The following issues were found
drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.c
3 issues
Line: 82
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
outer_headers.dst_ipv4_dst_ipv6.ipv6_layout.ipv6);
saddr = MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.src_ipv4_src_ipv6.ipv6_layout.ipv6);
memcpy(&tun_attr->dst_ip.v6, daddr, ipv6_size);
memcpy(&tun_attr->src_ip.v6, saddr, ipv6_size);
if (!memcmp(&tun_attr->dst_ip.v6, &zerov6, sizeof(zerov6)) ||
!memcmp(&tun_attr->src_ip.v6, &zerov6, sizeof(zerov6)))
return 0;
}
Reported by FlawFinder.
Line: 83
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
saddr = MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.src_ipv4_src_ipv6.ipv6_layout.ipv6);
memcpy(&tun_attr->dst_ip.v6, daddr, ipv6_size);
memcpy(&tun_attr->src_ip.v6, saddr, ipv6_size);
if (!memcmp(&tun_attr->dst_ip.v6, &zerov6, sizeof(zerov6)) ||
!memcmp(&tun_attr->src_ip.v6, &zerov6, sizeof(zerov6)))
return 0;
}
#endif
Reported by FlawFinder.
Line: 1593
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!fib_work)
return ERR_PTR(-ENOMEM);
memcpy(&key.endpoint_ip.v6, &fen_info->rt->fib6_dst.addr,
sizeof(fen_info->rt->fib6_dst.addr));
key.ip_version = 6;
/* Can't fail after this point because releasing reference to r
* requires obtaining sleeping mutex which we can't do in atomic
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx4/cmd.c
3 issues
Line: 958
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*state = (*state & 0xf0) | vf_port_state(dev, port, slave);
slave_cap_mask = priv->mfunc.master.slave_state[slave].ib_cap_mask[port];
memcpy(outsmp->data + PORT_CAPABILITY_LOCATION_IN_SMP, &slave_cap_mask, 4);
}
return err;
}
if (smp->attr_id == IB_SMP_ATTR_GUID_INFO) {
__be64 guid = mlx4_get_admin_guid(dev, slave,
Reported by FlawFinder.
Line: 985
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*(__be64 *)outsmp->
data, slave, port);
} else {
memcpy(outsmp->data, &guid, 8);
}
/* clean all other gids */
memset(outsmp->data + 8, 0, 56);
return 0;
Reported by FlawFinder.
Line: 998
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vhcr->op, MLX4_CMD_TIME_CLASS_C, MLX4_CMD_NATIVE);
if (!err) {
slave_node_guid = mlx4_get_slave_node_guid(dev, slave);
memcpy(outsmp->data + 12, &slave_node_guid, 8);
}
return err;
}
}
}
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/dvm/tx.c
3 issues
Line: 201
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (keyconf->cipher) {
case WLAN_CIPHER_SUITE_CCMP:
tx_cmd->sec_ctl = TX_CMD_SEC_CCM;
memcpy(tx_cmd->key, keyconf->key, keyconf->keylen);
if (info->flags & IEEE80211_TX_CTL_AMPDU)
tx_cmd->tx_flags |= TX_CMD_FLG_AGG_CCMP_MSK;
break;
case WLAN_CIPHER_SUITE_TKIP:
Reported by FlawFinder.
Line: 218
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tx_cmd->sec_ctl |= (TX_CMD_SEC_WEP |
(keyconf->keyidx & TX_CMD_SEC_MSK) << TX_CMD_SEC_SHIFT);
memcpy(&tx_cmd->key[3], keyconf->key, keyconf->keylen);
IWL_DEBUG_TX(priv, "Configuring packet for WEP encryption "
"with key %d\n", keyconf->keyidx);
break;
Reported by FlawFinder.
Line: 416
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Copy MAC header from skb into command buffer */
memcpy(tx_cmd->hdr, hdr, hdr_len);
txq_id = info->hw_queue;
if (is_agg)
txq_id = priv->tid_data[sta_id][tid].agg.txq_id;
Reported by FlawFinder.
drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h
3 issues
Line: 185
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*mac para struct ,mac get param from nic or dsaf when initialize*/
struct mac_params {
char addr[ETH_ALEN];
u8 __iomem *vaddr; /*virtual address*/
struct device *dev;
u8 mac_id;
/**< Ethernet operation mode (MAC-PHY interface and speed) */
enum mac_mode mac_mode;
Reported by FlawFinder.
