The following issues were found
drivers/net/ethernet/intel/i40e/i40e_adminq.c
3 issues
Line: 879
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (buff != NULL) {
dma_buff = &(hw->aq.asq.r.asq_bi[hw->aq.asq.next_to_use]);
/* copy the user buff into the respective DMA buff */
memcpy(dma_buff->va, buff, buff_size);
desc_on_ring->datalen = cpu_to_le16(buff_size);
/* Update the address values in the desc with the pa value
* for respective buffer
*/
Reported by FlawFinder.
Line: 922
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (i40e_asq_done(hw)) {
*desc = *desc_on_ring;
if (buff != NULL)
memcpy(buff, dma_buff->va, buff_size);
retval = le16_to_cpu(desc->retval);
if (retval != 0) {
i40e_debug(hw,
I40E_DEBUG_AQ_MESSAGE,
"AQTX: Command completed with error 0x%X.\n",
Reported by FlawFinder.
Line: 1049
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
datalen = le16_to_cpu(desc->datalen);
e->msg_len = min(datalen, e->buf_len);
if (e->msg_buf != NULL && (e->msg_len != 0))
memcpy(e->msg_buf, hw->aq.arq.r.arq_bi[desc_idx].va,
e->msg_len);
i40e_debug(hw, I40E_DEBUG_AQ_COMMAND, "AQRX: desc and buffer:\n");
i40e_debug_aq(hw, I40E_DEBUG_AQ_COMMAND, (void *)desc, e->msg_buf,
hw->aq.arq_buf_size);
Reported by FlawFinder.
drivers/net/ieee802154/mrf24j40.c
3 issues
Line: 518
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* long write access need to set the 12th bit, so we
* make special handling for write.
*/
memcpy(buf, data, count);
buf[1] |= (1 << 4);
return spi_write(spi, buf, count);
}
Reported by FlawFinder.
Line: 689
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Device Address */
u8 i, addr[8];
memcpy(addr, &filt->ieee_addr, 8);
for (i = 0; i < 8; i++)
regmap_write(devrec->regmap_short, REG_EADR0 + i,
addr[i]);
#ifdef DEBUG
Reported by FlawFinder.
Line: 759
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 rx_local_buf[RX_FIFO_SIZE];
struct sk_buff *skb;
memcpy(rx_local_buf, devrec->rx_fifo_buf, len);
mrf24j40_handle_rx_read_buf_unlock(devrec);
skb = dev_alloc_skb(IEEE802154_MTU);
if (!skb) {
dev_err(printdev(devrec), "failed to allocate skb\n");
Reported by FlawFinder.
drivers/net/netdevsim/ethtool.c
3 issues
Line: 50
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct netdevsim *ns = netdev_priv(dev);
memcpy(coal, &ns->ethtool.coalesce, sizeof(ns->ethtool.coalesce));
return 0;
}
static int nsim_set_coalesce(struct net_device *dev,
struct ethtool_coalesce *coal)
Reported by FlawFinder.
Line: 68
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct netdevsim *ns = netdev_priv(dev);
memcpy(ring, &ns->ethtool.ring, sizeof(ns->ethtool.ring));
}
static int nsim_set_ringparam(struct net_device *dev,
struct ethtool_ringparam *ring)
{
Reported by FlawFinder.
Line: 87
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ns->ethtool.get_err)
return -ns->ethtool.get_err;
memcpy(fecparam, &ns->ethtool.fec, sizeof(ns->ethtool.fec));
return 0;
}
static int
nsim_set_fecparam(struct net_device *dev, struct ethtool_fecparam *fecparam)
Reported by FlawFinder.
drivers/net/ethernet/intel/i40e/i40e_client.c
3 issues
Line: 128
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memset(¶ms, 0, sizeof(params));
i40e_client_get_params(vsi, ¶ms);
memcpy(&cdev->lan_info.params, ¶ms, sizeof(struct i40e_params));
cdev->client->ops->l2_param_change(&cdev->lan_info, cdev->client,
¶ms);
}
/**
Reported by FlawFinder.
