The following issues were found
drivers/net/bonding/bond_3ad.c
21 issues
Line: 382
Column: 42
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
{
const struct bonding *bond = bond_get_bond_by_slave(port->slave);
port->actor_system = BOND_AD_INFO(bond).system.sys_mac_addr;
port->actor_system_priority = BOND_AD_INFO(bond).system.sys_priority;
}
/* Conversions */
Reported by FlawFinder.
Line: 383
Column: 51
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
const struct bonding *bond = bond_get_bond_by_slave(port->slave);
port->actor_system = BOND_AD_INFO(bond).system.sys_mac_addr;
port->actor_system_priority = BOND_AD_INFO(bond).system.sys_priority;
}
/* Conversions */
/**
Reported by FlawFinder.
Line: 558
Column: 59
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
*/
if (ntohs(lacpdu->actor_port) != partner->port_number ||
ntohs(lacpdu->actor_port_priority) != partner->port_priority ||
!MAC_ADDRESS_EQUAL(&lacpdu->actor_system, &partner->system) ||
ntohs(lacpdu->actor_system_priority) != partner->system_priority ||
ntohs(lacpdu->actor_key) != partner->key ||
(lacpdu->actor_state & LACP_STATE_AGGREGATION) != (partner->port_state & LACP_STATE_AGGREGATION)) {
port->sm_vars &= ~AD_PORT_SELECTED;
}
Reported by FlawFinder.
Line: 590
Column: 49
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
*/
if (admin->port_number != oper->port_number ||
admin->port_priority != oper->port_priority ||
!MAC_ADDRESS_EQUAL(&admin->system, &oper->system) ||
admin->system_priority != oper->system_priority ||
admin->key != oper->key ||
(admin->port_state & LACP_STATE_AGGREGATION)
!= (oper->port_state & LACP_STATE_AGGREGATION)) {
port->sm_vars &= ~AD_PORT_SELECTED;
Reported by FlawFinder.
Line: 590
Column: 34
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
*/
if (admin->port_number != oper->port_number ||
admin->port_priority != oper->port_priority ||
!MAC_ADDRESS_EQUAL(&admin->system, &oper->system) ||
admin->system_priority != oper->system_priority ||
admin->key != oper->key ||
(admin->port_state & LACP_STATE_AGGREGATION)
!= (oper->port_state & LACP_STATE_AGGREGATION)) {
port->sm_vars &= ~AD_PORT_SELECTED;
Reported by FlawFinder.
Line: 812
Column: 36
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
*/
lacpdu->partner_system_priority = htons(partner->system_priority);
lacpdu->partner_system = partner->system;
lacpdu->partner_key = htons(partner->key);
lacpdu->partner_port_priority = htons(partner->port_priority);
lacpdu->partner_port = htons(partner->port_number);
lacpdu->partner_state = partner->port_state;
Reported by FlawFinder.
Line: 1471
Column: 78
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
}
/* check if current aggregator suits us */
if (((aggregator->actor_oper_aggregator_key == port->actor_oper_port_key) && /* if all parameters match AND */
MAC_ADDRESS_EQUAL(&(aggregator->partner_system), &(port->partner_oper.system)) &&
(aggregator->partner_system_priority == port->partner_oper.system_priority) &&
(aggregator->partner_oper_aggregator_key == port->partner_oper.key)
) &&
((!MAC_ADDRESS_EQUAL(&(port->partner_oper.system), &(null_mac_addr)) && /* partner answers */
!aggregator->is_individual) /* but is not individual OR */
Reported by FlawFinder.
Line: 1475
Column: 49
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
(aggregator->partner_system_priority == port->partner_oper.system_priority) &&
(aggregator->partner_oper_aggregator_key == port->partner_oper.key)
) &&
((!MAC_ADDRESS_EQUAL(&(port->partner_oper.system), &(null_mac_addr)) && /* partner answers */
!aggregator->is_individual) /* but is not individual OR */
)
) {
/* attach to the founded aggregator */
port->aggregator = aggregator;
Reported by FlawFinder.
Line: 1521
Column: 24
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
port->aggregator->actor_oper_aggregator_key =
port->actor_oper_port_key;
port->aggregator->partner_system =
port->partner_oper.system;
port->aggregator->partner_system_priority =
port->partner_oper.system_priority;
port->aggregator->partner_oper_aggregator_key = port->partner_oper.key;
port->aggregator->receive_state = 1;
port->aggregator->transmit_state = 1;
Reported by FlawFinder.
