The following issues were found
drivers/net/ethernet/toshiba/tc35815.c
3 issues
Line: 711
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lp->pci_dev, tc35815_mac_match);
if (pd) {
if (pd->platform_data)
memcpy(dev->dev_addr, pd->platform_data, ETH_ALEN);
put_device(pd);
return is_valid_ether_addr(dev->dev_addr) ? 0 : -ENODEV;
}
return -ENODEV;
}
Reported by FlawFinder.
Line: 1995
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
static struct {
const char str[ETH_GSTRING_LEN];
} ethtool_stats_keys[] = {
{ "max_tx_qlen" },
{ "tx_ints" },
{ "rx_ints" },
{ "tx_underrun" },
Reported by FlawFinder.
Line: 2005
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void tc35815_get_strings(struct net_device *dev, u32 stringset, u8 *data)
{
memcpy(data, ethtool_stats_keys, sizeof(ethtool_stats_keys));
}
static const struct ethtool_ops tc35815_ethtool_ops = {
.get_drvinfo = tc35815_get_drvinfo,
.get_link = ethtool_op_get_link,
Reported by FlawFinder.
drivers/net/vmxnet3/vmxnet3_int.h
3 issues
Line: 238
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct vmxnet3_tx_queue {
char name[IFNAMSIZ+8]; /* To identify interrupt */
struct vmxnet3_adapter *adapter;
spinlock_t tx_lock;
struct vmxnet3_cmd_ring tx_ring;
struct vmxnet3_tx_buf_info *buf_info;
struct vmxnet3_tx_data_ring data_ring;
Reported by FlawFinder.
Line: 289
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct vmxnet3_rx_queue {
char name[IFNAMSIZ + 8]; /* To identify interrupt */
struct vmxnet3_adapter *adapter;
struct napi_struct napi;
struct vmxnet3_cmd_ring rx_ring[2];
struct vmxnet3_rx_data_ring data_ring;
struct vmxnet3_comp_ring comp_ring;
Reported by FlawFinder.
Line: 321
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 num_intrs; /* # of intr vectors */
u8 event_intr_idx; /* idx of the intr vector for event */
u8 mod_levels[VMXNET3_LINUX_MAX_MSIX_VECT]; /* moderation level */
char event_msi_vector_name[IFNAMSIZ+17];
#ifdef CONFIG_PCI_MSI
struct msix_entry msix_entries[VMXNET3_LINUX_MAX_MSIX_VECT];
#endif
};
Reported by FlawFinder.
drivers/net/ethernet/wiznet/w5100.c
3 issues
Line: 988
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(sock_addr->sa_data))
return -EADDRNOTAVAIL;
memcpy(ndev->dev_addr, sock_addr->sa_data, ETH_ALEN);
w5100_write_macaddr(priv);
return 0;
}
static int w5100_open(struct net_device *ndev)
Reported by FlawFinder.
Line: 1156
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
INIT_WORK(&priv->restart_work, w5100_restart_work);
if (mac_addr)
memcpy(ndev->dev_addr, mac_addr, ETH_ALEN);
else
eth_hw_addr_random(ndev);
if (priv->ops->init) {
err = priv->ops->init(priv->ndev);
Reported by FlawFinder.
Line: 482
Column: 20
CWE codes:
120
20
static int w5100_read(struct w5100_priv *priv, u32 addr)
{
return priv->ops->read(priv->ndev, addr);
}
static int w5100_write(struct w5100_priv *priv, u32 addr, u8 data)
{
return priv->ops->write(priv->ndev, addr, data);
Reported by FlawFinder.
drivers/net/usb/qmi_wwan.c
3 issues
Line: 337
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct usbnet *dev = netdev_priv(to_net_dev(d));
struct qmi_wwan_state *info = (void *)&dev->data;
return sprintf(buf, "%c\n", info->flags & QMI_WWAN_FLAG_RAWIP ? 'Y' : 'N');
}
static ssize_t raw_ip_store(struct device *d, struct device_attribute *attr, const char *buf, size_t len)
{
struct usbnet *dev = netdev_priv(to_net_dev(d));
Reported by FlawFinder.
