = mcp251xfd_spi_cmd_write(priv, write_reg_buf, reg + first_byte);
val_le32 = cpu_to_le32(val >> BITS_PER_BYTE * first_byte);
memcpy(data, &val_le32, len);
if (priv->devtype_data.quirks & MCP251XFD_QUIRK_CRC_REG) {
u16 crc;
mcp251xfd_spi_cmd_crc_set_len_in_reg(&write_reg_buf->crc.cmd,
Reported by FlawFinder.
Line: 1501
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (!(hw_rx_obj->flags & MCP251XFD_OBJ_FLAGS_RTR))
memcpy(cfd->data, hw_rx_obj->data, cfd->len);
mcp251xfd_skb_set_timestamp(priv, skb, hw_rx_obj->ts);
}
static int
Reported by FlawFinder.
Line: 2385
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
put_unaligned_le32(flags, &hw_tx_obj->flags);
/* Copy data */
memcpy(hw_tx_obj->data, cfd->data, cfd->len);
/* Clear unused data at end of CAN frame */
if (MCP251XFD_SANITIZE_CAN && len_sanitized) {
int pad_len;
Reported by FlawFinder.
drivers/net/can/usb/esd_usb2.c
3 issues
Line: 485
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct usb_interface *intf = to_usb_interface(d);
struct esd_usb2 *dev = usb_get_intfdata(intf);
return sprintf(buf, "%d.%d.%d\n",
(dev->version >> 12) & 0xf,
(dev->version >> 8) & 0xf,
dev->version & 0xff);
}
static DEVICE_ATTR(firmware, 0444, show_firmware, NULL);
Reported by FlawFinder.
Line: 498
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct usb_interface *intf = to_usb_interface(d);
struct esd_usb2 *dev = usb_get_intfdata(intf);
return sprintf(buf, "%d.%d.%d\n",
(dev->version >> 28) & 0xf,
(dev->version >> 24) & 0xf,
(dev->version >> 16) & 0xff);
}
static DEVICE_ATTR(hardware, 0444, show_hardware, NULL);
Reported by FlawFinder.
Line: 511
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct usb_interface *intf = to_usb_interface(d);
struct esd_usb2 *dev = usb_get_intfdata(intf);
return sprintf(buf, "%d", dev->net_count);
}
static DEVICE_ATTR(nets, 0444, show_nets, NULL);
static int esd_usb2_send_msg(struct esd_usb2 *dev, struct esd_usb2_msg *msg)
{
Reported by FlawFinder.
drivers/net/can/usb/etas_es58x/es58x_core.c
3 issues
Line: 615
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = 0;
}
}
memcpy(cfd->data, data, len);
netdev->stats.rx_packets++;
netdev->stats.rx_bytes += len;
es58x_set_skb_timestamp(netdev, skb, timestamp);
netif_rx(skb);
Reported by FlawFinder.
Line: 1239
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
es58x_dev->param->rx_urb_cmd_max_len)
return -EMSGSIZE;
memcpy(&es58x_dev->rx_cmd_buf.raw_cmd[es58x_dev->rx_cmd_buf_len],
raw_cmd, raw_cmd_len);
es58x_dev->rx_cmd_buf_len += raw_cmd_len;
return 0;
}
Reported by FlawFinder.
Line: 1700
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
urb_cmd = urb->transfer_buffer;
es58x_dev->ops->fill_urb_header(urb_cmd, cmd_type, cmd_id,
channel_idx, msg_len);
memcpy(&urb_cmd->raw_cmd[es58x_dev->param->urb_cmd_header_len],
msg, msg_len);
urb->transfer_buffer_length = urb_cmd_len;
return es58x_submit_urb(es58x_dev, urb, netdev);
}
Reported by FlawFinder.
drivers/net/can/usb/gs_usb.c
3 issues
Line: 342
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cf->can_id = le32_to_cpu(hf->can_id);
can_frame_set_cc_len(cf, hf->can_dlc, dev->can.ctrlmode);
memcpy(cf->data, hf->data, 8);
/* ERROR frames tell us information about the controller */
if (le32_to_cpu(hf->can_id) & CAN_ERR_FLAG)
gs_update_state(dev, cf);
Reported by FlawFinder.
