The following issues were found
include/uapi/linux/if_pppox.h
3 issues
Line: 45
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef __be16 sid_t;
struct pppoe_addr {
sid_t sid; /* Session identifier */
unsigned char remote[ETH_ALEN]; /* Remote address */
char dev[IFNAMSIZ]; /* Local device to use */
};
/************************************************************************
* PPTP addressing definition
Reported by FlawFinder.
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pppoe_addr {
sid_t sid; /* Session identifier */
unsigned char remote[ETH_ALEN]; /* Remote address */
char dev[IFNAMSIZ]; /* Local device to use */
};
/************************************************************************
* PPTP addressing definition
*/
Reported by FlawFinder.
Line: 125
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pppoe_tag {
__be16 tag_type;
__be16 tag_len;
char tag_data[0];
} __attribute__ ((packed));
/* Tag identifiers */
#define PTT_EOL __cpu_to_be16(0x0000)
#define PTT_SRV_NAME __cpu_to_be16(0x0101)
Reported by FlawFinder.
include/uapi/linux/ip_vs.h
3 issues
Line: 152
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 fwmark; /* firwall mark of service */
/* virtual service options */
char sched_name[IP_VS_SCHEDNAME_MAXLEN];
unsigned int flags; /* virtual service flags */
unsigned int timeout; /* persistent timeout in sec */
__be32 netmask; /* persistent netmask */
};
Reported by FlawFinder.
Line: 214
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 fwmark; /* firwall mark of service */
/* service options */
char sched_name[IP_VS_SCHEDNAME_MAXLEN];
unsigned int flags; /* virtual service flags */
unsigned int timeout; /* persistent timeout */
__be32 netmask; /* persistent netmask */
/* number of real servers */
Reported by FlawFinder.
Line: 285
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int state;
/* multicast interface name */
char mcast_ifn[IP_VS_IFNAME_MAXLEN];
/* SyncID we belong to */
int syncid;
};
Reported by FlawFinder.
include/uapi/linux/llc.h
3 issues
Line: 28
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char sllc_xid;
unsigned char sllc_ua; /* UA data, only for SOCK_STREAM. */
unsigned char sllc_sap;
unsigned char sllc_mac[IFHWADDRLEN];
unsigned char __pad[__LLC_SOCK_SIZE__ -
sizeof(__kernel_sa_family_t) * 2 -
sizeof(unsigned char) * 4 - IFHWADDRLEN];
};
Reported by FlawFinder.
Line: 29
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char sllc_ua; /* UA data, only for SOCK_STREAM. */
unsigned char sllc_sap;
unsigned char sllc_mac[IFHWADDRLEN];
unsigned char __pad[__LLC_SOCK_SIZE__ -
sizeof(__kernel_sa_family_t) * 2 -
sizeof(unsigned char) * 4 - IFHWADDRLEN];
};
/* sockopt definitions. */
Reported by FlawFinder.
Line: 83
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct llc_pktinfo {
int lpi_ifindex;
unsigned char lpi_sap;
unsigned char lpi_mac[IFHWADDRLEN];
};
#endif /* _UAPI__LINUX_LLC_H */
Reported by FlawFinder.
include/uapi/linux/loop.h
3 issues
Line: 51
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int lo_encrypt_type;
int lo_encrypt_key_size; /* ioctl w/o */
int lo_flags;
char lo_name[LO_NAME_SIZE];
unsigned char lo_encrypt_key[LO_KEY_SIZE]; /* ioctl w/o */
unsigned long lo_init[2];
char reserved[4];
};
Reported by FlawFinder.
Line: 52
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int lo_encrypt_key_size; /* ioctl w/o */
int lo_flags;
char lo_name[LO_NAME_SIZE];
unsigned char lo_encrypt_key[LO_KEY_SIZE]; /* ioctl w/o */
unsigned long lo_init[2];
char reserved[4];
};
struct loop_info64 {
Reported by FlawFinder.
Line: 54
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char lo_name[LO_NAME_SIZE];
unsigned char lo_encrypt_key[LO_KEY_SIZE]; /* ioctl w/o */
unsigned long lo_init[2];
char reserved[4];
};
struct loop_info64 {
__u64 lo_device; /* ioctl r/o */
__u64 lo_inode; /* ioctl r/o */
Reported by FlawFinder.
include/uapi/linux/netfilter/xt_CT.h
3 issues
Line: 24
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u16 zone;
__u32 ct_events;
__u32 exp_events;
char helper[16];
/* Used internally by the kernel */
struct nf_conn *ct __attribute__((aligned(8)));
};
Reported by FlawFinder.
Line: 35
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u16 zone;
__u32 ct_events;
__u32 exp_events;
char helper[16];
char timeout[32];
/* Used internally by the kernel */
struct nf_conn *ct __attribute__((aligned(8)));
};
Reported by FlawFinder.
Line: 36
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 ct_events;
__u32 exp_events;
char helper[16];
char timeout[32];
/* Used internally by the kernel */
struct nf_conn *ct __attribute__((aligned(8)));
};
Reported by FlawFinder.
include/uapi/linux/qnx4_fs.h
3 issues
Line: 45
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* This is the original qnx4 inode layout on disk.