Line: 2009
Column: 46
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
void bond_3ad_initialize(struct bonding *bond, u16 tick_resolution)
{
/* check that the bond is not initialized yet */
if (!MAC_ADDRESS_EQUAL(&(BOND_AD_INFO(bond).system.sys_mac_addr),
bond->dev->dev_addr)) {
BOND_AD_INFO(bond).aggregator_identifier = 0;
BOND_AD_INFO(bond).system.sys_priority =
Reported by FlawFinder.
drivers/s390/cio/trace.h
21 issues
Line: 169
__entry->cc = cc;
if (cc != 0)
memset(&__entry->tpi_info, 0, sizeof(struct tpi_info));
else if (addr)
__entry->tpi_info = *addr;
else
__entry->tpi_info = S390_lowcore.tpi_info;
__entry->cssid = __entry->tpi_info.schid.cssid;
__entry->ssid = __entry->tpi_info.schid.ssid;
Reported by Cppcheck.
Line: 169
__entry->cc = cc;
if (cc != 0)
memset(&__entry->tpi_info, 0, sizeof(struct tpi_info));
else if (addr)
__entry->tpi_info = *addr;
else
__entry->tpi_info = S390_lowcore.tpi_info;
__entry->cssid = __entry->tpi_info.schid.cssid;
__entry->ssid = __entry->tpi_info.schid.ssid;
Reported by Cppcheck.
Line: 169
__entry->cc = cc;
if (cc != 0)
memset(&__entry->tpi_info, 0, sizeof(struct tpi_info));
else if (addr)
__entry->tpi_info = *addr;
else
__entry->tpi_info = S390_lowcore.tpi_info;
__entry->cssid = __entry->tpi_info.schid.cssid;
__entry->ssid = __entry->tpi_info.schid.ssid;
Reported by Cppcheck.
Line: 169
__entry->cc = cc;
if (cc != 0)
memset(&__entry->tpi_info, 0, sizeof(struct tpi_info));
else if (addr)
__entry->tpi_info = *addr;
else
__entry->tpi_info = S390_lowcore.tpi_info;
__entry->cssid = __entry->tpi_info.schid.cssid;
__entry->ssid = __entry->tpi_info.schid.ssid;
Reported by Cppcheck.
Line: 169
__entry->cc = cc;
if (cc != 0)
memset(&__entry->tpi_info, 0, sizeof(struct tpi_info));
else if (addr)
__entry->tpi_info = *addr;
else
__entry->tpi_info = S390_lowcore.tpi_info;
__entry->cssid = __entry->tpi_info.schid.cssid;
__entry->ssid = __entry->tpi_info.schid.ssid;
Reported by Cppcheck.
Line: 169
__entry->cc = cc;
if (cc != 0)
memset(&__entry->tpi_info, 0, sizeof(struct tpi_info));
else if (addr)
__entry->tpi_info = *addr;
else
__entry->tpi_info = S390_lowcore.tpi_info;
__entry->cssid = __entry->tpi_info.schid.cssid;
__entry->ssid = __entry->tpi_info.schid.ssid;
Reported by Cppcheck.
Line: 169
__entry->cc = cc;
if (cc != 0)
memset(&__entry->tpi_info, 0, sizeof(struct tpi_info));
else if (addr)
__entry->tpi_info = *addr;
else
__entry->tpi_info = S390_lowcore.tpi_info;
__entry->cssid = __entry->tpi_info.schid.cssid;
__entry->ssid = __entry->tpi_info.schid.ssid;
Reported by Cppcheck.
Line: 169
__entry->cc = cc;
if (cc != 0)
memset(&__entry->tpi_info, 0, sizeof(struct tpi_info));
else if (addr)
__entry->tpi_info = *addr;
else
__entry->tpi_info = S390_lowcore.tpi_info;
__entry->cssid = __entry->tpi_info.schid.cssid;
__entry->ssid = __entry->tpi_info.schid.ssid;
Reported by Cppcheck.
Line: 169
__entry->cc = cc;
if (cc != 0)
memset(&__entry->tpi_info, 0, sizeof(struct tpi_info));
else if (addr)
__entry->tpi_info = *addr;
else
__entry->tpi_info = S390_lowcore.tpi_info;
__entry->cssid = __entry->tpi_info.schid.cssid;
__entry->ssid = __entry->tpi_info.schid.ssid;
Reported by Cppcheck.
Line: 169
__entry->cc = cc;
if (cc != 0)
memset(&__entry->tpi_info, 0, sizeof(struct tpi_info));
else if (addr)
__entry->tpi_info = *addr;
else
__entry->tpi_info = S390_lowcore.tpi_info;
__entry->cssid = __entry->tpi_info.schid.cssid;
__entry->ssid = __entry->tpi_info.schid.ssid;
Reported by Cppcheck.
fs/cifs/cifsencrypt.c
21 issues
Line: 135
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 *pexpected_response_sequence_number)
{
int rc = 0;
char smb_signature[20];
struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
if (rqst->rq_iov[0].iov_len != 4 ||
rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
return -EIO;
Reported by FlawFinder.