Line: 313
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 __iomem *serdes_vaddr;
struct regmap *serdes_ctrl;
struct regmap *cpld_ctrl;
char mc_mask[ETH_ALEN];
u32 cpld_ctrl_reg;
u32 port_rst_off;
u32 port_mode_off;
struct mac_entry_idx addr_entry_idx[DSAF_MAX_VM_NUM];
u8 sfp_prsnt;
Reported by FlawFinder.
Line: 404
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct mac_stats_string {
const char desc[ETH_GSTRING_LEN];
unsigned long offset;
};
#define MAC_MAKE_MODE(interface, speed) (enum mac_mode)((interface) | (speed))
#define MAC_INTERFACE_FROM_MODE(mode) (enum mac_intf)((mode) & 0xFFFF0000)
Reported by FlawFinder.
drivers/net/ethernet/microchip/sparx5/sparx5_main.h
3 issues
Line: 185
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* sparx5_mactable.c */
void sparx5_mact_pull_work(struct work_struct *work);
int sparx5_mact_learn(struct sparx5 *sparx5, int port,
const unsigned char mac[ETH_ALEN], u16 vid);
bool sparx5_mact_getnext(struct sparx5 *sparx5,
unsigned char mac[ETH_ALEN], u16 *vid, u32 *pcfg2);
int sparx5_mact_forget(struct sparx5 *sparx5,
const unsigned char mac[ETH_ALEN], u16 vid);
int sparx5_add_mact_entry(struct sparx5 *sparx5,
Reported by FlawFinder.
Line: 187
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int sparx5_mact_learn(struct sparx5 *sparx5, int port,
const unsigned char mac[ETH_ALEN], u16 vid);
bool sparx5_mact_getnext(struct sparx5 *sparx5,
unsigned char mac[ETH_ALEN], u16 *vid, u32 *pcfg2);
int sparx5_mact_forget(struct sparx5 *sparx5,
const unsigned char mac[ETH_ALEN], u16 vid);
int sparx5_add_mact_entry(struct sparx5 *sparx5,
struct sparx5_port *port,
const unsigned char *addr, u16 vid);
Reported by FlawFinder.
Line: 189
Column: 25
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool sparx5_mact_getnext(struct sparx5 *sparx5,
unsigned char mac[ETH_ALEN], u16 *vid, u32 *pcfg2);
int sparx5_mact_forget(struct sparx5 *sparx5,
const unsigned char mac[ETH_ALEN], u16 vid);
int sparx5_add_mact_entry(struct sparx5 *sparx5,
struct sparx5_port *port,
const unsigned char *addr, u16 vid);
int sparx5_del_mact_entry(struct sparx5 *sparx5,
const unsigned char *addr,
Reported by FlawFinder.
drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c
3 issues
Line: 27
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "hns_dsaf_rcb.h"
#include "hns_dsaf_misc.h"
static const char *g_dsaf_mode_match[DSAF_MODE_MAX] = {
[DSAF_MODE_DISABLE_2PORT_64VM] = "2port-64vf",
[DSAF_MODE_DISABLE_6PORT_0VM] = "6port-16rss",
[DSAF_MODE_DISABLE_6PORT_16VM] = "6port-16vf",
[DSAF_MODE_DISABLE_SP] = "single-port",
};
Reported by FlawFinder.
Line: 1733
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (MAC_IS_BROADCAST(addr))
eth_broadcast_addr(mask);
else
memcpy(mask, dsaf_dev->mac_cb[port_num]->mc_mask, ETH_ALEN);
}
static void hns_dsaf_mc_mask_bit_clear(char *dst, const char *src)
{
u16 *a = (u16 *)dst;
Reported by FlawFinder.
Line: 2852
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dsaf_set_bit(tbl_tcam_mcast.tbl_mcast_port_msk[mskid / 32],
mskid % 32, 1);
memcpy(&temp_key, &mask_key, sizeof(mask_key));
hns_dsaf_tcam_mc_cfg_vague(dsaf_dev, entry_index, &tbl_tcam_data_mc,
(struct dsaf_tbl_tcam_data *)(&mask_key),
&tbl_tcam_mcast);
/* update software entry */
Reported by FlawFinder.
drivers/net/ethernet/intel/igbvf/vf.h
3 issues
Line: 76
Column: 4
CWE codes:
120
20
__le64 buffer_addr; /* Address of descriptor's data buf */
__le32 cmd_type_len;
__le32 olinfo_status;
} read;
struct {
__le64 rsvd; /* Reserved */
__le32 nxtseq_seed;
__le32 status;
} wb;
Reported by FlawFinder.
