The following issues were found
drivers/net/wireless/broadcom/brcm80211/brcmsmac/channel.c
3 issues
Line: 344
Column: 3
CWE codes:
120
/* store the country code for passing up as a regulatory hint */
wlc_cm->world_regd = brcms_world_regd(ccode, ccode_len);
if (brcms_c_country_valid(ccode))
strncpy(wlc->pub->srom_ccode, ccode, ccode_len);
/*
* If no custom world domain is found in the SROM, use the
* default "X2" domain.
*/
Reported by FlawFinder.
Line: 357
Column: 2
CWE codes:
120
}
/* save default country for exiting 11d regulatory mode */
strncpy(wlc->country_default, ccode, ccode_len);
/* initialize autocountry_default to driver default */
strncpy(wlc->autocountry_default, ccode, ccode_len);
brcms_c_set_country(wlc_cm, wlc_cm->world_regd);
Reported by FlawFinder.
Line: 360
Column: 2
CWE codes:
120
strncpy(wlc->country_default, ccode, ccode_len);
/* initialize autocountry_default to driver default */
strncpy(wlc->autocountry_default, ccode, ccode_len);
brcms_c_set_country(wlc_cm, wlc_cm->world_regd);
return wlc_cm;
}
Reported by FlawFinder.
drivers/net/ethernet/ibm/ibmvnic.h
3 issues
Line: 757
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Used for serialization of msgs, cur */
spinlock_t lock;
bool active;
char name[32];
};
union sub_crq {
struct ibmvnic_generic_scrq generic;
struct ibmvnic_tx_comp_desc tx_comp;
Reported by FlawFinder.
Line: 792
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ibmvnic_adapter *adapter;
struct ibmvnic_ind_xmit_queue ind_buf;
atomic_t used;
char name[32];
u64 handle;
} ____cacheline_aligned;
struct ibmvnic_long_term_buff {
unsigned char *buff;
Reported by FlawFinder.
Line: 892
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Vital Product Data (VPD) */
struct ibmvnic_vpd *vpd;
char fw_version[32];
/* Statistics */
struct ibmvnic_statistics stats;
dma_addr_t stats_token;
struct completion stats_done;
Reported by FlawFinder.
drivers/net/ethernet/intel/iavf/iavf_type.h
3 issues
Line: 192
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* debug mask */
u32 debug_mask;
char err_str[16];
};
/* RX Descriptors */
union iavf_16byte_rx_desc {
struct {
Reported by FlawFinder.
Line: 200
Column: 4
CWE codes:
120
20
struct {
__le64 pkt_addr; /* Packet buffer address */
__le64 hdr_addr; /* Header buffer address */
} read;
struct {
struct {
struct {
union {
__le16 mirroring_status;
Reported by FlawFinder.
drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
3 issues
Line: 146
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct brcmf_usbreq *tx_reqs;
struct brcmf_usbreq *rx_reqs;
char fw_name[BRCMF_FW_NAME_LEN];
const u8 *image; /* buffer for combine fw and nvram */
int image_len;
struct usb_device *usbdev;
struct device *dev;
Reported by FlawFinder.
Line: 787
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
usb_kill_urb(devinfo->ctl_urb);
ret = -ETIMEDOUT;
} else {
memcpy(buffer, tmpbuf, buflen);
}
finalize:
kfree(tmpbuf);
return ret;
Reported by FlawFinder.
Line: 939
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sendlen -= 4;
/* send data */
memcpy(bulkchunk, dlpos, sendlen);
if (brcmf_usb_dl_send_bulk(devinfo, bulkchunk,
sendlen)) {
brcmf_err("send_bulk failed\n");
err = -EINVAL;
goto fail;
Reported by FlawFinder.
drivers/net/wan/sbni.c
3 issues
Line: 237
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
dev->netdev_ops = &sbni_netdev_ops;
sprintf(dev->name, "sbni%d", unit);
netdev_boot_setup_check(dev);
err = sbni_init(dev);
if (err) {
free_netdev(dev);
Reported by FlawFinder.
Line: 1308
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef CONFIG_SBNI_MULTILINE
struct net_device *slave_dev;
char slave_name[ 8 ];
#endif
switch( cmd ) {
case SIOCDEVGETINSTATS :
if (copy_to_user( ifr->ifr_data, &nl->in_stats,
Reported by FlawFinder.
Line: 1494
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if( !dev)
break;
sprintf( dev->name, "sbni%d", num );
err = sbni_init(dev);
if (err) {
free_netdev(dev);
break;
Reported by FlawFinder.
drivers/net/ethernet/marvell/octeontx2/af/rvu.h
3 issues
Line: 106
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 lfcfg_reg;
u64 msixcfg_reg;
u64 lfreset_reg;
unsigned char name[NAME_SIZE];
};
struct nix_mcast {
struct qmem *mce_ctx;
struct qmem *mcast_buf;
Reported by FlawFinder.
Line: 473
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head cgx_evq_head; /* cgx event queue head */
struct mutex cgx_cfg_lock; /* serialize cgx configuration */
char mkex_pfl_name[MKEX_NAME_LEN]; /* Configured MKEX profile name */
char kpu_pfl_name[KPU_NAME_LEN]; /* Configured KPU profile name */
/* Firmware data */
struct rvu_fwdata *fwdata;
void *kpu_fwdata;
Reported by FlawFinder.