Line: 150
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return rc;
if (!server->session_estab) {
memcpy(cifs_pdu->Signature.SecuritySignature, "BSRSPYL", 8);
return rc;
}
cifs_pdu->Signature.Sequence.SequenceNumber =
cpu_to_le32(server->sequence_number);
Reported by FlawFinder.
Line: 165
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rc)
memset(cifs_pdu->Signature.SecuritySignature, 0, 8);
else
memcpy(cifs_pdu->Signature.SecuritySignature, smb_signature, 8);
return rc;
}
int cifs_sign_smbv(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
Reported by FlawFinder.
Line: 199
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 expected_sequence_number)
{
unsigned int rc;
char server_response_sig[8];
char what_we_think_sig_should_be[20];
struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
if (rqst->rq_iov[0].iov_len != 4 ||
rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
Reported by FlawFinder.
Line: 200
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned int rc;
char server_response_sig[8];
char what_we_think_sig_should_be[20];
struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
if (rqst->rq_iov[0].iov_len != 4 ||
rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
return -EIO;
Reported by FlawFinder.
Line: 230
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* save off the origiginal signature so we can modify the smb and check
its signature against what the server sent */
memcpy(server_response_sig, cifs_pdu->Signature.SecuritySignature, 8);
cifs_pdu->Signature.Sequence.SequenceNumber =
cpu_to_le32(expected_sequence_number);
cifs_pdu->Signature.Sequence.Reserved = 0;
Reported by FlawFinder.
Line: 258
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int rc = 0;
unsigned int temp_len = CIFS_SESS_KEY_SIZE + CIFS_AUTH_RESP_SIZE;
char temp_key[CIFS_SESS_KEY_SIZE];
if (!ses)
return -EINVAL;
ses->auth_key.response = kmalloc(temp_len, GFP_KERNEL);
Reported by FlawFinder.
Line: 298
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int i, len;
int rc;
char password_with_pad[CIFS_ENCPWD_SIZE] = {0};
if (password) {
for (len = 0; len < CIFS_ENCPWD_SIZE; len++)
if (!password[len])
break;
Reported by FlawFinder.
Line: 305
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!password[len])
break;
memcpy(password_with_pad, password, len);
}
if (!encrypt && global_secflags & CIFSSEC_MAY_PLNTXT) {
memcpy(lnm_session_key, password_with_pad,
CIFS_ENCPWD_SIZE);
Reported by FlawFinder.
Line: 309
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (!encrypt && global_secflags & CIFSSEC_MAY_PLNTXT) {
memcpy(lnm_session_key, password_with_pad,
CIFS_ENCPWD_SIZE);
return 0;
}
/* calculate old style session key */
Reported by FlawFinder.
drivers/staging/rtl8188eu/core/rtw_xmit.c
21 issues
Line: 407
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pattrib->ether_type = ntohs(etherhdr.h_proto);
memcpy(pattrib->dst, ðerhdr.h_dest, ETH_ALEN);
memcpy(pattrib->src, ðerhdr.h_source, ETH_ALEN);
pattrib->pctrl = 0;
if (check_fwstate(pmlmepriv, WIFI_ADHOC_STATE) ||
Reported by FlawFinder.
Line: 408
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pattrib->ether_type = ntohs(etherhdr.h_proto);
memcpy(pattrib->dst, ðerhdr.h_dest, ETH_ALEN);
memcpy(pattrib->src, ðerhdr.h_source, ETH_ALEN);
pattrib->pctrl = 0;
if (check_fwstate(pmlmepriv, WIFI_ADHOC_STATE) ||
check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE)) {
Reported by FlawFinder.
Line: 414
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (check_fwstate(pmlmepriv, WIFI_ADHOC_STATE) ||
check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE)) {
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_STATION_STATE)) {
memcpy(pattrib->ra, get_bssid(pmlmepriv), ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
Reported by FlawFinder.
Line: 415
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (check_fwstate(pmlmepriv, WIFI_ADHOC_STATE) ||
check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE)) {
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_STATION_STATE)) {
memcpy(pattrib->ra, get_bssid(pmlmepriv), ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
Reported by FlawFinder.
Line: 417
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_STATION_STATE)) {
memcpy(pattrib->ra, get_bssid(pmlmepriv), ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, get_bssid(pmlmepriv), ETH_ALEN);
}
Reported by FlawFinder.
