The following issues were found
drivers/net/ethernet/intel/ice/ice_lib.c
3 issues
Line: 1352
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ena) {
if (vsi->rss_lut_user)
memcpy(lut, vsi->rss_lut_user, vsi->rss_table_size);
else
ice_fill_rss_lut(lut, vsi->rss_table_size,
vsi->rss_size);
}
Reported by FlawFinder.
Line: 1381
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
if (vsi->rss_lut_user)
memcpy(lut, vsi->rss_lut_user, vsi->rss_table_size);
else
ice_fill_rss_lut(lut, vsi->rss_table_size, vsi->rss_size);
err = ice_set_rss_lut(vsi, lut, vsi->rss_table_size);
if (err) {
Reported by FlawFinder.
Line: 1398
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (vsi->rss_hkey_user)
memcpy(key, vsi->rss_hkey_user, ICE_GET_SET_RSS_KEY_EXTEND_KEY_SIZE);
else
netdev_rss_key_fill((void *)key, ICE_GET_SET_RSS_KEY_EXTEND_KEY_SIZE);
err = ice_set_rss_key(vsi, key);
if (err)
Reported by FlawFinder.
drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c
3 issues
Line: 2095
Column: 2
CWE codes:
120
return -EINVAL;
}
strncpy(fw_info->fw_file_name, QLC_83XX_POST_FW_FILE_NAME,
QLC_FW_FILE_NAME_LEN);
ret = request_firmware(&fw_info->fw, fw_info->fw_file_name, dev);
if (ret) {
dev_err(dev, "POST firmware can not be loaded, skipping POST\n");
Reported by FlawFinder.
Line: 2399
Column: 4
CWE codes:
120
switch (pdev->device) {
case PCI_DEVICE_ID_QLOGIC_QLE834X:
case PCI_DEVICE_ID_QLOGIC_QLE8830:
strncpy(fw_info->fw_file_name, QLC_83XX_FW_FILE_NAME,
QLC_FW_FILE_NAME_LEN);
break;
case PCI_DEVICE_ID_QLOGIC_QLE844X:
strncpy(fw_info->fw_file_name, QLC_84XX_FW_FILE_NAME,
QLC_FW_FILE_NAME_LEN);
Reported by FlawFinder.
Line: 2403
Column: 4
CWE codes:
120
QLC_FW_FILE_NAME_LEN);
break;
case PCI_DEVICE_ID_QLOGIC_QLE844X:
strncpy(fw_info->fw_file_name, QLC_84XX_FW_FILE_NAME,
QLC_FW_FILE_NAME_LEN);
break;
default:
dev_err(&pdev->dev, "%s: Invalid device id\n",
__func__);
Reported by FlawFinder.
drivers/net/ethernet/marvell/prestera/prestera_ethtool.c
3 issues
Line: 264
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
};
static const char prestera_cnt_name[PRESTERA_STATS_CNT][ETH_GSTRING_LEN] = {
PRESTERA_STATS_FIELD(good_octets_received),
PRESTERA_STATS_FIELD(bad_octets_received),
PRESTERA_STATS_FIELD(mac_trans_error),
PRESTERA_STATS_FIELD(broadcast_frames_received),
PRESTERA_STATS_FIELD(multicast_frames_received),
Reported by FlawFinder.
Line: 743
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (stringset != ETH_SS_STATS)
return;
memcpy(data, prestera_cnt_name, sizeof(prestera_cnt_name));
}
static void prestera_ethtool_get_stats(struct net_device *dev,
struct ethtool_stats *stats, u64 *data)
{
Reported by FlawFinder.
Line: 754
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
port_stats = &port->cached_hw_stats.stats;
memcpy(data, port_stats, sizeof(*port_stats));
}
static int prestera_ethtool_nway_reset(struct net_device *dev)
{
struct prestera_port *port = netdev_priv(dev);
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads_termtbl.c
3 issues
Line: 143
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tt->dest.vport.num = dest->vport.num;
tt->dest.vport.vhca_id = dest->vport.vhca_id;
tt->dest.vport.flags = dest->vport.flags;
memcpy(&tt->flow_act, flow_act, sizeof(*flow_act));
err = mlx5_eswitch_termtbl_create(esw->dev, tt, flow_act);
if (err)
goto tt_create_err;
Reported by FlawFinder.