Line: 425
Column: 35
CWE codes:
362
*/
if (!test_bit(__I40E_CLIENT_INSTANCE_OPENED, &cdev->state)) {
if (vsi->netdev_registered &&
client->ops && client->ops->open) {
set_bit(__I40E_CLIENT_INSTANCE_OPENED, &cdev->state);
ret = client->ops->open(&cdev->lan_info, client);
if (ret) {
/* Remove failed client instance */
clear_bit(__I40E_CLIENT_INSTANCE_OPENED,
Reported by FlawFinder.
Line: 427
Column: 23
CWE codes:
362
if (vsi->netdev_registered &&
client->ops && client->ops->open) {
set_bit(__I40E_CLIENT_INSTANCE_OPENED, &cdev->state);
ret = client->ops->open(&cdev->lan_info, client);
if (ret) {
/* Remove failed client instance */
clear_bit(__I40E_CLIENT_INSTANCE_OPENED,
&cdev->state);
i40e_client_del_instance(pf);
Reported by FlawFinder.
drivers/net/netdevsim/bus.c
3 issues
Line: 101
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct nsim_bus_dev *nsim_bus_dev = to_nsim_bus_dev(dev);
return sprintf(buf, "%u\n", nsim_bus_dev->num_vfs);
}
static struct device_attribute nsim_bus_dev_numvfs_attr =
__ATTR(sriov_numvfs, 0664, nsim_bus_dev_numvfs_show,
nsim_bus_dev_numvfs_store);
Reported by FlawFinder.
Line: 113
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct nsim_bus_dev *nsim_bus_dev = file->private_data;
char buf[11];
ssize_t len;
len = snprintf(buf, sizeof(buf), "%u\n", nsim_bus_dev->max_vfs);
if (len < 0)
return len;
Reported by FlawFinder.
Line: 130
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nsim_bus_dev *nsim_bus_dev = file->private_data;
struct nsim_vf_config *vfconfigs;
ssize_t ret;
char buf[10];
u32 val;
if (*ppos != 0)
return 0;
Reported by FlawFinder.
drivers/net/ipvlan/ipvlan_main.c
3 issues
Line: 582
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* world but keep using the physical-dev address for the outgoing
* packets.
*/
memcpy(dev->dev_addr, phy_dev->dev_addr, ETH_ALEN);
dev->priv_flags |= IFF_NO_RX_HANDLER;
err = register_netdevice(dev);
if (err < 0)
Reported by FlawFinder.
Line: 812
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
addr->master = ipvlan;
if (!is_v6) {
memcpy(&addr->ip4addr, iaddr, sizeof(struct in_addr));
addr->atype = IPVL_IPV4;
#if IS_ENABLED(CONFIG_IPV6)
} else {
memcpy(&addr->ip6addr, iaddr, sizeof(struct in6_addr));
addr->atype = IPVL_IPV6;
Reported by FlawFinder.
Line: 816
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
addr->atype = IPVL_IPV4;
#if IS_ENABLED(CONFIG_IPV6)
} else {
memcpy(&addr->ip6addr, iaddr, sizeof(struct in6_addr));
addr->atype = IPVL_IPV6;
#endif
}
list_add_tail_rcu(&addr->anode, &ipvlan->addrs);
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_bloom_filter.c
3 issues
Line: 135
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (chunk_index = MLXSW_BLOOM_KEY_CHUNKS - chunk_count;
chunk_index < MLXSW_BLOOM_KEY_CHUNKS; chunk_index++) {
memset(chunk, 0, MLXSW_BLOOM_CHUNK_PAD_BYTES);
memcpy(chunk + MLXSW_BLOOM_CHUNK_PAD_BYTES, &erp_region_id,
sizeof(erp_region_id));
memcpy(chunk + MLXSW_BLOOM_CHUNK_KEY_OFFSET,
&aentry->enc_key[chunk_key_offsets[chunk_index]],
MLXSW_BLOOM_CHUNK_KEY_BYTES);
chunk += MLXSW_BLOOM_KEY_CHUNK_BYTES;
Reported by FlawFinder.
Line: 137
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(chunk, 0, MLXSW_BLOOM_CHUNK_PAD_BYTES);
memcpy(chunk + MLXSW_BLOOM_CHUNK_PAD_BYTES, &erp_region_id,
sizeof(erp_region_id));
memcpy(chunk + MLXSW_BLOOM_CHUNK_KEY_OFFSET,
&aentry->enc_key[chunk_key_offsets[chunk_index]],
MLXSW_BLOOM_CHUNK_KEY_BYTES);
chunk += MLXSW_BLOOM_KEY_CHUNK_BYTES;
}
*len = chunk_count * MLXSW_BLOOM_KEY_CHUNK_BYTES;
Reported by FlawFinder.
