The following issues were found
include/net/sch_generic.h
3 issues
Line: 292
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct Qdisc_ops {
struct Qdisc_ops *next;
const struct Qdisc_class_ops *cl_ops;
char id[IFNAMSIZ];
int priv_size;
unsigned int static_flags;
int (*enqueue)(struct sk_buff *skb,
struct Qdisc *sch,
Reported by FlawFinder.
Line: 346
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tcf_proto_ops {
struct list_head head;
char kind[IFNAMSIZ];
int (*classify)(struct sk_buff *,
const struct tcf_proto *,
struct tcf_result *);
int (*init)(struct tcf_proto*);
Reported by FlawFinder.
Line: 440
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 tc_classid;
};
#define QDISC_CB_PRIV_LEN 20
unsigned char data[QDISC_CB_PRIV_LEN];
u16 mru;
bool post_ct;
};
typedef void tcf_chain_head_change_t(struct tcf_proto *tp_head, void *priv);
Reported by FlawFinder.
include/net/tcp.h
3 issues
Line: 1085
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t (*get_info)(struct sock *sk, u32 ext, int *attr,
union tcp_cc_info *info);
char name[TCP_CA_NAME_MAX];
struct module *owner;
struct list_head list;
u32 key;
u32 flags;
Reported by FlawFinder.
Line: 2204
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void (*clone)(const struct request_sock *req, struct sock *newsk,
const gfp_t priority);
char name[TCP_ULP_NAME_MAX];
struct module *owner;
};
int tcp_register_ulp(struct tcp_ulp_ops *type);
void tcp_unregister_ulp(struct tcp_ulp_ops *type);
int tcp_set_ulp(struct sock *sk, const char *name);
Reported by FlawFinder.
Line: 2275
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sock_ops.sk = sk;
sock_ops.op = op;
if (nargs > 0)
memcpy(sock_ops.args, args, nargs * sizeof(*args));
ret = BPF_CGROUP_RUN_PROG_SOCK_OPS(&sock_ops);
if (ret == 0)
ret = sock_ops.reply;
else
Reported by FlawFinder.
include/net/tls.h
3 issues
Line: 113
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char content_type;
struct scatterlist sg_content_type;
char aad_space[TLS_AAD_SPACE_SIZE];
u8 iv_data[MAX_IV_SIZE];
struct aead_request aead_req;
u8 aead_req_ctx[];
};
Reported by FlawFinder.
Line: 536
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) {
pkt_len += iv_size;
memcpy(buf + TLS_NONCE_OFFSET,
ctx->tx.iv + prot->salt_size, iv_size);
}
/* we cover nonce explicit here as well, so buf should be of
* size KTLS_DTLS_HEADER_SIZE + KTLS_DTLS_NONCE_EXPLICIT_SIZE
Reported by FlawFinder.
Line: 560
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct tls_prot_info *prot)
{
if (prot->version != TLS_1_3_VERSION) {
memcpy(buf, record_sequence, prot->rec_seq_size);
buf += 8;
} else {
size += prot->tag_size;
}
Reported by FlawFinder.
include/ras/ras_event.h
3 issues
Line: 240
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
),
TP_fast_assign(
memcpy(__entry->sec_type, sec_type, UUID_SIZE);
memcpy(__entry->fru_id, fru_id, UUID_SIZE);
__assign_str(fru_text, fru_text);
__entry->sev = sev;
__entry->len = len;
memcpy(__get_dynamic_array(buf), err, len);
Reported by FlawFinder.
Line: 241
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
TP_fast_assign(
memcpy(__entry->sec_type, sec_type, UUID_SIZE);
memcpy(__entry->fru_id, fru_id, UUID_SIZE);
__assign_str(fru_text, fru_text);
__entry->sev = sev;
__entry->len = len;
memcpy(__get_dynamic_array(buf), err, len);
),
Reported by FlawFinder.
