The following issues were found
include/linux/tpm.h
3 issues
Line: 141
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int dev_num; /* /dev/tpm# */
unsigned long is_open; /* only one allowed */
char hwrng_name[64];
struct hwrng hwrng;
struct mutex tpm_mutex; /* tpm is processing */
unsigned long timeout_a; /* jiffies */
Reported by FlawFinder.
Line: 163
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tpm_bank_info *allocated_banks;
#ifdef CONFIG_ACPI
acpi_handle acpi_dev_handle;
char ppi_version[TPM_PPI_VERSION_LEN + 1];
#endif /* CONFIG_ACPI */
struct tpm_space work_space;
u32 last_cc;
u32 nr_commands;
Reported by FlawFinder.
Line: 378
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
memcpy(&buf->data[len], new_data, new_len);
head->length = cpu_to_be32(len + new_len);
}
static inline void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value)
{
Reported by FlawFinder.
include/linux/usb/phy.h
3 issues
Line: 73
Column: 8
CWE codes:
120
20
* provide access ops
*/
struct usb_phy_io_ops {
int (*read)(struct usb_phy *x, u32 reg);
int (*write)(struct usb_phy *x, u32 val, u32 reg);
};
struct usb_charger_current {
unsigned int sdp_min;
Reported by FlawFinder.
Line: 168
Column: 35
CWE codes:
120
20
/* helpers for direct access thru low-level io interface */
static inline int usb_phy_io_read(struct usb_phy *x, u32 reg)
{
if (x && x->io_ops && x->io_ops->read)
return x->io_ops->read(x, reg);
return -EINVAL;
}
Reported by FlawFinder.
Line: 169
Column: 21
CWE codes:
120
20
static inline int usb_phy_io_read(struct usb_phy *x, u32 reg)
{
if (x && x->io_ops && x->io_ops->read)
return x->io_ops->read(x, reg);
return -EINVAL;
}
static inline int usb_phy_io_write(struct usb_phy *x, u32 val, u32 reg)
Reported by FlawFinder.
include/linux/usb/serial.h
3 issues
Line: 92
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct urb *read_urb;
__u8 bulk_in_endpointAddress;
unsigned char *bulk_in_buffers[2];
struct urb *read_urbs[2];
unsigned long read_urbs_free;
unsigned char *bulk_out_buffer;
int bulk_out_size;
Reported by FlawFinder.
Line: 101
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct urb *write_urb;
struct kfifo write_fifo;
unsigned char *bulk_out_buffers[2];
struct urb *write_urbs[2];
unsigned long write_urbs_free;
__u8 bulk_out_endpointAddress;
struct async_icount icount;
Reported by FlawFinder.
Line: 274
Column: 9
CWE codes:
362
/* serial function calls */
/* Called by console and by the tty layer */
int (*open)(struct tty_struct *tty, struct usb_serial_port *port);
void (*close)(struct usb_serial_port *port);
int (*write)(struct tty_struct *tty, struct usb_serial_port *port,
const unsigned char *buf, int count);
/* Called only by the tty layer */
unsigned int (*write_room)(struct tty_struct *tty);
Reported by FlawFinder.
include/media/v4l2-dev.h
3 issues
Line: 212
Column: 8
CWE codes:
362
unsigned long (*get_unmapped_area) (struct file *, unsigned long,
unsigned long, unsigned long, unsigned long);
int (*mmap) (struct file *, struct vm_area_struct *);
int (*open) (struct file *);
int (*release) (struct file *);
};
/*
* Newer version of video_device, handled by videodev2.c
Reported by FlawFinder.
Line: 288
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct v4l2_prio_state *prio;
/* device info */
char name[32];
enum vfl_devnode_type vfl_type;
enum vfl_devnode_direction vfl_dir;
int minor;
u16 num;
unsigned long flags;
Reported by FlawFinder.
Line: 202
Column: 12
CWE codes:
120
20
*/
struct v4l2_file_operations {
struct module *owner;
ssize_t (*read) (struct file *, char __user *, size_t, loff_t *);
ssize_t (*write) (struct file *, const char __user *, size_t, loff_t *);
__poll_t (*poll) (struct file *, struct poll_table_struct *);
long (*unlocked_ioctl) (struct file *, unsigned int, unsigned long);
#ifdef CONFIG_COMPAT
long (*compat_ioctl32) (struct file *, unsigned int, unsigned long);
Reported by FlawFinder.
include/net/bonding.h
3 issues
Line: 135
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int lacp_fast;
unsigned int min_links;
int ad_select;
char primary[IFNAMSIZ];
int primary_reselect;
__be32 arp_targets[BOND_MAX_ARP_TARGETS];
int tx_queues;
int all_slaves_active;
int resend_igmp;
Reported by FlawFinder.
Line: 237
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 igmp_retrans;
#ifdef CONFIG_PROC_FS
struct proc_dir_entry *proc_entry;
char proc_file_name[IFNAMSIZ];
#endif /* CONFIG_PROC_FS */
struct list_head bond_list;
u32 __percpu *rr_tx_counter;
struct ad_bond_info ad_info;
struct alb_bond_info alb_info;
Reported by FlawFinder.
Line: 460
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
memcpy(dst, src, len);
}
#define BOND_PRI_RESELECT_ALWAYS 0
#define BOND_PRI_RESELECT_BETTER 1
#define BOND_PRI_RESELECT_FAILURE 2
Reported by FlawFinder.
include/net/cfg80211.h
3 issues
Line: 5015
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 rts_threshold;
u8 coverage_class;
char fw_version[ETHTOOL_FWVERS_LEN];
u32 hw_version;
#ifdef CONFIG_PM
const struct wiphy_wowlan_support *wowlan;
struct cfg80211_wowlan *wowlan_config;
Reported by FlawFinder.
