The following issues were found
security/selinux/ss/policydb.c
22 issues
Line: 47
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define _DEBUG_HASHES
#ifdef DEBUG_HASHES
static const char *symtab_name[SYM_NUM] = {
"common prefixes",
"classes",
"roles",
"types",
"users",
Reported by FlawFinder.
Line: 2191
Column: 11
CWE codes:
126
genfs->fstype, c->u.name);
goto out;
}
len = strlen(newc->u.name);
len2 = strlen(c->u.name);
if (len > len2)
break;
}
Reported by FlawFinder.
Line: 2192
Column: 12
CWE codes:
126
goto out;
}
len = strlen(newc->u.name);
len2 = strlen(c->u.name);
if (len > len2)
break;
}
newc->next = c;
Reported by FlawFinder.
Line: 2431
Column: 13
CWE codes:
126
rc = -EINVAL;
len = le32_to_cpu(buf[1]);
if (len != strlen(POLICYDB_STRING)) {
pr_err("SELinux: policydb string length %d does not "
"match expected length %zu\n",
len, strlen(POLICYDB_STRING));
goto bad;
}
Reported by FlawFinder.
Line: 2434
Column: 15
CWE codes:
126
if (len != strlen(POLICYDB_STRING)) {
pr_err("SELinux: policydb string length %d does not "
"match expected length %zu\n",
len, strlen(POLICYDB_STRING));
goto bad;
}
rc = -ENOMEM;
policydb_str = kmalloc(len + 1, GFP_KERNEL);
Reported by FlawFinder.
Line: 2786
Column: 8
CWE codes:
126
size_t len;
int rc;
len = strlen(key);
buf[0] = cpu_to_le32(len);
buf[1] = cpu_to_le32(levdatum->isalias);
rc = put_entry(buf, sizeof(u32), 2, fp);
if (rc)
return rc;
Reported by FlawFinder.
Line: 2814
Column: 8
CWE codes:
126
size_t len;
int rc;
len = strlen(key);
buf[0] = cpu_to_le32(len);
buf[1] = cpu_to_le32(catdatum->value);
buf[2] = cpu_to_le32(catdatum->isalias);
rc = put_entry(buf, sizeof(u32), 3, fp);
if (rc)
Reported by FlawFinder.
Line: 2931
Column: 8
CWE codes:
126
size_t len;
int rc;
len = strlen(key);
buf[0] = cpu_to_le32(len);
buf[1] = cpu_to_le32(perdatum->value);
rc = put_entry(buf, sizeof(u32), 2, fp);
if (rc)
return rc;
Reported by FlawFinder.
Line: 2955
Column: 8
CWE codes:
126
size_t len;
int rc;
len = strlen(key);
buf[0] = cpu_to_le32(len);
buf[1] = cpu_to_le32(comdatum->value);
buf[2] = cpu_to_le32(comdatum->permissions.nprim);
buf[3] = cpu_to_le32(comdatum->permissions.table.nel);
rc = put_entry(buf, sizeof(u32), 4, fp);
Reported by FlawFinder.
Line: 3053
Column: 8
CWE codes:
126
size_t len, len2;
int rc;
len = strlen(key);
if (cladatum->comkey)
len2 = strlen(cladatum->comkey);
else
len2 = 0;
Reported by FlawFinder.
drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
22 issues
Line: 676
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
reg = rvu_read64(rvu, block->addr, NIX_AF_AQ_STATUS);
head = (reg >> 4) & AQ_PTR_MASK;
memcpy((void *)(aq->inst->base + (head * aq->inst->entry_sz)),
(void *)inst, aq->inst->entry_sz);
memset(result, 0, sizeof(*result));
/* sync into memory */
wmb();
Reported by FlawFinder.
Line: 816
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (req->op) {
case NIX_AQ_INSTOP_WRITE:
if (req->ctype == NIX_AQ_CTYPE_RQ)
memcpy(mask, &req->rq_mask,
sizeof(struct nix_rq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_SQ)
memcpy(mask, &req->sq_mask,
sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
Reported by FlawFinder.
Line: 819
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(mask, &req->rq_mask,
sizeof(struct nix_rq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_SQ)
memcpy(mask, &req->sq_mask,
sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
memcpy(mask, &req->cq_mask,
sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
Reported by FlawFinder.