Line: 418
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_STATION_STATE)) {
memcpy(pattrib->ra, get_bssid(pmlmepriv), ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, get_bssid(pmlmepriv), ETH_ALEN);
}
Reported by FlawFinder.
Line: 420
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->ra, get_bssid(pmlmepriv), ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, get_bssid(pmlmepriv), ETH_ALEN);
}
pattrib->pktlen = pkt->len - ETH_HLEN;
Reported by FlawFinder.
Line: 421
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, get_bssid(pmlmepriv), ETH_ALEN);
}
pattrib->pktlen = pkt->len - ETH_HLEN;
if (pattrib->ether_type == ETH_P_IP) {
Reported by FlawFinder.
Line: 649
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rtw_secgetmic(&micdata, &mic[0]);
/* add mic code and add the mic code length in last_txcmdsz */
memcpy(payload, &mic[0], 8);
pattrib->last_txcmdsz += 8;
payload -= pattrib->last_txcmdsz + 8;
}
}
Reported by FlawFinder.
Line: 715
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* to_ds = 1, fr_ds = 0; */
/* Data transfer to AP */
SetToDs(fctrl);
memcpy(pwlanhdr->addr1, get_bssid(pmlmepriv), ETH_ALEN);
memcpy(pwlanhdr->addr2, pattrib->src, ETH_ALEN);
memcpy(pwlanhdr->addr3, pattrib->dst, ETH_ALEN);
if (pqospriv->qos_option)
qos_option = true;
Reported by FlawFinder.
fs/btrfs/volumes.c
21 issues
Line: 4057
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define CHECK_APPEND_NOARG(a) \
do { \
ret = snprintf(bp, size_bp, (a)); \
if (ret < 0 || ret >= size_bp) \
goto out_overflow; \
size_bp -= ret; \
bp += ret; \
} while (0)
Reported by FlawFinder.
Line: 4066
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define CHECK_APPEND_1ARG(a, v1) \
do { \
ret = snprintf(bp, size_bp, (a), (v1)); \
if (ret < 0 || ret >= size_bp) \
goto out_overflow; \
size_bp -= ret; \
bp += ret; \
} while (0)
Reported by FlawFinder.
Line: 4075
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define CHECK_APPEND_2ARG(a, v1, v2) \
do { \
ret = snprintf(bp, size_bp, (a), (v1), (v2)); \
if (ret < 0 || ret >= size_bp) \
goto out_overflow; \
size_bp -= ret; \
bp += ret; \
} while (0)
Reported by FlawFinder.
Line: 4154
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define CHECK_APPEND_1ARG(a, v1) \
do { \
ret = snprintf(bp, size_bp, (a), (v1)); \
if (ret < 0 || ret >= size_bp) \
goto out_overflow; \
size_bp -= ret; \
bp += ret; \
} while (0)
Reported by FlawFinder.
Line: 179
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
u32 size_bp = size_buf;
if (!flags) {
strcpy(bp, "NONE");
return;
}
#define DESCRIBE_FLAG(flag, desc) \
do { \
Reported by FlawFinder.
Line: 362
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
INIT_LIST_HEAD(&fs_devs->fs_list);
INIT_LIST_HEAD(&fs_devs->seed_list);
if (fsid)
memcpy(fs_devs->fsid, fsid, BTRFS_FSID_SIZE);
if (metadata_fsid)
memcpy(fs_devs->metadata_uuid, metadata_fsid, BTRFS_FSID_SIZE);
else if (fsid)
memcpy(fs_devs->metadata_uuid, fsid, BTRFS_FSID_SIZE);
Reported by FlawFinder.
Line: 365
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(fs_devs->fsid, fsid, BTRFS_FSID_SIZE);
if (metadata_fsid)
memcpy(fs_devs->metadata_uuid, metadata_fsid, BTRFS_FSID_SIZE);
else if (fsid)
memcpy(fs_devs->metadata_uuid, fsid, BTRFS_FSID_SIZE);
return fs_devs;
}
Reported by FlawFinder.
Line: 367
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (metadata_fsid)
memcpy(fs_devs->metadata_uuid, metadata_fsid, BTRFS_FSID_SIZE);
else if (fsid)
memcpy(fs_devs->metadata_uuid, fsid, BTRFS_FSID_SIZE);
return fs_devs;
}
void btrfs_free_device(struct btrfs_device *device)
Reported by FlawFinder.