Line: 183
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (src->action & MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH) {
src->action &= ~MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH;
dst->action |= MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH;
memcpy(&dst->vlan[0], &src->vlan[0], sizeof(src->vlan[0]));
memset(&src->vlan[0], 0, sizeof(src->vlan[0]));
if (src->action & MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH_2) {
src->action &= ~MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH_2;
dst->action |= MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH_2;
Reported by FlawFinder.
Line: 189
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (src->action & MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH_2) {
src->action &= ~MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH_2;
dst->action |= MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH_2;
memcpy(&dst->vlan[1], &src->vlan[1], sizeof(src->vlan[1]));
memset(&src->vlan[1], 0, sizeof(src->vlan[1]));
}
}
}
Reported by FlawFinder.
drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c
3 issues
Line: 831
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mv.mac_addr4 = addr[4];
mv.mac_addr5 = addr[5];
buf = &cmd->req.arg[2];
memcpy(buf, &mv, sizeof(struct qlcnic_macvlan_mbx));
err = qlcnic_issue_cmd(adapter, cmd);
if (!err)
return err;
Reported by FlawFinder.
Line: 1841
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EOPNOTSUPP;
}
memcpy(curr_mac, mac, netdev->addr_len);
netdev_info(netdev, "MAC Address %pM is configured for VF %d\n",
mac, vf);
return 0;
}
Reported by FlawFinder.
Line: 2005
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
vp = sriov->vf_info[vf].vp;
memcpy(&ivi->mac, vp->mac, ETH_ALEN);
ivi->vlan = qlcnic_sriov_get_vf_vlan(adapter, vp, vf);
ivi->qos = vp->qos;
ivi->spoofchk = vp->spoofchk;
if (vp->max_tx_bw == MAX_BW)
ivi->max_tx_rate = 0;
Reported by FlawFinder.
drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c
3 issues
Line: 2789
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fw_cmd.ver_build = build;
fw_cmd.ver_sub = sub;
fw_cmd.hdr.checksum = 0;
memcpy(fw_cmd.driver_string, driver_ver, len);
fw_cmd.hdr.checksum = ixgbe_calculate_checksum((u8 *)&fw_cmd,
(FW_CEM_HDR_LEN + fw_cmd.hdr.buf_len));
for (i = 0; i <= FW_CEM_MAX_RETRIES; i++) {
ret_val = ixgbe_host_interface_command(hw, (u32 *)&fw_cmd,
Reported by FlawFinder.
Line: 1130
Column: 26
CWE codes:
120
20
* not continue or we could be in for a very long wait while every
* EEPROM read fails
*/
status = hw->eeprom.ops.read(hw, 0, &checksum);
if (status) {
hw_dbg(hw, "EEPROM read failed\n");
return status;
}
Reported by FlawFinder.
Line: 3039
Column: 26
CWE codes:
120
20
if (status)
return status;
status = hw->eeprom.ops.read(hw, NVM_INIT_CTRL_3,
&hw->eeprom.ctrl_word_3);
if (status)
return status;
/* If link is down, LPLU disabled in NVM, WoL disabled, or
Reported by FlawFinder.
drivers/net/ethernet/freescale/fman/fman_port.c
3 issues
Line: 929
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&ordered_array, 0, sizeof(u8) * FMAN_PORT_MAX_EXT_POOLS_NUM);
memset(&sizes_array, 0, sizeof(u16) * BM_MAX_NUM_OF_POOLS);
memcpy(&port->ext_buf_pools, ext_buf_pools,
sizeof(struct fman_ext_pools));
fman_sp_set_buf_pools_in_asc_order_of_buf_sizes(ext_buf_pools,
ordered_array,
sizes_array);
Reported by FlawFinder.