Line: 822
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(mask, &req->sq_mask,
sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
memcpy(mask, &req->cq_mask,
sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
memcpy(mask, &req->rss_mask,
sizeof(struct nix_rsse_s));
else if (req->ctype == NIX_AQ_CTYPE_MCE)
Reported by FlawFinder.
Line: 825
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(mask, &req->cq_mask,
sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
memcpy(mask, &req->rss_mask,
sizeof(struct nix_rsse_s));
else if (req->ctype == NIX_AQ_CTYPE_MCE)
memcpy(mask, &req->mce_mask,
sizeof(struct nix_rx_mce_s));
else if (req->ctype == NIX_AQ_CTYPE_BANDPROF)
Reported by FlawFinder.
Line: 828
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(mask, &req->rss_mask,
sizeof(struct nix_rsse_s));
else if (req->ctype == NIX_AQ_CTYPE_MCE)
memcpy(mask, &req->mce_mask,
sizeof(struct nix_rx_mce_s));
else if (req->ctype == NIX_AQ_CTYPE_BANDPROF)
memcpy(mask, &req->prof_mask,
sizeof(struct nix_bandprof_s));
fallthrough;
Reported by FlawFinder.
Line: 831
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(mask, &req->mce_mask,
sizeof(struct nix_rx_mce_s));
else if (req->ctype == NIX_AQ_CTYPE_BANDPROF)
memcpy(mask, &req->prof_mask,
sizeof(struct nix_bandprof_s));
fallthrough;
case NIX_AQ_INSTOP_INIT:
if (req->ctype == NIX_AQ_CTYPE_RQ)
memcpy(ctx, &req->rq, sizeof(struct nix_rq_ctx_s));
Reported by FlawFinder.
Line: 836
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fallthrough;
case NIX_AQ_INSTOP_INIT:
if (req->ctype == NIX_AQ_CTYPE_RQ)
memcpy(ctx, &req->rq, sizeof(struct nix_rq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_SQ)
memcpy(ctx, &req->sq, sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
memcpy(ctx, &req->cq, sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
Reported by FlawFinder.
Line: 838
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (req->ctype == NIX_AQ_CTYPE_RQ)
memcpy(ctx, &req->rq, sizeof(struct nix_rq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_SQ)
memcpy(ctx, &req->sq, sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
memcpy(ctx, &req->cq, sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
memcpy(ctx, &req->rss, sizeof(struct nix_rsse_s));
else if (req->ctype == NIX_AQ_CTYPE_MCE)
Reported by FlawFinder.
Line: 840
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else if (req->ctype == NIX_AQ_CTYPE_SQ)
memcpy(ctx, &req->sq, sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
memcpy(ctx, &req->cq, sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
memcpy(ctx, &req->rss, sizeof(struct nix_rsse_s));
else if (req->ctype == NIX_AQ_CTYPE_MCE)
memcpy(ctx, &req->mce, sizeof(struct nix_rx_mce_s));
else if (req->ctype == NIX_AQ_CTYPE_BANDPROF)
Reported by FlawFinder.
security/selinux/selinuxfs.c
22 issues
Line: 825
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
rc = -EINVAL;
if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4)
goto out;
rc = security_context_str_to_sid(state, oldcon, &osid, GFP_KERNEL);
if (rc)
goto out;
Reported by FlawFinder.
Line: 935
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
length = -EINVAL;
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
goto out;
length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
if (length)
goto out;
Reported by FlawFinder.
Line: 995
Column: 10
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
length = -EINVAL;
nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
if (nargs < 3 || nargs > 4)
goto out;
if (nargs == 4) {
/*
* If and when the name of new object to be queried contains
Reported by FlawFinder.
Line: 1092
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
length = -EINVAL;
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
goto out;
length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
if (length)
goto out;
Reported by FlawFinder.
Line: 1153
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
length = -EINVAL;
if (sscanf(buf, "%s %s", con, user) != 2)
goto out;
length = security_context_str_to_sid(state, con, &sid, GFP_KERNEL);
if (length)
goto out;
Reported by FlawFinder.
Line: 1218
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
length = -EINVAL;
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
goto out;
length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
if (length)
goto out;
Reported by FlawFinder.
Line: 129
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
char tmpbuf[TMPBUFLEN];
ssize_t length;
length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
enforcing_enabled(fsi->state));
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
Reported by FlawFinder.
Line: 209
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
struct selinux_state *state = fsi->state;
char tmpbuf[TMPBUFLEN];
ssize_t length;
ino_t ino = file_inode(filp)->i_ino;
int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
security_get_reject_unknown(state) :
!security_get_allow_unknown(state);
Reported by FlawFinder.