Line: 5722
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ieee80211_radiotap_iterator_next(struct ieee80211_radiotap_iterator *iterator);
extern const unsigned char rfc1042_header[6];
extern const unsigned char bridge_tunnel_header[6];
/**
* ieee80211_get_hdrlen_from_skb - get header length from data
*
Reported by FlawFinder.
Line: 5723
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern const unsigned char rfc1042_header[6];
extern const unsigned char bridge_tunnel_header[6];
/**
* ieee80211_get_hdrlen_from_skb - get header length from data
*
* @skb: the frame
Reported by FlawFinder.
include/net/ip_vs.h
3 issues
Line: 210
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define IP_VS_DBG_BUF(level, msg, ...) \
do { \
char ip_vs_dbg_buf[160]; \
int ip_vs_dbg_idx = 0; \
if (level <= ip_vs_get_debug_level()) \
printk(KERN_DEBUG pr_fmt(msg), ##__VA_ARGS__); \
} while (0)
#define IP_VS_ERR_BUF(msg...) \
Reported by FlawFinder.
Line: 217
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} while (0)
#define IP_VS_ERR_BUF(msg...) \
do { \
char ip_vs_dbg_buf[160]; \
int ip_vs_dbg_idx = 0; \
pr_err(msg); \
} while (0)
/* Only use from within IP_VS_DBG_BUF() or IP_VS_ERR_BUF macros */
Reported by FlawFinder.
Line: 828
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 mcast_af;
u8 mcast_ttl;
/* multicast interface name */
char mcast_ifn[IP_VS_IFNAME_MAXLEN];
};
/* IPVS in network namespace */
struct netns_ipvs {
int gen; /* Generation */
Reported by FlawFinder.
include/net/ipx.h
3 issues
Line: 53
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ipx_interface {
/* IPX address */
__be32 if_netnum;
unsigned char if_node[IPX_NODE_LEN];
refcount_t refcnt;
/* physical device info */
struct net_device *if_dev;
struct datalink_proto *if_dlink;
Reported by FlawFinder.
Line: 78
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be32 ir_net;
struct ipx_interface *ir_intrfc;
unsigned char ir_routed;
unsigned char ir_router_node[IPX_NODE_LEN];
struct list_head node; /* node in ipx_routes list */
refcount_t refcnt;
};
struct ipx_cb {
Reported by FlawFinder.
Line: 102
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ipx_interface *intrfc;
__be16 port;
#ifdef CONFIG_IPX_INTERN
unsigned char node[IPX_NODE_LEN];
#endif
unsigned short type;
/*
* To handle special ncp connection-handling sockets for mars_nwe,
* the connection number must be stored in the socket.
Reported by FlawFinder.
include/net/llc_pdu.h
3 issues
Line: 266
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void llc_pdu_decode_sa(struct sk_buff *skb, u8 *sa)
{
if (skb->protocol == htons(ETH_P_802_2))
memcpy(sa, eth_hdr(skb)->h_source, ETH_ALEN);
}
/**
* llc_pdu_decode_da - extracts dest address of input frame
* @skb: input skb that destination address must be extracted from it
Reported by FlawFinder.
Line: 279
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void llc_pdu_decode_da(struct sk_buff *skb, u8 *da)
{
if (skb->protocol == htons(ETH_P_802_2))
memcpy(da, eth_hdr(skb)->h_dest, ETH_ALEN);
}
/**
* llc_pdu_decode_ssap - extracts source SAP of input frame
* @skb: input skb that source SAP must be extracted from it.
Reported by FlawFinder.
Line: 357
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int dsize;
dsize = ntohs(eth_hdr(ev_skb)->h_proto) - 3;
memcpy(((u8 *)pdu) + 3, ((u8 *)ev_pdu) + 3, dsize);
skb_put(skb, dsize);
}
}
/* LLC Type 1 XID command/response information fields format */
Reported by FlawFinder.
include/net/nfc/nci_core.h
3 issues
Line: 66
Column: 10
CWE codes:
362
struct nci_ops {
int (*init)(struct nci_dev *ndev);
int (*open)(struct nci_dev *ndev);
int (*close)(struct nci_dev *ndev);
int (*send)(struct nci_dev *ndev, struct sk_buff *skb);
int (*setup)(struct nci_dev *ndev);
int (*post_setup)(struct nci_dev *ndev);
int (*fw_download)(struct nci_dev *ndev, const char *firmware_name);
Reported by FlawFinder.
Line: 173
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nci_hci_init_data {
u8 gate_count;
struct nci_hci_gate gates[NCI_HCI_MAX_CUSTOM_GATES];
char session_id[9];
};
#define NCI_HCI_MAX_GATES 256
struct nci_hci_dev {
Reported by FlawFinder.
Line: 431
Column: 8
CWE codes:
362
struct nci_uart;
struct nci_uart_ops {
int (*open)(struct nci_uart *nci_uart);
void (*close)(struct nci_uart *nci_uart);
int (*recv)(struct nci_uart *nci_uart, struct sk_buff *skb);
int (*send)(struct nci_uart *nci_uart, struct sk_buff *skb);
void (*tx_start)(struct nci_uart *nci_uart);
void (*tx_done)(struct nci_uart *nci_uart);
Reported by FlawFinder.