Line: 836
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (fs_devices->fsid_change &&
found_transid > fs_devices->latest_generation) {
memcpy(fs_devices->fsid, disk_super->fsid,
BTRFS_FSID_SIZE);
if (has_metadata_uuid)
memcpy(fs_devices->metadata_uuid,
disk_super->metadata_uuid,
Reported by FlawFinder.
Line: 840
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BTRFS_FSID_SIZE);
if (has_metadata_uuid)
memcpy(fs_devices->metadata_uuid,
disk_super->metadata_uuid,
BTRFS_FSID_SIZE);
else
memcpy(fs_devices->metadata_uuid,
disk_super->fsid, BTRFS_FSID_SIZE);
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/mvm/d3.c
21 issues
Line: 30
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mvmvif->rekey_data.kek_len = data->kek_len;
mvmvif->rekey_data.kck_len = data->kck_len;
memcpy(mvmvif->rekey_data.kek, data->kek, data->kek_len);
memcpy(mvmvif->rekey_data.kck, data->kck, data->kck_len);
mvmvif->rekey_data.akm = data->akm & 0xFF;
mvmvif->rekey_data.replay_ctr =
cpu_to_le64(be64_to_cpup((__be64 *)data->replay_ctr));
mvmvif->rekey_data.valid = true;
Reported by FlawFinder.
Line: 31
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mvmvif->rekey_data.kek_len = data->kek_len;
mvmvif->rekey_data.kck_len = data->kck_len;
memcpy(mvmvif->rekey_data.kek, data->kek, data->kek_len);
memcpy(mvmvif->rekey_data.kck, data->kck, data->kck_len);
mvmvif->rekey_data.akm = data->akm & 0xFF;
mvmvif->rekey_data.replay_ctr =
cpu_to_le64(be64_to_cpup((__be64 *)data->replay_ctr));
mvmvif->rekey_data.valid = true;
Reported by FlawFinder.
Line: 155
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
break;
memcpy(&wkc.wep_key.key[3], key->key, key->keylen);
if (key->keyidx == mvmvif->tx_key_idx) {
/* TX key must be at offset 0 */
wkc.wep_key.key_offset = 0;
} else {
/* others start at 1 */
Reported by FlawFinder.
Line: 217
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p1k);
iwl_mvm_convert_p1k(p1k, data->tkip->tx.p1k);
memcpy(data->tkip->mic_keys.tx,
&key->key[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY],
IWL_MIC_KEY_SIZE);
rx_mic_key = data->tkip->mic_keys.rx_unicast;
} else {
Reported by FlawFinder.
Line: 252
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cur_rx_iv32 + 1, p1k);
iwl_mvm_convert_p1k(p1k, rx_p1ks[1].p1k);
memcpy(rx_mic_key,
&key->key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY],
IWL_MIC_KEY_SIZE);
data->use_tkip = true;
data->use_rsc_tsc = true;
Reported by FlawFinder.
Line: 379
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < wowlan->n_patterns; i++) {
int mask_len = DIV_ROUND_UP(wowlan->patterns[i].pattern_len, 8);
memcpy(&pattern_cmd->patterns[i].mask,
wowlan->patterns[i].mask, mask_len);
memcpy(&pattern_cmd->patterns[i].pattern,
wowlan->patterns[i].pattern,
wowlan->patterns[i].pattern_len);
pattern_cmd->patterns[i].mask_size = mask_len;
Reported by FlawFinder.
Line: 381
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&pattern_cmd->patterns[i].mask,
wowlan->patterns[i].mask, mask_len);
memcpy(&pattern_cmd->patterns[i].pattern,
wowlan->patterns[i].pattern,
wowlan->patterns[i].pattern_len);
pattern_cmd->patterns[i].mask_size = mask_len;
pattern_cmd->patterns[i].pattern_size =
wowlan->patterns[i].pattern_len;
Reported by FlawFinder.
Line: 430
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pattern_cmd->patterns[i].pattern_type =
WOWLAN_PATTERN_TYPE_BITMASK;
memcpy(&pattern_cmd->patterns[i].u.bitmask.mask,
wowlan->patterns[i].mask, mask_len);
memcpy(&pattern_cmd->patterns[i].u.bitmask.pattern,
wowlan->patterns[i].pattern,
wowlan->patterns[i].pattern_len);
pattern_cmd->patterns[i].u.bitmask.mask_size = mask_len;
Reported by FlawFinder.
Line: 432
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&pattern_cmd->patterns[i].u.bitmask.mask,
wowlan->patterns[i].mask, mask_len);
memcpy(&pattern_cmd->patterns[i].u.bitmask.pattern,
wowlan->patterns[i].pattern,
wowlan->patterns[i].pattern_len);
pattern_cmd->patterns[i].u.bitmask.mask_size = mask_len;
pattern_cmd->patterns[i].u.bitmask.pattern_size =
wowlan->patterns[i].pattern_len;
Reported by FlawFinder.