Line: 342
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
size_t count, loff_t *ppos)
{
char tmpbuf[TMPBUFLEN];
ssize_t length;
length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX);
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
}
Reported by FlawFinder.
Line: 377
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
char tmpbuf[TMPBUFLEN];
ssize_t length;
length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
security_mls_enabled(fsi->state));
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
Reported by FlawFinder.
drivers/s390/net/qeth_l3_sys.c
22 issues
Line: 35
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
switch (route->type) {
case PRIMARY_ROUTER:
return sprintf(buf, "%s\n", "primary router");
case SECONDARY_ROUTER:
return sprintf(buf, "%s\n", "secondary router");
case MULTICAST_ROUTER:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "multicast router+");
Reported by FlawFinder.
Line: 37
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case PRIMARY_ROUTER:
return sprintf(buf, "%s\n", "primary router");
case SECONDARY_ROUTER:
return sprintf(buf, "%s\n", "secondary router");
case MULTICAST_ROUTER:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "multicast router+");
else
return sprintf(buf, "%s\n", "multicast router");
Reported by FlawFinder.
Line: 40
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "%s\n", "secondary router");
case MULTICAST_ROUTER:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "multicast router+");
else
return sprintf(buf, "%s\n", "multicast router");
case PRIMARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "primary connector+");
Reported by FlawFinder.
Line: 42
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "multicast router+");
else
return sprintf(buf, "%s\n", "multicast router");
case PRIMARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "primary connector+");
else
return sprintf(buf, "%s\n", "primary connector");
Reported by FlawFinder.
Line: 45
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "%s\n", "multicast router");
case PRIMARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "primary connector+");
else
return sprintf(buf, "%s\n", "primary connector");
case SECONDARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "secondary connector+");
Reported by FlawFinder.
Line: 47
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "primary connector+");
else
return sprintf(buf, "%s\n", "primary connector");
case SECONDARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "secondary connector+");
else
return sprintf(buf, "%s\n", "secondary connector");
Reported by FlawFinder.
Line: 50
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "%s\n", "primary connector");
case SECONDARY_CONNECTOR:
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "secondary connector+");
else
return sprintf(buf, "%s\n", "secondary connector");
default:
return sprintf(buf, "%s\n", "no");
}
Reported by FlawFinder.
Line: 52
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (card->info.broadcast_capable == QETH_BROADCAST_WITHOUT_ECHO)
return sprintf(buf, "%s\n", "secondary connector+");
else
return sprintf(buf, "%s\n", "secondary connector");
default:
return sprintf(buf, "%s\n", "no");
}
}
Reported by FlawFinder.
Line: 54
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
return sprintf(buf, "%s\n", "secondary connector");
default:
return sprintf(buf, "%s\n", "no");
}
}
static ssize_t qeth_l3_dev_route4_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 203
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
memcpy(tmp_hsuid, card->options.hsuid, sizeof(tmp_hsuid));
EBCASC(tmp_hsuid, 8);
return sprintf(buf, "%s\n", tmp_hsuid);
}
static ssize_t qeth_l3_dev_hsuid_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
drivers/s390/block/dasd_fba.c
22 issues
Line: 673
Column: 8
CWE codes:
134
Suggestion:
Make format string constant
"No memory to dump sense data");
return;
}
len = sprintf(page, PRINTK_HEADER
" I/O status report for device %s:\n",
dev_name(&device->cdev->dev));
len += sprintf(page + len, PRINTK_HEADER
" in req: %p CS: 0x%02X DS: 0x%02X\n", req,
irb->scsw.cmd.cstat, irb->scsw.cmd.dstat);
Reported by FlawFinder.
Line: 676
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
len = sprintf(page, PRINTK_HEADER
" I/O status report for device %s:\n",
dev_name(&device->cdev->dev));
len += sprintf(page + len, PRINTK_HEADER
" in req: %p CS: 0x%02X DS: 0x%02X\n", req,
irb->scsw.cmd.cstat, irb->scsw.cmd.dstat);
len += sprintf(page + len, PRINTK_HEADER
" device %s: Failing CCW: %p\n",
dev_name(&device->cdev->dev),
Reported by FlawFinder.