Line: 245
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__assign_str(fru_text, fru_text);
__entry->sev = sev;
__entry->len = len;
memcpy(__get_dynamic_array(buf), err, len);
),
TP_printk("severity: %d; sec type:%pU; FRU: %pU %s; data len:%d; raw data:%s",
__entry->sev, __entry->sec_type,
__entry->fru_id, __get_str(fru_text),
Reported by FlawFinder.
include/rdma/ib_umem_odp.h
3 issues
Line: 87
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct ib_umem_odp *
ib_umem_odp_get(struct ib_device *device, unsigned long addr, size_t size,
int access, const struct mmu_interval_notifier_ops *ops);
struct ib_umem_odp *ib_umem_odp_alloc_implicit(struct ib_device *device,
int access);
struct ib_umem_odp *
ib_umem_odp_alloc_child(struct ib_umem_odp *root_umem, unsigned long addr,
size_t size,
Reported by FlawFinder.
Line: 89
Column: 17
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
ib_umem_odp_get(struct ib_device *device, unsigned long addr, size_t size,
int access, const struct mmu_interval_notifier_ops *ops);
struct ib_umem_odp *ib_umem_odp_alloc_implicit(struct ib_device *device,
int access);
struct ib_umem_odp *
ib_umem_odp_alloc_child(struct ib_umem_odp *root_umem, unsigned long addr,
size_t size,
const struct mmu_interval_notifier_ops *ops);
void ib_umem_odp_release(struct ib_umem_odp *umem_odp);
Reported by FlawFinder.
Line: 106
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static inline struct ib_umem_odp *
ib_umem_odp_get(struct ib_device *device, unsigned long addr, size_t size,
int access, const struct mmu_interval_notifier_ops *ops)
{
return ERR_PTR(-EINVAL);
}
static inline void ib_umem_odp_release(struct ib_umem_odp *umem_odp) {}
Reported by FlawFinder.
include/scsi/iscsi_if.h
3 issues
Line: 774
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define ISCSI_STATS_CUSTOM_MAX 32
#define ISCSI_STATS_CUSTOM_DESC_MAX 64
struct iscsi_stats_custom {
char desc[ISCSI_STATS_CUSTOM_DESC_MAX];
uint64_t value;
};
/*
* struct iscsi_stats - iSCSI Statistics (iSCSI MIB)
Reported by FlawFinder.
Line: 841
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iscsi_chap_rec {
uint16_t chap_tbl_idx;
enum chap_type_e chap_type;
char username[ISCSI_CHAP_AUTH_NAME_MAX_LEN];
uint8_t password[ISCSI_CHAP_AUTH_SECRET_MAX_LEN];
uint8_t password_length;
};
#define ISCSI_HOST_STATS_CUSTOM_MAX 32
Reported by FlawFinder.
Line: 849
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define ISCSI_HOST_STATS_CUSTOM_MAX 32
#define ISCSI_HOST_STATS_CUSTOM_DESC_MAX 64
struct iscsi_host_stats_custom {
char desc[ISCSI_HOST_STATS_CUSTOM_DESC_MAX];
uint64_t value;
};
/* struct iscsi_offload_host_stats: Host statistics,
* Include statistics for MAC, IP, TCP & iSCSI.
Reported by FlawFinder.
include/sound/ak4113.h
3 issues
Line: 285
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
atomic_t wq_processing;
struct mutex reinit_mutex;
spinlock_t lock;
unsigned char regmap[AK4113_WRITABLE_REGS];
struct snd_kcontrol *kctls[AK4113_CONTROLS];
struct snd_pcm_substream *substream;
unsigned long errors[AK4113_NUM_ERRORS];
unsigned char rcs0;
unsigned char rcs1;
Reported by FlawFinder.
Line: 280
Column: 17
CWE codes:
120
20
struct ak4113 {
struct snd_card *card;
ak4113_write_t *write;
ak4113_read_t *read;
void *private_data;
atomic_t wq_processing;
struct mutex reinit_mutex;
spinlock_t lock;
unsigned char regmap[AK4113_WRITABLE_REGS];
Reported by FlawFinder.
