The following issues were found
drivers/net/dsa/hirschmann/hellcreek.c
3 issues
Line: 754
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct hellcreek_fdb_entry *entry,
size_t idx)
{
unsigned char addr[ETH_ALEN];
u16 meta, mac;
/* Read values */
meta = hellcreek_read(hellcreek, HR_FDBMDRD);
mac = hellcreek_read(hellcreek, HR_FDBRDL);
Reported by FlawFinder.
Line: 770
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
addr[0] = (mac & 0xff00) >> 8;
/* Populate @entry */
memcpy(entry->mac, addr, sizeof(addr));
entry->idx = idx;
entry->portmask = (meta & HR_FDBMDRD_PORTMASK_MASK) >>
HR_FDBMDRD_PORTMASK_SHIFT;
entry->age = (meta & HR_FDBMDRD_AGE_MASK) >>
HR_FDBMDRD_AGE_SHIFT;
Reported by FlawFinder.
Line: 817
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
/* Match found */
memcpy(entry, &tmp, sizeof(*entry));
return 0;
}
return -ENOENT;
Reported by FlawFinder.
drivers/net/dsa/microchip/ksz_common.c
3 issues
Line: 170
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!netif_carrier_ok(dp->slave))
mib->cnt_ptr = dev->reg_mib_cnt;
port_r_cnt(dev, port);
memcpy(buf, mib->counters, dev->mib_cnt * sizeof(u64));
mutex_unlock(&mib->cnt_mutex);
}
EXPORT_SYMBOL_GPL(ksz_get_ethtool_stats);
int ksz_port_bridge_join(struct dsa_switch *ds, int port,
Reported by FlawFinder.
Line: 276
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (index == dev->num_statics) {
index = empty - 1;
memset(&alu, 0, sizeof(alu));
memcpy(alu.mac, mdb->addr, ETH_ALEN);
alu.is_static = true;
}
alu.port_forward |= BIT(port);
if (mdb->vid) {
alu.is_use_fid = true;
Reported by FlawFinder.
Line: 86
Column: 11
CWE codes:
120
20
/* Only read MIB counters when the port is told to do.
* If not, read only dropped counters when link is not up.
*/
if (!p->read) {
const struct dsa_port *dp = dsa_to_port(dev->ds, i);
if (!netif_carrier_ok(dp->slave))
mib->cnt_ptr = dev->reg_mib_cnt;
}
Reported by FlawFinder.
drivers/net/dsa/mv88e6xxx/chip.c
3 issues
Line: 925
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0, j = 0; i < ARRAY_SIZE(mv88e6xxx_hw_stats); i++) {
stat = &mv88e6xxx_hw_stats[i];
if (stat->type & types) {
memcpy(data + j * ETH_GSTRING_LEN, stat->string,
ETH_GSTRING_LEN);
j++;
}
}
Reported by FlawFinder.
Line: 1868
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return err;
}
memcpy(&policy->fs, fs, sizeof(*fs));
ether_addr_copy(policy->addr, addr);
policy->mapping = mapping;
policy->action = action;
policy->port = port;
policy->vid = vid;
Reported by FlawFinder.
Line: 1910
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err = -ENOENT;
policy = idr_find(&chip->policies, fs->location);
if (policy) {
memcpy(fs, &policy->fs, sizeof(*fs));
err = 0;
}
break;
case ETHTOOL_GRXCLSRLALL:
rxnfc->data = 0;
Reported by FlawFinder.
drivers/net/ethernet/8390/apne.c
3 issues
Line: 129
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ei_device *ei_local;
#ifndef MANUAL_CONFIG
char tuple[8];
#endif
int err;
if (!MACH_IS_AMIGA)
return ERR_PTR(-ENODEV);
Reported by FlawFinder.
Line: 154
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!dev)
return ERR_PTR(-ENOMEM);
if (unit >= 0) {
sprintf(dev->name, "eth%d", unit);
netdev_boot_setup_check(dev);
}
ei_local = netdev_priv(dev);
ei_local->msg_enable = apne_msg_enable;
Reported by FlawFinder.
Line: 207
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int __init apne_probe1(struct net_device *dev, int ioaddr)
{
int i;
unsigned char SA_prom[32];
int wordlength = 2;
const char *name = NULL;
int start_page, stop_page;
#ifndef MANUAL_HWADDR0
int neX000, ctron;
Reported by FlawFinder.
drivers/net/ethernet/altera/altera_tse_ethtool.c
3 issues
Line: 69
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
struct altera_tse_private *priv = netdev_priv(dev);
u32 rev = ioread32(&priv->mac_dev->megacore_revision);
strcpy(info->driver, "altera_tse");
snprintf(info->fw_version, ETHTOOL_FWVERS_LEN, "v%d.%d",
rev & 0xFFFF, (rev & 0xFFFF0000) >> 16);
sprintf(info->bus_info, "platform");
}
Reported by FlawFinder.
Line: 72
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(info->driver, "altera_tse");
snprintf(info->fw_version, ETHTOOL_FWVERS_LEN, "v%d.%d",
rev & 0xFFFF, (rev & 0xFFFF0000) >> 16);
sprintf(info->bus_info, "platform");
}
/* Fill in a buffer with the strings which correspond to the
* stats
*/
Reported by FlawFinder.