Line: 679
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
len += sprintf(page + len, PRINTK_HEADER
" in req: %p CS: 0x%02X DS: 0x%02X\n", req,
irb->scsw.cmd.cstat, irb->scsw.cmd.dstat);
len += sprintf(page + len, PRINTK_HEADER
" device %s: Failing CCW: %p\n",
dev_name(&device->cdev->dev),
(void *) (addr_t) irb->scsw.cmd.cpa);
if (irb->esw.esw0.erw.cons) {
for (sl = 0; sl < 4; sl++) {
Reported by FlawFinder.
Line: 685
Column: 11
CWE codes:
134
Suggestion:
Make format string constant
(void *) (addr_t) irb->scsw.cmd.cpa);
if (irb->esw.esw0.erw.cons) {
for (sl = 0; sl < 4; sl++) {
len += sprintf(page + len, PRINTK_HEADER
" Sense(hex) %2d-%2d:",
(8 * sl), ((8 * sl) + 7));
for (sct = 0; sct < 8; sct++) {
len += sprintf(page + len, " %02x",
Reported by FlawFinder.
Line: 696
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
len += sprintf(page + len, "\n");
}
} else {
len += sprintf(page + len, PRINTK_HEADER
" SORRY - NO VALID SENSE AVAILABLE\n");
}
printk(KERN_ERR "%s", page);
/* dump the Channel Program */
Reported by FlawFinder.
Line: 706
Column: 8
CWE codes:
134
Suggestion:
Make format string constant
act = req->cpaddr;
for (last = act; last->flags & (CCW_FLAG_CC | CCW_FLAG_DC); last++);
end = min(act + 8, last);
len = sprintf(page, PRINTK_HEADER " Related CP in req: %p\n", req);
while (act <= end) {
len += sprintf(page + len, PRINTK_HEADER
" CCW %p: %08X %08X DAT:",
act, ((int *) act)[0], ((int *) act)[1]);
for (count = 0; count < 32 && count < act->count;
Reported by FlawFinder.
Line: 708
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
end = min(act + 8, last);
len = sprintf(page, PRINTK_HEADER " Related CP in req: %p\n", req);
while (act <= end) {
len += sprintf(page + len, PRINTK_HEADER
" CCW %p: %08X %08X DAT:",
act, ((int *) act)[0], ((int *) act)[1]);
for (count = 0; count < 32 && count < act->count;
count += sizeof(int))
len += sprintf(page + len, " %08X",
Reported by FlawFinder.
Line: 726
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
len = 0;
if (act < ((struct ccw1 *)(addr_t) irb->scsw.cmd.cpa) - 2) {
act = ((struct ccw1 *)(addr_t) irb->scsw.cmd.cpa) - 2;
len += sprintf(page + len, PRINTK_HEADER "......\n");
}
end = min((struct ccw1 *)(addr_t) irb->scsw.cmd.cpa + 2, last);
while (act <= end) {
len += sprintf(page + len, PRINTK_HEADER
" CCW %p: %08X %08X DAT:",
Reported by FlawFinder.
Line: 730
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
}
end = min((struct ccw1 *)(addr_t) irb->scsw.cmd.cpa + 2, last);
while (act <= end) {
len += sprintf(page + len, PRINTK_HEADER
" CCW %p: %08X %08X DAT:",
act, ((int *) act)[0], ((int *) act)[1]);
for (count = 0; count < 32 && count < act->count;
count += sizeof(int))
len += sprintf(page + len, " %08X",
Reported by FlawFinder.
Line: 745
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
/* print last CCWs */
if (act < last - 2) {
act = last - 2;
len += sprintf(page + len, PRINTK_HEADER "......\n");
}
while (act <= last) {
len += sprintf(page + len, PRINTK_HEADER
" CCW %p: %08X %08X DAT:",
act, ((int *) act)[0], ((int *) act)[1]);
Reported by FlawFinder.
drivers/net/bonding/bond_3ad.c
21 issues
Line: 382
Column: 42
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
{
const struct bonding *bond = bond_get_bond_by_slave(port->slave);
port->actor_system = BOND_AD_INFO(bond).system.sys_mac_addr;
port->actor_system_priority = BOND_AD_INFO(bond).system.sys_priority;
}
/* Conversions */
Reported by FlawFinder.
Line: 383
Column: 51
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
const struct bonding *bond = bond_get_bond_by_slave(port->slave);
port->actor_system = BOND_AD_INFO(bond).system.sys_mac_addr;
port->actor_system_priority = BOND_AD_INFO(bond).system.sys_priority;
}
/* Conversions */
/**
Reported by FlawFinder.