Line: 516
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hf->can_id = cpu_to_le32(cf->can_id);
hf->can_dlc = can_get_cc_dlc(cf, dev->can.ctrlmode);
memcpy(hf->data, cf->data, cf->len);
usb_fill_bulk_urb(urb, dev->udev,
usb_sndbulkpipe(dev->udev, GSUSB_ENDPOINT_OUT),
hf,
sizeof(*hf),
Reported by FlawFinder.
Line: 842
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
netdev->flags |= IFF_ECHO; /* we support full roundtrip echo */
/* dev setup */
strcpy(dev->bt_const.name, "gs_usb");
dev->bt_const.tseg1_min = le32_to_cpu(bt_const->tseg1_min);
dev->bt_const.tseg1_max = le32_to_cpu(bt_const->tseg1_max);
dev->bt_const.tseg2_min = le32_to_cpu(bt_const->tseg2_min);
dev->bt_const.tseg2_max = le32_to_cpu(bt_const->tseg2_max);
dev->bt_const.sjw_max = le32_to_cpu(bt_const->sjw_max);
Reported by FlawFinder.
drivers/net/can/usb/mcba_usb.c
3 issues
Line: 273
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto nomembuf;
}
memcpy(buf, usb_msg, MCBA_USB_TX_BUFF_SIZE);
usb_fill_bulk_urb(urb, priv->udev,
usb_sndbulkpipe(priv->udev, MCBA_USB_EP_OUT), buf,
MCBA_USB_TX_BUFF_SIZE, mcba_usb_write_bulk_callback,
ctx);
Reported by FlawFinder.
Line: 355
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
usb_msg.dlc = cf->len;
memcpy(usb_msg.data, cf->data, usb_msg.dlc);
if (cf->can_id & CAN_RTR_FLAG)
usb_msg.dlc |= MCBA_DLC_RTR_MASK;
can_put_echo_skb(skb, priv->netdev, ctx->ndx, 0);
Reported by FlawFinder.
Line: 458
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cf->len = can_cc_dlc2len(msg->dlc & MCBA_DLC_MASK);
memcpy(cf->data, msg->data, cf->len);
stats->rx_packets++;
stats->rx_bytes += cf->len;
can_led_event(priv->netdev, CAN_LED_EVENT_RX);
Reported by FlawFinder.
drivers/net/can/vxcan.c
3 issues
Line: 198
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
nla_strscpy(ifname, tbp[IFLA_IFNAME], IFNAMSIZ);
name_assign_type = NET_NAME_USER;
} else {
snprintf(ifname, IFNAMSIZ, DRV_NAME "%%d");
name_assign_type = NET_NAME_ENUM;
}
peer_net = rtnl_link_get_net(net, tbp);
if (IS_ERR(peer_net))
Reported by FlawFinder.
Line: 234
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (tb[IFLA_IFNAME])
nla_strscpy(dev->name, tb[IFLA_IFNAME], IFNAMSIZ);
else
snprintf(dev->name, IFNAMSIZ, DRV_NAME "%%d");
err = register_netdevice(dev);
if (err < 0)
goto unregister_network_device;
Reported by FlawFinder.
Line: 171
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct net *peer_net;
struct nlattr *peer_tb[IFLA_MAX + 1], **tbp = tb;
char ifname[IFNAMSIZ];
unsigned char name_assign_type;
struct ifinfomsg *ifmp = NULL;
int err;
/* register peer device */
Reported by FlawFinder.
drivers/net/dsa/bcm_sf2_cfp.c
3 issues
Line: 964
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
rule->port = port;
memcpy(&rule->fs, fs, sizeof(*fs));
list_add_tail(&rule->next, &priv->cfp.rules_list);
return ret;
}
Reported by FlawFinder.
Line: 1073
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!rule)
return -EINVAL;
memcpy(&nfc->fs, &rule->fs, sizeof(rule->fs));
bcm_sf2_invert_masks(&nfc->fs);
/* Put the TCAM size here */
nfc->data = bcm_sf2_cfp_rule_size(priv);
Reported by FlawFinder.
Line: 1287
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct bcm_sf2_priv *priv = bcm_sf2_to_priv(ds);
unsigned int s = ARRAY_SIZE(bcm_sf2_cfp_stats);
char buf[ETH_GSTRING_LEN];
unsigned int i, j, iter;
if (stringset != ETH_SS_STATS)
return;
Reported by FlawFinder.