Line: 185
Column: 8
CWE codes:
120
20
struct e1000_mbx_operations {
s32 (*init_params)(struct e1000_hw *hw);
s32 (*read)(struct e1000_hw *, u32 *, u16);
s32 (*write)(struct e1000_hw *, u32 *, u16);
s32 (*read_posted)(struct e1000_hw *, u32 *, u16);
s32 (*write_posted)(struct e1000_hw *, u32 *, u16);
s32 (*check_for_msg)(struct e1000_hw *);
s32 (*check_for_ack)(struct e1000_hw *);
Reported by FlawFinder.
drivers/net/ethernet/mscc/ocelot.h
3 issues
Line: 90
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ocelot_multicast {
struct list_head list;
enum macaccess_entry_type entry_type;
unsigned char addr[ETH_ALEN];
u16 vid;
u16 ports;
struct ocelot_pgid *pgid;
};
Reported by FlawFinder.
Line: 99
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ocelot_port_fdb_do_dump(const unsigned char *addr, u16 vid,
bool is_static, void *data);
int ocelot_mact_learn(struct ocelot *ocelot, int port,
const unsigned char mac[ETH_ALEN],
unsigned int vid, enum macaccess_entry_type type);
int ocelot_mact_forget(struct ocelot *ocelot,
const unsigned char mac[ETH_ALEN], unsigned int vid);
struct net_device *ocelot_port_to_netdev(struct ocelot *ocelot, int port);
int ocelot_netdev_to_port(struct net_device *dev);
Reported by FlawFinder.
Line: 102
Column: 25
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const unsigned char mac[ETH_ALEN],
unsigned int vid, enum macaccess_entry_type type);
int ocelot_mact_forget(struct ocelot *ocelot,
const unsigned char mac[ETH_ALEN], unsigned int vid);
struct net_device *ocelot_port_to_netdev(struct ocelot *ocelot, int port);
int ocelot_netdev_to_port(struct net_device *dev);
u32 ocelot_port_readl(struct ocelot_port *port, u32 reg);
void ocelot_port_writel(struct ocelot_port *port, u32 val, u32 reg);
Reported by FlawFinder.
drivers/net/wireless/broadcom/b43/b43.h
3 issues
Line: 752
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* The type of firmware to request. */
enum b43_firmware_file_type req_type;
/* Error messages for each firmware type. */
char errors[B43_NR_FWTYPES][128];
/* Temporary buffer for storing the firmware name. */
char fwname[64];
/* A fatal error occurred while requesting. Firmware request
* can not continue, as any other request will also fail. */
int fatal_failure;
Reported by FlawFinder.
Line: 754
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Error messages for each firmware type. */
char errors[B43_NR_FWTYPES][128];
/* Temporary buffer for storing the firmware name. */
char fwname[64];
/* A fatal error occurred while requesting. Firmware request
* can not continue, as any other request will also fail. */
int fatal_failure;
};
Reported by FlawFinder.
Line: 935
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef CONFIG_B43_HWRNG
struct hwrng rng;
bool rng_initialized;
char rng_name[30 + 1];
#endif /* CONFIG_B43_HWRNG */
bool radiotap_enabled;
bool radio_enabled;
Reported by FlawFinder.
drivers/net/ethernet/hisilicon/hns/hns_enet.c
3 issues
Line: 577
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*out_bnum = bnum;
if (length <= HNS_RX_HEAD_SIZE) {
memcpy(__skb_put(skb, length), va, ALIGN(length, sizeof(long)));
/* we can reuse buffer as-is, just make sure it is local */
if (likely(page_to_nid(desc_cb->priv) == numa_node_id()))
desc_cb->reuse_flag = 1;
else /* this page cannot be reused so discard it */
Reported by FlawFinder.
Line: 595
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ring->stats.seg_pkt_cnt++;
pull_len = eth_get_headlen(ndev, va, HNS_RX_HEAD_SIZE);
memcpy(__skb_put(skb, pull_len), va,
ALIGN(pull_len, sizeof(long)));
hns_nic_reuse_page(skb, 0, ring, pull_len, desc_cb);
ring_ptr_move_fw(ring, next_to_clean);
Reported by FlawFinder.
Line: 1197
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
}
memcpy(ndev->dev_addr, mac_addr->sa_data, ndev->addr_len);
return 0;
}
static void hns_nic_update_stats(struct net_device *netdev)
Reported by FlawFinder.