Line: 558
Column: 59
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
*/
if (ntohs(lacpdu->actor_port) != partner->port_number ||
ntohs(lacpdu->actor_port_priority) != partner->port_priority ||
!MAC_ADDRESS_EQUAL(&lacpdu->actor_system, &partner->system) ||
ntohs(lacpdu->actor_system_priority) != partner->system_priority ||
ntohs(lacpdu->actor_key) != partner->key ||
(lacpdu->actor_state & LACP_STATE_AGGREGATION) != (partner->port_state & LACP_STATE_AGGREGATION)) {
port->sm_vars &= ~AD_PORT_SELECTED;
}
Reported by FlawFinder.
Line: 590
Column: 49
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
*/
if (admin->port_number != oper->port_number ||
admin->port_priority != oper->port_priority ||
!MAC_ADDRESS_EQUAL(&admin->system, &oper->system) ||
admin->system_priority != oper->system_priority ||
admin->key != oper->key ||
(admin->port_state & LACP_STATE_AGGREGATION)
!= (oper->port_state & LACP_STATE_AGGREGATION)) {
port->sm_vars &= ~AD_PORT_SELECTED;
Reported by FlawFinder.
Line: 590
Column: 34
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
*/
if (admin->port_number != oper->port_number ||
admin->port_priority != oper->port_priority ||
!MAC_ADDRESS_EQUAL(&admin->system, &oper->system) ||
admin->system_priority != oper->system_priority ||
admin->key != oper->key ||
(admin->port_state & LACP_STATE_AGGREGATION)
!= (oper->port_state & LACP_STATE_AGGREGATION)) {
port->sm_vars &= ~AD_PORT_SELECTED;
Reported by FlawFinder.
Line: 812
Column: 36
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
*/
lacpdu->partner_system_priority = htons(partner->system_priority);
lacpdu->partner_system = partner->system;
lacpdu->partner_key = htons(partner->key);
lacpdu->partner_port_priority = htons(partner->port_priority);
lacpdu->partner_port = htons(partner->port_number);
lacpdu->partner_state = partner->port_state;
Reported by FlawFinder.
Line: 1471
Column: 78
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
}
/* check if current aggregator suits us */
if (((aggregator->actor_oper_aggregator_key == port->actor_oper_port_key) && /* if all parameters match AND */
MAC_ADDRESS_EQUAL(&(aggregator->partner_system), &(port->partner_oper.system)) &&
(aggregator->partner_system_priority == port->partner_oper.system_priority) &&
(aggregator->partner_oper_aggregator_key == port->partner_oper.key)
) &&
((!MAC_ADDRESS_EQUAL(&(port->partner_oper.system), &(null_mac_addr)) && /* partner answers */
!aggregator->is_individual) /* but is not individual OR */
Reported by FlawFinder.
Line: 1475
Column: 49
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
(aggregator->partner_system_priority == port->partner_oper.system_priority) &&
(aggregator->partner_oper_aggregator_key == port->partner_oper.key)
) &&
((!MAC_ADDRESS_EQUAL(&(port->partner_oper.system), &(null_mac_addr)) && /* partner answers */
!aggregator->is_individual) /* but is not individual OR */
)
) {
/* attach to the founded aggregator */
port->aggregator = aggregator;
Reported by FlawFinder.
Line: 1521
Column: 24
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
port->aggregator->actor_oper_aggregator_key =
port->actor_oper_port_key;
port->aggregator->partner_system =
port->partner_oper.system;
port->aggregator->partner_system_priority =
port->partner_oper.system_priority;
port->aggregator->partner_oper_aggregator_key = port->partner_oper.key;
port->aggregator->receive_state = 1;
port->aggregator->transmit_state = 1;
Reported by FlawFinder.
Line: 2009
Column: 46
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
void bond_3ad_initialize(struct bonding *bond, u16 tick_resolution)
{
/* check that the bond is not initialized yet */
if (!MAC_ADDRESS_EQUAL(&(BOND_AD_INFO(bond).system.sys_mac_addr),
bond->dev->dev_addr)) {
BOND_AD_INFO(bond).aggregator_identifier = 0;
BOND_AD_INFO(bond).system.sys_priority =
Reported by FlawFinder.
include/linux/mod_devicetable.h
21 issues
Line: 263
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Struct used for matching a device
*/
struct of_device_id {
char name[32];
char type[32];
char compatible[128];
const void *data;
};
Reported by FlawFinder.