Line: 80
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
static void tse_gstrings(struct net_device *dev, u32 stringset, u8 *buf)
{
memcpy(buf, stat_gstrings, TSE_STATS_LEN * ETH_GSTRING_LEN);
}
static void tse_fill_stats(struct net_device *dev, struct ethtool_stats *dummy,
u64 *buf)
{
Reported by FlawFinder.
drivers/net/ethernet/amd/7990.h
3 issues
Line: 75
Column: 20
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct lance_init_block {
volatile unsigned short mode; /* Pre-set mode (reg. 15) */
volatile unsigned char phys_addr[6]; /* Physical ethernet address */
volatile unsigned filter[2]; /* Multicast filter (64 bits) */
/* Receive and transmit ring base, along with extra bits. */
volatile unsigned short rx_ptr; /* receive descriptor addr */
volatile unsigned short rx_len; /* receive len and high addr */
Reported by FlawFinder.
Line: 90
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
volatile struct lance_tx_desc btx_ring[TX_RING_SIZE];
volatile struct lance_rx_desc brx_ring[RX_RING_SIZE];
volatile char tx_buf[TX_RING_SIZE][TX_BUFF_SIZE];
volatile char rx_buf[RX_RING_SIZE][RX_BUFF_SIZE];
/* we use this just to make the struct big enough that we can move its startaddr
* in order to force alignment to an eight byte boundary.
*/
};
Reported by FlawFinder.
Line: 91
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
volatile struct lance_rx_desc brx_ring[RX_RING_SIZE];
volatile char tx_buf[TX_RING_SIZE][TX_BUFF_SIZE];
volatile char rx_buf[RX_RING_SIZE][RX_BUFF_SIZE];
/* we use this just to make the struct big enough that we can move its startaddr
* in order to force alignment to an eight byte boundary.
*/
};
Reported by FlawFinder.
drivers/net/ethernet/amd/xgbe/xgbe-debugfs.c
3 issues
Line: 151
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static ssize_t xgbe_common_write(const char __user *buffer, size_t count,
loff_t *ppos, unsigned int *value)
{
char workarea[32];
ssize_t len;
int ret;
if (*ppos != 0)
return -EINVAL;
Reported by FlawFinder.
Line: 137
Column: 14
CWE codes:
126
if (!buf)
return -ENOMEM;
if (count < strlen(buf)) {
kfree(buf);
return -ENOSPC;
}
len = simple_read_from_buffer(buffer, count, ppos, buf, strlen(buf));
Reported by FlawFinder.
Line: 142
Column: 58
CWE codes:
126
return -ENOSPC;
}
len = simple_read_from_buffer(buffer, count, ppos, buf, strlen(buf));
kfree(buf);
return len;
}
Reported by FlawFinder.
drivers/net/ethernet/amd/xgbe/xgbe-drv.c
3 issues
Line: 1631
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pdata->hw_if.config_tstamp(pdata, mac_tscr);
memcpy(&pdata->tstamp_config, &config, sizeof(config));
return 0;
}
static void xgbe_prep_tx_tstamp(struct xgbe_prv_data *pdata,
Reported by FlawFinder.
Line: 2019
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(saddr->sa_data))
return -EADDRNOTAVAIL;
memcpy(netdev->dev_addr, saddr->sa_data, netdev->addr_len);
hw_if->set_mac_address(pdata, netdev->dev_addr);
DBGPR("<--xgbe_set_mac_address\n");
Reported by FlawFinder.
Line: 2770
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void xgbe_print_pkt(struct net_device *netdev, struct sk_buff *skb, bool tx_rx)
{
struct ethhdr *eth = (struct ethhdr *)skb->data;
unsigned char buffer[128];
unsigned int i;
netdev_dbg(netdev, "\n************** SKB dump ****************\n");
netdev_dbg(netdev, "%s packet of %d bytes\n",
Reported by FlawFinder.
drivers/net/ethernet/atheros/alx/hw.c
3 issues
Line: 261
Column: 6
CWE codes:
120
20
static bool alx_wait_reg(struct alx_hw *hw, u32 reg, u32 wait, u32 *val)
{
u32 read;
int i;
for (i = 0; i < ALX_SLD_MAX_TO; i++) {
read = alx_read_mem32(hw, reg);
if ((read & wait) == 0) {
Reported by FlawFinder.
drivers/net/ethernet/broadcom/bnx2x/bnx2x_stats.c
3 issues
Line: 165
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Update MCP's statistics if possible */
if (bp->func_stx)
memcpy(bnx2x_sp(bp, func_stats), &bp->func_stats,
sizeof(bp->func_stats));
/* loader */
if (bp->executer_idx) {
int loader_idx = PMF_DMAE_C(bp);
Reported by FlawFinder.
Line: 850
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
etherstatspktsover1522octets);
}
memcpy(old, new, sizeof(struct nig_stats));
memcpy(&(estats->rx_stat_ifhcinbadoctets_hi), &(pstats->mac_stx[1]),
sizeof(struct mac_stx));
estats->brb_drop_hi = pstats->brb_drop_hi;
estats->brb_drop_lo = pstats->brb_drop_lo;
Reported by FlawFinder.
Line: 852
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(old, new, sizeof(struct nig_stats));
memcpy(&(estats->rx_stat_ifhcinbadoctets_hi), &(pstats->mac_stx[1]),
sizeof(struct mac_stx));
estats->brb_drop_hi = pstats->brb_drop_hi;
estats->brb_drop_lo = pstats->brb_drop_lo;
pstats->host_port_stats_counter++;
Reported by FlawFinder.