Line: 484
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct qmi_wwan_state *info;
info = (void *)&dev->data;
return sprintf(buf, "%c\n",
info->flags & QMI_WWAN_FLAG_PASS_THROUGH ? 'Y' : 'N');
}
static ssize_t pass_through_store(struct device *d,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 616
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
eth_hdr(skb)->h_proto = proto;
eth_zero_addr(eth_hdr(skb)->h_source);
fix_dest:
memcpy(eth_hdr(skb)->h_dest, dev->net->dev_addr, ETH_ALEN);
return 1;
}
/* very simplistic detection of IPv4 or IPv6 headers */
static bool possibly_iphdr(const char *data)
Reported by FlawFinder.
drivers/net/usb/lg-vl600.c
3 issues
Line: 179
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (be16_to_cpup(ðhdr->h_proto) == ETH_P_ARP &&
buf->len > 0x26) {
/* Copy the addresses from packet contents */
memcpy(ethhdr->h_source,
&buf->data[sizeof(*ethhdr) + 0x8],
ETH_ALEN);
memcpy(ethhdr->h_dest,
&buf->data[sizeof(*ethhdr) + 0x12],
ETH_ALEN);
Reported by FlawFinder.
Line: 182
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ethhdr->h_source,
&buf->data[sizeof(*ethhdr) + 0x8],
ETH_ALEN);
memcpy(ethhdr->h_dest,
&buf->data[sizeof(*ethhdr) + 0x12],
ETH_ALEN);
} else {
eth_zero_addr(ethhdr->h_source);
memcpy(ethhdr->h_dest, dev->net->dev_addr, ETH_ALEN);
Reported by FlawFinder.
Line: 187
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ETH_ALEN);
} else {
eth_zero_addr(ethhdr->h_source);
memcpy(ethhdr->h_dest, dev->net->dev_addr, ETH_ALEN);
/* Inbound IPv6 packets have an IPv4 ethertype (0x800)
* for some reason. Peek at the L3 header to check
* for IPv6 packets, and set the ethertype to IPv6
* (0x86dd) so Linux can understand it.
Reported by FlawFinder.
drivers/net/usb/kaweth.c
3 issues
Line: 320
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOSPC;
}
data_len = fw->size;
memcpy(kaweth->firmware_buf, fw->data, fw->size);
release_firmware(fw);
kaweth->firmware_buf[2] = (data_len & 0xFF) - 7;
kaweth->firmware_buf[3] = data_len >> 8;
Reported by FlawFinder.
Line: 1046
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!kaweth->rx_buf)
goto err_all_but_rxbuf;
memcpy(netdev->broadcast, &bcast_addr, sizeof(bcast_addr));
memcpy(netdev->dev_addr, &kaweth->configuration.hw_addr,
sizeof(kaweth->configuration.hw_addr));
netdev->netdev_ops = &kaweth_netdev_ops;
netdev->watchdog_timeo = KAWETH_TX_TIMEOUT;
Reported by FlawFinder.
Line: 1047
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err_all_but_rxbuf;
memcpy(netdev->broadcast, &bcast_addr, sizeof(bcast_addr));
memcpy(netdev->dev_addr, &kaweth->configuration.hw_addr,
sizeof(kaweth->configuration.hw_addr));
netdev->netdev_ops = &kaweth_netdev_ops;
netdev->watchdog_timeo = KAWETH_TX_TIMEOUT;
netdev->mtu = le16_to_cpu(kaweth->configuration.segment_size);
Reported by FlawFinder.
drivers/net/usb/ipheth.c
3 issues
Line: 306
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__func__, retval);
retval = -EINVAL;
} else {
memcpy(net->dev_addr, dev->ctrl_buf, ETH_ALEN);
retval = 0;
}
return retval;
}
Reported by FlawFinder.
Line: 375
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NETDEV_TX_OK;
}
memcpy(dev->tx_buf, skb->data, skb->len);
if (skb->len < IPHETH_BUF_SIZE)
memset(dev->tx_buf + skb->len, 0, IPHETH_BUF_SIZE - skb->len);
usb_fill_bulk_urb(dev->tx_urb, udev,
usb_sndbulkpipe(udev, dev->bulk_out),
Reported by FlawFinder.