Line: 264
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct of_device_id {
char name[32];
char type[32];
char compatible[128];
const void *data;
};
/* VIO */
Reported by FlawFinder.
Line: 265
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct of_device_id {
char name[32];
char type[32];
char compatible[128];
const void *data;
};
/* VIO */
struct vio_device_id {
Reported by FlawFinder.
Line: 271
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* VIO */
struct vio_device_id {
char type[32];
char compat[32];
};
/* PCMCIA */
Reported by FlawFinder.
Line: 272
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* VIO */
struct vio_device_id {
char type[32];
char compat[32];
};
/* PCMCIA */
struct pcmcia_device_id {
Reported by FlawFinder.
Line: 294
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 prod_id_hash[4];
/* not matched against in kernelspace */
const char * prod_id[4];
/* not matched against */
kernel_ulong_t driver_info;
char * cisfile;
};
Reported by FlawFinder.
Line: 371
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* The EISA signature, in ASCII form, null terminated */
struct eisa_device_id {
char sig[EISA_SIG_LEN];
kernel_ulong_t driver_data;
};
#define EISA_DEVICE_MODALIAS_FMT "eisa:s%s"
Reported by FlawFinder.
Line: 449
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define RPMSG_DEVICE_MODALIAS_FMT "rpmsg:%s"
struct rpmsg_device_id {
char name[RPMSG_NAME_SIZE];
kernel_ulong_t driver_data;
};
/* i2c */
Reported by FlawFinder.
Line: 459
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define I2C_MODULE_PREFIX "i2c:"
struct i2c_device_id {
char name[I2C_NAME_SIZE];
kernel_ulong_t driver_data; /* Data private to the driver */
};
/* pci_epf */
Reported by FlawFinder.
Line: 469
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define PCI_EPF_MODULE_PREFIX "pci_epf:"
struct pci_epf_device_id {
char name[PCI_EPF_NAME_SIZE];
kernel_ulong_t driver_data;
};
/* i3c */
Reported by FlawFinder.
fs/btrfs/volumes.c
21 issues
Line: 4057
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define CHECK_APPEND_NOARG(a) \
do { \
ret = snprintf(bp, size_bp, (a)); \
if (ret < 0 || ret >= size_bp) \
goto out_overflow; \
size_bp -= ret; \
bp += ret; \
} while (0)
Reported by FlawFinder.
Line: 4066
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define CHECK_APPEND_1ARG(a, v1) \
do { \
ret = snprintf(bp, size_bp, (a), (v1)); \
if (ret < 0 || ret >= size_bp) \
goto out_overflow; \
size_bp -= ret; \
bp += ret; \
} while (0)
Reported by FlawFinder.
Line: 4075
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define CHECK_APPEND_2ARG(a, v1, v2) \
do { \
ret = snprintf(bp, size_bp, (a), (v1), (v2)); \
if (ret < 0 || ret >= size_bp) \
goto out_overflow; \
size_bp -= ret; \
bp += ret; \
} while (0)
Reported by FlawFinder.
Line: 4154
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define CHECK_APPEND_1ARG(a, v1) \
do { \
ret = snprintf(bp, size_bp, (a), (v1)); \
if (ret < 0 || ret >= size_bp) \
goto out_overflow; \
size_bp -= ret; \
bp += ret; \
} while (0)
Reported by FlawFinder.
Line: 179
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
u32 size_bp = size_buf;
if (!flags) {
strcpy(bp, "NONE");
return;
}
#define DESCRIBE_FLAG(flag, desc) \
do { \
Reported by FlawFinder.
Line: 362
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
INIT_LIST_HEAD(&fs_devs->fs_list);
INIT_LIST_HEAD(&fs_devs->seed_list);
if (fsid)
memcpy(fs_devs->fsid, fsid, BTRFS_FSID_SIZE);
if (metadata_fsid)
memcpy(fs_devs->metadata_uuid, metadata_fsid, BTRFS_FSID_SIZE);
else if (fsid)
memcpy(fs_devs->metadata_uuid, fsid, BTRFS_FSID_SIZE);
Reported by FlawFinder.
Line: 365
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(fs_devs->fsid, fsid, BTRFS_FSID_SIZE);
if (metadata_fsid)
memcpy(fs_devs->metadata_uuid, metadata_fsid, BTRFS_FSID_SIZE);
else if (fsid)
memcpy(fs_devs->metadata_uuid, fsid, BTRFS_FSID_SIZE);
return fs_devs;
}
Reported by FlawFinder.