Line: 299
Column: 61
CWE codes:
120
20
unsigned char c1);
};
int snd_ak4113_create(struct snd_card *card, ak4113_read_t *read,
ak4113_write_t *write,
const unsigned char *pgm,
void *private_data, struct ak4113 **r_ak4113);
void snd_ak4113_reg_write(struct ak4113 *ak4113, unsigned char reg,
unsigned char mask, unsigned char val);
Reported by FlawFinder.
include/sound/control.h
3 issues
Line: 29
Column: 11
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
#ifdef CONFIG_SND_CTL_VALIDATION
#define SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK (1 << 24)
#define snd_ctl_skip_validation(info) \
((info)->access & SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK)
#else
#define SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK 0
#define snd_ctl_skip_validation(info) true
#endif
Reported by FlawFinder.
Line: 53
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
unsigned int subdevice; /* subdevice (substream) number */
const char *name; /* ASCII name of item */
unsigned int index; /* index of item */
unsigned int access; /* access rights */
unsigned int count; /* count of same elements */
snd_kcontrol_info_t *info;
snd_kcontrol_get_t *get;
snd_kcontrol_put_t *put;
union {
Reported by FlawFinder.
Line: 67
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct snd_kcontrol_volatile {
struct snd_ctl_file *owner; /* locked */
unsigned int access; /* access rights */
};
struct snd_kcontrol {
struct list_head list; /* list of controls */
struct snd_ctl_elem_id id;
Reported by FlawFinder.
include/sound/sb.h
3 issues
Line: 63
Column: 15
CWE codes:
362
unsigned long alt_port; /* alternate port (ALS4000) */
struct pci_dev *pci; /* ALS4000 */
unsigned int open; /* see to SB_OPEN_XXXX for sb8 */
/* also SNDRV_SB_CSP_MODE_XXX for sb16_csp */
unsigned int mode; /* current mode of stream */
unsigned int force_mode16; /* force 16-bit mode of streams */
unsigned int locked_rate; /* sb16 duplex */
unsigned int playback_format;
Reported by FlawFinder.
Line: 78
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
spinlock_t mixer_lock;
char name[32];
void *csp; /* used only when CONFIG_SND_SB16_CSP is set */
struct snd_card *card;
struct snd_pcm *pcm;
Reported by FlawFinder.
Line: 99
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_info_entry *proc_entry;
#ifdef CONFIG_PM
unsigned char saved_regs[0x20];
#endif
};
/* I/O ports */
Reported by FlawFinder.
include/sound/soc-component.h
3 issues
Line: 30
Column: 8
CWE codes:
362
/* component interface */
struct snd_compress_ops {
int (*open)(struct snd_soc_component *component,
struct snd_compr_stream *stream);
int (*free)(struct snd_soc_component *component,
struct snd_compr_stream *stream);
int (*set_params)(struct snd_soc_component *component,
struct snd_compr_stream *stream,
Reported by FlawFinder.
Line: 114
Column: 8
CWE codes:
362
int (*set_bias_level)(struct snd_soc_component *component,
enum snd_soc_bias_level level);
int (*open)(struct snd_soc_component *component,
struct snd_pcm_substream *substream);
int (*close)(struct snd_soc_component *component,
struct snd_pcm_substream *substream);
int (*ioctl)(struct snd_soc_component *component,
struct snd_pcm_substream *substream,
Reported by FlawFinder.
Line: 83
Column: 17
CWE codes:
120
20
int (*suspend)(struct snd_soc_component *component);
int (*resume)(struct snd_soc_component *component);
unsigned int (*read)(struct snd_soc_component *component,
unsigned int reg);
int (*write)(struct snd_soc_component *component,
unsigned int reg, unsigned int val);
/* pcm creation and destruction */
Reported by FlawFinder.