Line: 827
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd_ver != IWL_FW_CMD_VER_UNKNOWN))
return -EINVAL;
memcpy(kek_kck_cmd.kck, mvmvif->rekey_data.kck,
mvmvif->rekey_data.kck_len);
kek_kck_cmd.kck_len = cpu_to_le16(mvmvif->rekey_data.kck_len);
memcpy(kek_kck_cmd.kek, mvmvif->rekey_data.kek,
mvmvif->rekey_data.kek_len);
kek_kck_cmd.kek_len = cpu_to_le16(mvmvif->rekey_data.kek_len);
Reported by FlawFinder.
include/linux/mod_devicetable.h
21 issues
Line: 263
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Struct used for matching a device
*/
struct of_device_id {
char name[32];
char type[32];
char compatible[128];
const void *data;
};
Reported by FlawFinder.
Line: 264
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct of_device_id {
char name[32];
char type[32];
char compatible[128];
const void *data;
};
/* VIO */
Reported by FlawFinder.
Line: 265
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct of_device_id {
char name[32];
char type[32];
char compatible[128];
const void *data;
};
/* VIO */
struct vio_device_id {
Reported by FlawFinder.
Line: 271
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* VIO */
struct vio_device_id {
char type[32];
char compat[32];
};
/* PCMCIA */
Reported by FlawFinder.
Line: 272
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* VIO */
struct vio_device_id {
char type[32];
char compat[32];
};
/* PCMCIA */
struct pcmcia_device_id {
Reported by FlawFinder.
Line: 294
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 prod_id_hash[4];
/* not matched against in kernelspace */
const char * prod_id[4];
/* not matched against */
kernel_ulong_t driver_info;
char * cisfile;
};
Reported by FlawFinder.
Line: 371
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* The EISA signature, in ASCII form, null terminated */
struct eisa_device_id {
char sig[EISA_SIG_LEN];
kernel_ulong_t driver_data;
};
#define EISA_DEVICE_MODALIAS_FMT "eisa:s%s"
Reported by FlawFinder.
Line: 449
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define RPMSG_DEVICE_MODALIAS_FMT "rpmsg:%s"
struct rpmsg_device_id {
char name[RPMSG_NAME_SIZE];
kernel_ulong_t driver_data;
};
/* i2c */
Reported by FlawFinder.
Line: 459
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define I2C_MODULE_PREFIX "i2c:"
struct i2c_device_id {
char name[I2C_NAME_SIZE];
kernel_ulong_t driver_data; /* Data private to the driver */
};
/* pci_epf */
Reported by FlawFinder.
Line: 469
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define PCI_EPF_MODULE_PREFIX "pci_epf:"
struct pci_epf_device_id {
char name[PCI_EPF_NAME_SIZE];
kernel_ulong_t driver_data;
};
/* i3c */
Reported by FlawFinder.
drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c
21 issues
Line: 783
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* And it's safe to assume that is always the current clock.
*/
for (i = 0; i < clocks.num_levels; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n", i,
clocks.data[i].clocks_in_khz / 1000,
(clocks.num_levels == 1) ? "*" :
(arcturus_freqs_in_same_level(
clocks.data[i].clocks_in_khz / 1000,
now) ? "*" : ""));
Reported by FlawFinder.
Line: 806
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < clocks.num_levels; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, clocks.data[i].clocks_in_khz / 1000,
(clocks.num_levels == 1) ? "*" :
(arcturus_freqs_in_same_level(
clocks.data[i].clocks_in_khz / 1000,
now) ? "*" : ""));
Reported by FlawFinder.
Line: 829
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < clocks.num_levels; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, clocks.data[i].clocks_in_khz / 1000,
(clocks.num_levels == 1) ? "*" :
(arcturus_freqs_in_same_level(
clocks.data[i].clocks_in_khz / 1000,
now) ? "*" : ""));
Reported by FlawFinder.
Line: 852
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < single_dpm_table->count; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, single_dpm_table->dpm_levels[i].value,
(clocks.num_levels == 1) ? "*" :
(arcturus_freqs_in_same_level(
clocks.data[i].clocks_in_khz / 1000,
now) ? "*" : ""));
Reported by FlawFinder.
Line: 875
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < single_dpm_table->count; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, single_dpm_table->dpm_levels[i].value,
(clocks.num_levels == 1) ? "*" :
(arcturus_freqs_in_same_level(
clocks.data[i].clocks_in_khz / 1000,
now) ? "*" : ""));
Reported by FlawFinder.