Line: 367
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (metadata_fsid)
memcpy(fs_devs->metadata_uuid, metadata_fsid, BTRFS_FSID_SIZE);
else if (fsid)
memcpy(fs_devs->metadata_uuid, fsid, BTRFS_FSID_SIZE);
return fs_devs;
}
void btrfs_free_device(struct btrfs_device *device)
Reported by FlawFinder.
Line: 836
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (fs_devices->fsid_change &&
found_transid > fs_devices->latest_generation) {
memcpy(fs_devices->fsid, disk_super->fsid,
BTRFS_FSID_SIZE);
if (has_metadata_uuid)
memcpy(fs_devices->metadata_uuid,
disk_super->metadata_uuid,
Reported by FlawFinder.
Line: 840
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BTRFS_FSID_SIZE);
if (has_metadata_uuid)
memcpy(fs_devices->metadata_uuid,
disk_super->metadata_uuid,
BTRFS_FSID_SIZE);
else
memcpy(fs_devices->metadata_uuid,
disk_super->fsid, BTRFS_FSID_SIZE);
Reported by FlawFinder.
drivers/media/common/v4l2-tpg/v4l2-tpg-core.c
21 issues
Line: 1811
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned hdiv = tpg->hdownsampling[p];
u8 *pos = tpg->lines[pat][p] + tpg_hdiv(tpg, p, x);
memcpy(pos, pix[p], twopixsize / hdiv);
}
}
}
if (tpg->vdownsampling[tpg->planes - 1] > 1) {
Reported by FlawFinder.
Line: 1841
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *pos = tpg->contrast_line[p];
for (x = 0; x < tpg->scaled_width; x += 2, pos += twopixsize)
memcpy(pos, pix[p], twopixsize);
}
gen_twopix(tpg, pix, TPG_COLOR_100_BLACK, 0);
gen_twopix(tpg, pix, TPG_COLOR_100_BLACK, 1);
for (p = 0; p < tpg->planes; p++) {
Reported by FlawFinder.
Line: 1851
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *pos = tpg->black_line[p];
for (x = 0; x < tpg->scaled_width; x += 2, pos += twopixsize)
memcpy(pos, pix[p], twopixsize);
}
for (x = 0; x < tpg->scaled_width * 2; x += 2) {
gen_twopix(tpg, pix, TPG_COLOR_RANDOM, 0);
gen_twopix(tpg, pix, TPG_COLOR_RANDOM, 1);
Reported by FlawFinder.
Line: 1861
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned twopixsize = tpg->twopixelsize[p];
u8 *pos = tpg->random_line[p] + x * twopixsize / 2;
memcpy(pos, pix[p], twopixsize);
}
}
gen_twopix(tpg, tpg->textbg, TPG_COLOR_TEXTBG, 0);
gen_twopix(tpg, tpg->textbg, TPG_COLOR_TEXTBG, 1);
Reported by FlawFinder.
Line: 1880
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int line; \
PIXTYPE fg; \
PIXTYPE bg; \
memcpy(&fg, tpg->textfg[p], sizeof(PIXTYPE)); \
memcpy(&bg, tpg->textbg[p], sizeof(PIXTYPE)); \
\
for (line = first; line < 16; line += vdiv * step) { \
int l = tpg->vflip ? 15 - line : line; \
PIXTYPE *pos = (PIXTYPE *)(basep[p][(line / vdiv) & 1] + \
Reported by FlawFinder.
Line: 1881
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
PIXTYPE fg; \
PIXTYPE bg; \
memcpy(&fg, tpg->textfg[p], sizeof(PIXTYPE)); \
memcpy(&bg, tpg->textbg[p], sizeof(PIXTYPE)); \
\
for (line = first; line < 16; line += vdiv * step) { \
int l = tpg->vflip ? 15 - line : line; \
PIXTYPE *pos = (PIXTYPE *)(basep[p][(line / vdiv) & 1] + \
((y * step + l) / (vdiv * div)) * tpg->bytesperline[p] + \
Reported by FlawFinder.
Line: 2327
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
u8 *wss = tpg->random_line[p] + params->wss_random_offset;
memcpy(vbuf, wss, params->wss_width);
}
if (tpg->show_border && frame_line >= b->top &&
frame_line < b->top + b->height) {
unsigned bottom = b->top + b->height - 1;
Reported by FlawFinder.