Line: 158
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_sp_acl_atcam_region *aregion,
struct mlxsw_sp_acl_atcam_entry *aentry)
{
char bf_key[MLXSW_BLOOM_KEY_LEN];
u8 bf_size;
mlxsw_sp_acl_bf_key_encode(aregion, aentry, bf_key, &bf_size);
return mlxsw_sp_acl_bf_crc(bf_key, bf_size);
}
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/fw/uefi.c
3 issues
Line: 32
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!pnvm_efivar)
return ERR_PTR(-ENOMEM);
memcpy(&pnvm_efivar->var.VariableName, IWL_UEFI_OEM_PNVM_NAME,
sizeof(IWL_UEFI_OEM_PNVM_NAME));
pnvm_efivar->var.VendorGuid = IWL_EFI_VAR_GUID;
/*
* TODO: we hardcode a maximum length here, because reading
Reported by FlawFinder.
Line: 114
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
reduce_power_data = tmp;
memcpy(reduce_power_data + size, data, tlv_len);
size += tlv_len;
break;
}
Reported by FlawFinder.
Line: 219
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!reduce_power_efivar)
return ERR_PTR(-ENOMEM);
memcpy(&reduce_power_efivar->var.VariableName, IWL_UEFI_REDUCED_POWER_NAME,
sizeof(IWL_UEFI_REDUCED_POWER_NAME));
reduce_power_efivar->var.VendorGuid = IWL_EFI_VAR_GUID;
/*
* TODO: we hardcode a maximum length here, because reading
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_flex_actions.c
3 issues
Line: 12
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *enc_actions, bool is_first, bool ca)
{
struct mlxsw_sp *mlxsw_sp = priv;
char pefa_pl[MLXSW_REG_PEFA_LEN];
u32 kvdl_index;
int err;
/* The first action set of a TCAM entry is stored directly in TCAM,
* not KVD linear area.
Reported by FlawFinder.
Line: 74
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool *activity)
{
struct mlxsw_sp *mlxsw_sp = priv;
char pefa_pl[MLXSW_REG_PEFA_LEN];
int err;
mlxsw_reg_pefa_pack(pefa_pl, kvdl_index, true, NULL);
err = mlxsw_reg_query(mlxsw_sp->core, MLXSW_REG(pefa), pefa_pl);
if (err)
Reported by FlawFinder.
Line: 89
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 local_port)
{
struct mlxsw_sp *mlxsw_sp = priv;
char ppbs_pl[MLXSW_REG_PPBS_LEN];
u32 kvdl_index;
int err;
err = mlxsw_sp_kvdl_alloc(mlxsw_sp, MLXSW_SP_KVDL_ENTRY_TYPE_PBS,
1, &kvdl_index);
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.h
3 issues
Line: 87
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head list; /* Member of a TCAM group */
enum mlxsw_reg_ptar_key_type key_type;
u16 id; /* ACL ID and region ID - they are same */
char tcam_region_info[MLXSW_REG_PXXX_TCAM_REGION_INFO_LEN];
struct mlxsw_afk_key_info *key_info;
struct mlxsw_sp *mlxsw_sp;
unsigned long priv[];
/* priv has to be always the last item */
};
Reported by FlawFinder.
Line: 174
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct mlxsw_sp_acl_atcam_entry_ht_key {
char full_enc_key[MLXSW_REG_PTCEX_FLEX_KEY_BLOCKS_LEN]; /* Encoded
* key.
*/
u8 erp_id;
};
Reported by FlawFinder.
Line: 188
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rhash_head ht_node;
struct list_head list; /* Member in entries_list */
struct mlxsw_sp_acl_atcam_entry_ht_key ht_key;
char enc_key[MLXSW_REG_PTCEX_FLEX_KEY_BLOCKS_LEN]; /* Encoded key,
* minus delta bits.
*/
struct {
u16 start;
u8 mask;
Reported by FlawFinder.