Line: 898
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < single_dpm_table->count; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, single_dpm_table->dpm_levels[i].value,
(clocks.num_levels == 1) ? "*" :
(arcturus_freqs_in_same_level(
clocks.data[i].clocks_in_khz / 1000,
now) ? "*" : ""));
Reported by FlawFinder.
Line: 909
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case SMU_PCIE:
gen_speed = smu_v11_0_get_current_pcie_link_speed_level(smu);
lane_width = smu_v11_0_get_current_pcie_link_width_level(smu);
size += sprintf(buf + size, "0: %s %s %dMhz *\n",
(gen_speed == 0) ? "2.5GT/s," :
(gen_speed == 1) ? "5.0GT/s," :
(gen_speed == 2) ? "8.0GT/s," :
(gen_speed == 3) ? "16.0GT/s," : "",
(lane_width == 1) ? "x1" :
Reported by FlawFinder.
Line: 1275
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return result;
if (smu_version >= 0x360d00)
size += sprintf(buf + size, "%16s %s %s %s %s %s %s %s %s %s %s\n",
title[0], title[1], title[2], title[3], title[4], title[5],
title[6], title[7], title[8], title[9], title[10]);
else
size += sprintf(buf + size, "%16s\n",
title[0]);
Reported by FlawFinder.
Line: 1279
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
title[0], title[1], title[2], title[3], title[4], title[5],
title[6], title[7], title[8], title[9], title[10]);
else
size += sprintf(buf + size, "%16s\n",
title[0]);
for (i = 0; i <= PP_SMC_POWER_PROFILE_CUSTOM; i++) {
/*
* Conv PP_SMC_POWER_PROFILE* to WORKLOAD_PPLIB_*_BIT
Reported by FlawFinder.
Line: 1305
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
}
size += sprintf(buf + size, "%2d %14s%s\n",
i, profile_name[i], (i == smu->power_profile_mode) ? "*" : " ");
if (smu_version >= 0x360d00) {
size += sprintf(buf + size, "%19s %d(%13s) %7d %7d %7d %7d %7d %7d %7d %7d %7d\n",
" ",
Reported by FlawFinder.
drivers/staging/rtl8188eu/core/rtw_recv.c
21 issues
Line: 360
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (auth_alg == 2) {
/* get ether_type */
ptr = ptr + pfhdr->attrib.hdrlen + LLC_HEADER_SIZE + pfhdr->attrib.iv_len;
memcpy(&be_tmp, ptr, 2);
ether_type = ntohs(be_tmp);
if (psta && (psta->ieee8021x_blocked)) {
/* blocked */
/* only accept EAPOL frame */
Reported by FlawFinder.
Line: 906
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto exit;
}
memcpy(pattrib->dst, pda, ETH_ALEN);
memcpy(pattrib->src, psa, ETH_ALEN);
memcpy(pattrib->bssid, pbssid, ETH_ALEN);
switch (pattrib->to_fr_ds) {
Reported by FlawFinder.
Line: 907
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(pattrib->dst, pda, ETH_ALEN);
memcpy(pattrib->src, psa, ETH_ALEN);
memcpy(pattrib->bssid, pbssid, ETH_ALEN);
switch (pattrib->to_fr_ds) {
case 0:
Reported by FlawFinder.
Line: 909
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->dst, pda, ETH_ALEN);
memcpy(pattrib->src, psa, ETH_ALEN);
memcpy(pattrib->bssid, pbssid, ETH_ALEN);
switch (pattrib->to_fr_ds) {
case 0:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
Reported by FlawFinder.
Line: 913
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (pattrib->to_fr_ds) {
case 0:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
ret = sta2sta_data_frame(adapter, precv_frame, &psta);
break;
case 1:
memcpy(pattrib->ra, pda, ETH_ALEN);
Reported by FlawFinder.
Line: 914
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (pattrib->to_fr_ds) {
case 0:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
ret = sta2sta_data_frame(adapter, precv_frame, &psta);
break;
case 1:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, pbssid, ETH_ALEN);
Reported by FlawFinder.
Line: 918
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = sta2sta_data_frame(adapter, precv_frame, &psta);
break;
case 1:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, pbssid, ETH_ALEN);
ret = ap2sta_data_frame(adapter, precv_frame, &psta);
break;
case 2:
memcpy(pattrib->ra, pbssid, ETH_ALEN);
Reported by FlawFinder.
Line: 919
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 1:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, pbssid, ETH_ALEN);
ret = ap2sta_data_frame(adapter, precv_frame, &psta);
break;
case 2:
memcpy(pattrib->ra, pbssid, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
Reported by FlawFinder.