Line: 2338
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (frame_line == b->top || frame_line == b->top + 1 ||
frame_line == bottom || frame_line == bottom - 1) {
memcpy(vbuf + left, tpg->contrast_line[p],
right - left);
} else {
if (b->left >= c->left &&
b->left < c->left + c->width)
memcpy(vbuf + left,
Reported by FlawFinder.
Line: 2343
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
if (b->left >= c->left &&
b->left < c->left + c->width)
memcpy(vbuf + left,
tpg->contrast_line[p], twopixsize);
if (b->left + b->width > c->left &&
b->left + b->width <= c->left + c->width)
memcpy(vbuf + right - twopixsize,
tpg->contrast_line[p], twopixsize);
Reported by FlawFinder.
Line: 2347
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tpg->contrast_line[p], twopixsize);
if (b->left + b->width > c->left &&
b->left + b->width <= c->left + c->width)
memcpy(vbuf + right - twopixsize,
tpg->contrast_line[p], twopixsize);
}
}
if (tpg->qual != TPG_QUAL_NOISE && frame_line >= b->top &&
frame_line < b->top + b->height) {
Reported by FlawFinder.
drivers/staging/rtl8188eu/core/rtw_recv.c
21 issues
Line: 360
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (auth_alg == 2) {
/* get ether_type */
ptr = ptr + pfhdr->attrib.hdrlen + LLC_HEADER_SIZE + pfhdr->attrib.iv_len;
memcpy(&be_tmp, ptr, 2);
ether_type = ntohs(be_tmp);
if (psta && (psta->ieee8021x_blocked)) {
/* blocked */
/* only accept EAPOL frame */
Reported by FlawFinder.
Line: 906
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto exit;
}
memcpy(pattrib->dst, pda, ETH_ALEN);
memcpy(pattrib->src, psa, ETH_ALEN);
memcpy(pattrib->bssid, pbssid, ETH_ALEN);
switch (pattrib->to_fr_ds) {
Reported by FlawFinder.
Line: 907
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(pattrib->dst, pda, ETH_ALEN);
memcpy(pattrib->src, psa, ETH_ALEN);
memcpy(pattrib->bssid, pbssid, ETH_ALEN);
switch (pattrib->to_fr_ds) {
case 0:
Reported by FlawFinder.
Line: 909
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->dst, pda, ETH_ALEN);
memcpy(pattrib->src, psa, ETH_ALEN);
memcpy(pattrib->bssid, pbssid, ETH_ALEN);
switch (pattrib->to_fr_ds) {
case 0:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
Reported by FlawFinder.
Line: 913
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (pattrib->to_fr_ds) {
case 0:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
ret = sta2sta_data_frame(adapter, precv_frame, &psta);
break;
case 1:
memcpy(pattrib->ra, pda, ETH_ALEN);
Reported by FlawFinder.
Line: 914
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (pattrib->to_fr_ds) {
case 0:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
ret = sta2sta_data_frame(adapter, precv_frame, &psta);
break;
case 1:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, pbssid, ETH_ALEN);
Reported by FlawFinder.
Line: 918
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = sta2sta_data_frame(adapter, precv_frame, &psta);
break;
case 1:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, pbssid, ETH_ALEN);
ret = ap2sta_data_frame(adapter, precv_frame, &psta);
break;
case 2:
memcpy(pattrib->ra, pbssid, ETH_ALEN);
Reported by FlawFinder.
Line: 919
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 1:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, pbssid, ETH_ALEN);
ret = ap2sta_data_frame(adapter, precv_frame, &psta);
break;
case 2:
memcpy(pattrib->ra, pbssid, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
Reported by FlawFinder.
Line: 923
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = ap2sta_data_frame(adapter, precv_frame, &psta);
break;
case 2:
memcpy(pattrib->ra, pbssid, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
ret = sta2ap_data_frame(adapter, precv_frame, &psta);
break;
case 3:
memcpy(pattrib->ra, GetAddr1Ptr(ptr), ETH_ALEN);
Reported by FlawFinder.
Line: 924
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 2:
memcpy(pattrib->ra, pbssid, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
ret = sta2ap_data_frame(adapter, precv_frame, &psta);
break;
case 3:
memcpy(pattrib->ra, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ta, GetAddr2Ptr(ptr), ETH_ALEN);
Reported by FlawFinder.