Line: 474
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mutex cgx_cfg_lock; /* serialize cgx configuration */
char mkex_pfl_name[MKEX_NAME_LEN]; /* Configured MKEX profile name */
char kpu_pfl_name[KPU_NAME_LEN]; /* Configured KPU profile name */
/* Firmware data */
struct rvu_fwdata *fwdata;
void *kpu_fwdata;
size_t kpu_fwdata_sz;
Reported by FlawFinder.
drivers/net/ethernet/intel/e1000e/hw.h
3 issues
Line: 261
Column: 4
CWE codes:
120
20
struct {
/* one buffer for protocol header(s), three data buffers */
__le64 buffer_addr[MAX_PS_BUFFERS];
} read;
struct {
struct {
__le32 mrq; /* Multiple Rx Queues */
union {
__le32 rss; /* RSS Hash */
Reported by FlawFinder.
Line: 544
Column: 9
CWE codes:
120
20
/* Function pointers for the NVM. */
struct e1000_nvm_operations {
s32 (*acquire)(struct e1000_hw *);
s32 (*read)(struct e1000_hw *, u16, u16, u16 *);
void (*release)(struct e1000_hw *);
void (*reload)(struct e1000_hw *);
s32 (*update)(struct e1000_hw *);
s32 (*valid_led_default)(struct e1000_hw *, u16 *);
s32 (*validate)(struct e1000_hw *);
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx4/eq.c
3 issues
Line: 1281
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
priv->eq_table.eq[MLX4_EQ_ASYNC].have_irq = 1;
} else {
snprintf(priv->eq_table.irq_names,
MLX4_IRQNAME_SIZE,
DRV_NAME "@pci:%s",
pci_name(dev->persist->pdev));
err = request_irq(dev->persist->pdev->irq, mlx4_interrupt,
IRQF_SHARED, priv->eq_table.irq_names, dev);
Reported by FlawFinder.
Line: 211
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
memcpy(s_eqe, eqe, sizeof(struct mlx4_eqe) - 1);
s_eqe->slave_id = slave;
/* ensure all information is written before setting the ownersip bit */
dma_wmb();
s_eqe->owner = !!(slave_eq->prod & SLAVE_EVENT_EQ_SIZE) ? 0x0 : 0x80;
++slave_eq->prod;
Reported by FlawFinder.
Line: 729
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mlx4_warn(dev, "Received comm channel event for non master device\n");
break;
}
memcpy(&priv->mfunc.master.comm_arm_bit_vector,
eqe->event.comm_channel_arm.bit_vec,
sizeof(eqe->event.comm_channel_arm.bit_vec));
queue_work(priv->mfunc.master.comm_wq,
&priv->mfunc.master.comm_work);
break;
Reported by FlawFinder.
drivers/net/ethernet/toshiba/spider_net.c
3 issues
Line: 563
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
u32 crc;
u8 hash;
char addr_for_crc[ETH_ALEN] = { 0, };
int i, bit;
for (i = 0; i < ETH_ALEN * 8; i++) {
bit = (addr[i / 8] >> (i % 8)) & 1;
addr_for_crc[ETH_ALEN - 1 - i / 8] += bit << (7 - (i % 8));
Reported by FlawFinder.
Line: 1296
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(addr->sa_data))
return -EADDRNOTAVAIL;
memcpy(netdev->dev_addr, addr->sa_data, ETH_ALEN);
/* switch off GMACTPE and GMACRPE */
regvalue = spider_net_read_reg(card, SPIDER_NET_GMACOPEMD);
regvalue &= ~((1 << 5) | (1 << 6));
spider_net_write_reg(card, SPIDER_NET_GMACOPEMD, regvalue);
Reported by FlawFinder.
Line: 2297
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mac = of_get_property(dn, "local-mac-address", NULL);
if (!mac)
return -EIO;
memcpy(addr.sa_data, mac, ETH_ALEN);
result = spider_net_set_mac(netdev, &addr);
if ((result) && (netif_msg_probe(card)))
dev_err(&card->netdev->dev,
"Failed to set MAC address: %i\n", result);
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c
3 issues
Line: 438
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
char *output_data = __mlxsw_item_data(output, output_item, 0);
size_t len = output_item->size.bytes;
memcpy(output_data, storage_data, len);
}
static void
mlxsw_sp_afk_encode_one(const struct mlxsw_afk_element_inst *elinst,
char *output, char *storage, int u32_diff)
Reported by FlawFinder.
Line: 468
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned int blocks_count =
mlxsw_afk_key_info_blocks_count_get(key_info);
char block_mask[MLXSW_SP_AFK_KEY_BLOCK_MAX_SIZE];
char block_key[MLXSW_SP_AFK_KEY_BLOCK_MAX_SIZE];
const struct mlxsw_afk_element_inst *elinst;
enum mlxsw_afk_element element;
int block_index, i;
Reported by FlawFinder.
Line: 469
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int blocks_count =
mlxsw_afk_key_info_blocks_count_get(key_info);
char block_mask[MLXSW_SP_AFK_KEY_BLOCK_MAX_SIZE];
char block_key[MLXSW_SP_AFK_KEY_BLOCK_MAX_SIZE];
const struct mlxsw_afk_element_inst *elinst;
enum mlxsw_afk_element element;
int block_index, i;
for (i = 0; i < blocks_count; i++) {
Reported by FlawFinder.