Line: 923
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = ap2sta_data_frame(adapter, precv_frame, &psta);
break;
case 2:
memcpy(pattrib->ra, pbssid, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
ret = sta2ap_data_frame(adapter, precv_frame, &psta);
break;
case 3:
memcpy(pattrib->ra, GetAddr1Ptr(ptr), ETH_ALEN);
Reported by FlawFinder.
Line: 924
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 2:
memcpy(pattrib->ra, pbssid, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
ret = sta2ap_data_frame(adapter, precv_frame, &psta);
break;
case 3:
memcpy(pattrib->ra, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ta, GetAddr2Ptr(ptr), ETH_ALEN);
Reported by FlawFinder.
drivers/crypto/ccree/cc_hash.c
21 issues
Line: 149
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ctx->inter_digestsize,
DMA_BIDIRECTIONAL);
memcpy(state->digest_buff, ctx->digest_buff,
ctx->inter_digestsize);
if (ctx->hash_mode == DRV_HASH_SHA512 ||
ctx->hash_mode == DRV_HASH_SHA384)
memcpy(state->digest_bytes_len,
cc_digest_len_sha512_init,
Reported by FlawFinder.
Line: 153
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ctx->inter_digestsize);
if (ctx->hash_mode == DRV_HASH_SHA512 ||
ctx->hash_mode == DRV_HASH_SHA384)
memcpy(state->digest_bytes_len,
cc_digest_len_sha512_init,
ctx->hash_len);
else
memcpy(state->digest_bytes_len,
cc_digest_len_init,
Reported by FlawFinder.
Line: 157
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cc_digest_len_sha512_init,
ctx->hash_len);
else
memcpy(state->digest_bytes_len,
cc_digest_len_init,
ctx->hash_len);
}
if (ctx->hash_mode != DRV_HASH_NULL) {
Reported by FlawFinder.
Line: 167
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ctx->opad_tmp_keys_dma_addr,
ctx->inter_digestsize,
DMA_BIDIRECTIONAL);
memcpy(state->opad_digest_buff,
ctx->opad_tmp_keys_buff, ctx->inter_digestsize);
}
} else { /*hash*/
/* Copy the initial digests if hash flow. */
const void *larval = cc_larval_digest(dev, ctx->hash_mode);
Reported by FlawFinder.
Line: 174
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy the initial digests if hash flow. */
const void *larval = cc_larval_digest(dev, ctx->hash_mode);
memcpy(state->digest_buff, larval, ctx->inter_digestsize);
}
}
static int cc_map_req(struct device *dev, struct ahash_req_ctx *state,
struct cc_hash_ctx *ctx)
Reported by FlawFinder.
Line: 278
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_dbg(dev, "unmpa digest result buffer va (%pK) pa (%pad) len %u\n",
state->digest_result_buff,
&state->digest_result_dma_addr, digestsize);
memcpy(result, state->digest_result_buff, digestsize);
}
state->digest_result_dma_addr = 0;
}
static void cc_update_complete(struct device *dev, void *cc_req, int err)
Reported by FlawFinder.
Line: 1033
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dma_sync_single_for_cpu(dev, ctx->opad_tmp_keys_dma_addr,
keylen, DMA_TO_DEVICE);
memcpy(ctx->opad_tmp_keys_buff, key, keylen);
if (keylen == 24) {
memset(ctx->opad_tmp_keys_buff + 24, 0,
CC_AES_KEY_SIZE_MAX - 24);
}
Reported by FlawFinder.
Line: 1508
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u32 curr_buff_cnt = *cc_hash_buf_cnt(state);
const u32 tmp = CC_EXPORT_MAGIC;
memcpy(out, &tmp, sizeof(u32));
out += sizeof(u32);
memcpy(out, state->digest_buff, ctx->inter_digestsize);
out += ctx->inter_digestsize;
Reported by FlawFinder.
Line: 1511
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(out, &tmp, sizeof(u32));
out += sizeof(u32);
memcpy(out, state->digest_buff, ctx->inter_digestsize);
out += ctx->inter_digestsize;
memcpy(out, state->digest_bytes_len, ctx->hash_len);
out += ctx->hash_len;
Reported by FlawFinder.
Line: 1514
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(out, state->digest_buff, ctx->inter_digestsize);
out += ctx->inter_digestsize;
memcpy(out, state->digest_bytes_len, ctx->hash_len);
out += ctx->hash_len;
memcpy(out, &curr_buff_cnt, sizeof(u32));
out += sizeof(u32);
Reported by FlawFinder.