Line: 446
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
netdev->netdev_ops = &ipheth_netdev_ops;
netdev->watchdog_timeo = IPHETH_TX_TIMEOUT;
strcpy(netdev->name, "eth%d");
dev = netdev_priv(netdev);
dev->udev = udev;
dev->net = netdev;
dev->intf = intf;
Reported by FlawFinder.
drivers/net/fddi/defxx.h
3 issues
Line: 1032
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
PI_CMD_DEC_EXT_MIB_GET_REQ dec_mib_get;
PI_CMD_SMT_MIB_SET_REQ smt_mib_set;
PI_CMD_SMT_MIB_GET_REQ smt_mib_get;
char pad[PI_CMD_REQ_K_SIZE_MAX];
} PI_DMA_CMD_REQ;
typedef union
{
PI_RSP_HEADER header;
Reported by FlawFinder.
Line: 1054
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
PI_CMD_DEC_EXT_MIB_GET_RSP dec_mib_get;
PI_CMD_SMT_MIB_SET_RSP smt_mib_set;
PI_CMD_SMT_MIB_GET_RSP smt_mib_get;
char pad[PI_CMD_RSP_K_SIZE_MAX];
} PI_DMA_CMD_RSP;
typedef union
{
PI_DMA_CMD_REQ request;
Reported by FlawFinder.
Line: 1762
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Store pointers to receive buffers for queue processing code */
char *p_rcv_buff_va[PI_RCV_DATA_K_NUM_ENTRIES];
/* Store pointers to transmit buffers for transmit completion code */
XMT_DRIVER_DESCR xmt_drv_descr_blk[PI_XMT_DATA_K_NUM_ENTRIES];
Reported by FlawFinder.
drivers/net/fddi/skfp/h/hwmtm.h
3 issues
Line: 170
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define DB_RX(lev, fmt, ...) \
do { \
if (DB_P.d_os.hwm_rx >= (lev)) \
printf(fmt "\n", ##__VA_ARGS__); \
} while (0)
#define DB_TX(lev, fmt, ...) \
do { \
if (DB_P.d_os.hwm_tx >= (lev)) \
printf(fmt "\n", ##__VA_ARGS__); \
Reported by FlawFinder.
Line: 175
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define DB_TX(lev, fmt, ...) \
do { \
if (DB_P.d_os.hwm_tx >= (lev)) \
printf(fmt "\n", ##__VA_ARGS__); \
} while (0)
#define DB_GEN(lev, fmt, ...) \
do { \
if (DB_P.d_os.hwm_gen >= (lev)) \
printf(fmt "\n", ##__VA_ARGS__); \
Reported by FlawFinder.
Line: 180
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define DB_GEN(lev, fmt, ...) \
do { \
if (DB_P.d_os.hwm_gen >= (lev)) \
printf(fmt "\n", ##__VA_ARGS__); \
} while (0)
#else /* DEBUG */
#define DB_RX(lev, fmt, ...) no_printk(fmt "\n", ##__VA_ARGS__)
#define DB_TX(lev, fmt, ...) no_printk(fmt "\n", ##__VA_ARGS__)
#define DB_GEN(lev, fmt, ...) no_printk(fmt "\n", ##__VA_ARGS__)
Reported by FlawFinder.
drivers/net/ethernet/intel/fm10k/fm10k_tlv.c
3 issues
Line: 598
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
static const unsigned char test_str[] = "fm10k";
static const unsigned char test_mac[ETH_ALEN] = { 0x12, 0x34, 0x56,
0x78, 0x9a, 0xbc };
static const u16 test_vlan = 0x0FED;
static const u64 test_u64 = 0xfedcba9876543210ull;
static const u32 test_u32 = 0x87654321;
static const u16 test_u16 = 0x8765;
Reported by FlawFinder.
Line: 711
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct fm10k_mbx_info *mbx)
{
u32 *nest_results[FM10K_TLV_RESULTS_MAX];
unsigned char result_str[80];
unsigned char result_mac[ETH_ALEN];
s32 err = 0;
__le32 result_le[2];
u16 result_vlan;
u64 result_u64;
Reported by FlawFinder.
Line: 712
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
u32 *nest_results[FM10K_TLV_RESULTS_MAX];
unsigned char result_str[80];
unsigned char result_mac[ETH_ALEN];
s32 err = 0;
__le32 result_le[2];
u16 result_vlan;
u64 result_u64;
u32 result_u32;
Reported by FlawFinder.