*/
struct qnx4_inode_entry {
char di_fname[QNX4_SHORT_NAME_MAX];
qnx4_off_t di_size;
qnx4_xtnt_t di_first_xtnt;
__le32 di_xblk;
__le32 di_ftime;
__le32 di_mtime;
Reported by FlawFinder.
Line: 64
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct qnx4_link_info {
char dl_fname[QNX4_NAME_MAX];
__le32 dl_inode_blk;
__u8 dl_inode_ndx;
__u8 dl_spare[10];
__u8 dl_status;
};
Reported by FlawFinder.
Line: 78
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 xblk_spare[3];
__le32 xblk_num_blocks;
qnx4_xtnt_t xblk_xtnts[QNX4_MAX_XTNTS_PER_XBLK];
char xblk_signature[8];
qnx4_xtnt_t xblk_first_xtnt;
};
struct qnx4_super_block {
struct qnx4_inode_entry RootDir;
Reported by FlawFinder.
include/uapi/linux/wireless.h
3 issues
Line: 904
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
union iwreq_data {
/* Config - generic */
char name[IFNAMSIZ];
/* Name : used to verify the presence of wireless extensions.
* Name of the protocol/provider... */
struct iw_point essid; /* Extended network name */
struct iw_param nwid; /* network id (or domain - the cell) */
Reported by FlawFinder.
Line: 942
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iwreq {
union
{
char ifrn_name[IFNAMSIZ]; /* if name, e.g. "eth0" */
} ifr_ifrn;
/* Data part (defined just above) */
union iwreq_data u;
};
Reported by FlawFinder.
Line: 1067
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 cmd; /* Number of the ioctl to issue */
__u16 set_args; /* Type and number of args */
__u16 get_args; /* Type and number of args */
char name[IFNAMSIZ]; /* Name of the extension */
};
/* ----------------------- WIRELESS EVENTS ----------------------- */
/*
* Wireless events are carried through the rtnetlink socket to user
Reported by FlawFinder.
include/uapi/sound/sb16_csp.h
3 issues
Line: 68
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* microcode header */
struct snd_sb_csp_mc_header {
char codec_name[16]; /* id name of codec */
unsigned short func_req; /* requested function */
};
/* microcode to be loaded */
struct snd_sb_csp_microcode {
Reported by FlawFinder.
Line: 75
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* microcode to be loaded */
struct snd_sb_csp_microcode {
struct snd_sb_csp_mc_header info;
unsigned char data[SNDRV_SB_CSP_MAX_MICROCODE_FILE_SIZE];
};
/* start CSP with sample_width in mono/stereo */
struct snd_sb_csp_start {
int sample_width; /* sample width, look above */
Reported by FlawFinder.
Line: 86
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* CSP information */
struct snd_sb_csp_info {
char codec_name[16]; /* id name of codec */
unsigned short func_nr; /* function number */
unsigned int acc_format; /* accepted PCM formats */
unsigned short acc_channels; /* accepted channels */
unsigned short acc_width; /* accepted sample width */
unsigned short acc_rates; /* accepted sample rates */
Reported by FlawFinder.
include/uapi/video/uvesafb.h
3 issues
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* The VBE Info Block */
struct vbe_ib {
char vbe_signature[4];
__u16 vbe_version;
__u32 oem_string_ptr;
__u32 capabilities;
__u32 mode_list_ptr;
__u16 total_memory;
Reported by FlawFinder.
Line: 57
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 oem_product_name_ptr;
__u32 oem_product_rev_ptr;
__u8 reserved[222];
char oem_data[256];
char misc_data[512];
} __attribute__ ((packed));
#endif /* _UAPI_UVESAFB_H */
Reported by FlawFinder.
Line: 58
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 oem_product_rev_ptr;
__u8 reserved[222];
char oem_data[256];
char misc_data[512];
} __attribute__ ((packed));
#endif /* _UAPI_UVESAFB_H */
Reported by FlawFinder.
include/xen/interface/xen-mca.h
3 issues
Line: 203
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint32_t mc_vendor;
uint32_t mc_model;
uint32_t mc_step;
char mc_vendorid[16];
char mc_brandid[64];
uint32_t mc_cpu_caps[MC_NCAPS];
uint32_t mc_cache_size;
uint32_t mc_cache_alignment;
uint32_t mc_nmsrvals;
Reported by FlawFinder.
Line: 204
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint32_t mc_model;
uint32_t mc_step;
char mc_vendorid[16];
char mc_brandid[64];
uint32_t mc_cpu_caps[MC_NCAPS];
uint32_t mc_cache_size;
uint32_t mc_cache_alignment;
uint32_t mc_nmsrvals;
struct mcinfo_msr mc_msrvalues[__MC_MSR_ARRAYSIZE];
Reported by FlawFinder.
Line: 374
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define XEN_MCE_LOG_LEN 32
struct xen_mce_log {
char signature[12]; /* "MACHINECHECK" */
unsigned len; /* = XEN_MCE_LOG_LEN */
unsigned next;
unsigned flags;
unsigned recordlen; /* length of struct xen_mce */
struct xen_mce entry[XEN_MCE_LOG_LEN];
Reported by FlawFinder.