Line: 1276
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
port->cfg->discard_mask = DFLT_PORT_ERRORS_TO_DISCARD;
memcpy(&port->cfg->ext_buf_pools,
&port_params->specific_params.rx_params.ext_buf_pools,
sizeof(struct fman_ext_pools));
port->cfg->err_fqid =
port_params->specific_params.rx_params.err_fqid;
port->cfg->dflt_fqid =
Reported by FlawFinder.
Line: 1560
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (is_init_done(port->cfg))
return -EINVAL;
memcpy(&port->cfg->buffer_prefix_content,
buffer_prefix_content,
sizeof(struct fman_buffer_prefix_content));
/* if data_align was not initialized by user,
* we return to driver's default
*/
Reported by FlawFinder.
drivers/net/ethernet/huawei/hinic/hinic_main.c
3 issues
Line: 651
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int hinic_set_mac_addr(struct net_device *netdev, void *addr)
{
unsigned char new_mac[ETH_ALEN];
struct sockaddr *saddr = addr;
int err;
memcpy(new_mac, saddr->sa_data, ETH_ALEN);
Reported by FlawFinder.
Line: 655
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct sockaddr *saddr = addr;
int err;
memcpy(new_mac, saddr->sa_data, ETH_ALEN);
err = change_mac_addr(netdev, new_mac);
if (!err)
memcpy(netdev->dev_addr, new_mac, ETH_ALEN);
Reported by FlawFinder.
Line: 659
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err = change_mac_addr(netdev, new_mac);
if (!err)
memcpy(netdev->dev_addr, new_mac, ETH_ALEN);
return err;
}
/**
Reported by FlawFinder.
drivers/net/wireless/ath/ath10k/usb.c
3 issues
Line: 537
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
}
memcpy((u8 *)data, buf, size);
kfree(buf);
return 0;
}
Reported by FlawFinder.
Line: 599
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (resp_len != sizeof(struct ath10k_usb_ctrl_diag_resp_read))
return -EMSGSIZE;
memcpy(buf, ar_usb->diag_resp_buffer,
sizeof(struct ath10k_usb_ctrl_diag_resp_read));
return 0;
}
Reported by FlawFinder.
Line: 619
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(cmd, 0, sizeof(*cmd));
cmd->cmd = cpu_to_le32(ATH10K_USB_CTRL_DIAG_CC_WRITE);
cmd->address = cpu_to_le32(address);
memcpy(&cmd->value, data, nbytes);
ret = ath10k_usb_ctrl_msg_exchange(ar,
ATH10K_USB_CONTROL_REQ_DIAG_CMD,
(u8 *)cmd,
sizeof(*cmd),
Reported by FlawFinder.
drivers/net/wireless/intel/ipw2x00/libipw_geo.c
3 issues
Line: 124
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void libipw_set_geo(struct libipw_device *ieee,
const struct libipw_geo *geo)
{
memcpy(ieee->geo.name, geo->name, 3);
ieee->geo.name[3] = '\0';
ieee->geo.bg_channels = geo->bg_channels;
ieee->geo.a_channels = geo->a_channels;
memcpy(ieee->geo.bg, geo->bg, geo->bg_channels *
sizeof(struct libipw_channel));
Reported by FlawFinder.
Line: 128
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ieee->geo.name[3] = '\0';
ieee->geo.bg_channels = geo->bg_channels;
ieee->geo.a_channels = geo->a_channels;
memcpy(ieee->geo.bg, geo->bg, geo->bg_channels *
sizeof(struct libipw_channel));
memcpy(ieee->geo.a, geo->a, ieee->geo.a_channels *
sizeof(struct libipw_channel));
}
Reported by FlawFinder.
Line: 130
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ieee->geo.a_channels = geo->a_channels;
memcpy(ieee->geo.bg, geo->bg, geo->bg_channels *
sizeof(struct libipw_channel));
memcpy(ieee->geo.a, geo->a, ieee->geo.a_channels *
sizeof(struct libipw_channel));
}
const struct libipw_geo *libipw_get_geo(struct libipw_device *ieee)
{
Reported by FlawFinder.