The following issues were found
net/smc/smc_core.h
3 issues
Line: 132
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 link_is_asym; /* is link asymmetric? */
struct smc_link_group *lgr; /* parent link group */
struct work_struct link_down_wrk; /* wrk to bring link down */
char ibname[IB_DEVICE_NAME_MAX]; /* ib device name */
int ndev_ifidx; /* network device ifindex */
enum smc_link_state state; /* state of link */
struct delayed_work llc_testlink_wrk; /* testlink worker */
struct completion llc_testlink_resp; /* wait for rx of testlink */
Reported by FlawFinder.
Line: 253
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* client or server */
struct smc_link lnk[SMC_LINKS_PER_LGR_MAX];
/* smc link */
char peer_systemid[SMC_SYSTEMID_LEN];
/* unique system_id of peer */
struct smc_rtoken rtokens[SMC_RMBS_PER_LGR_MAX]
[SMC_LINKS_PER_LGR_MAX];
/* remote addr/key pairs */
DECLARE_BITMAP(rtokens_used_mask, SMC_RMBS_PER_LGR_MAX);
Reported by FlawFinder.
Line: 376
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static inline void smc_gid_be16_convert(__u8 *buf, u8 *gid_raw)
{
sprintf(buf, "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x",
be16_to_cpu(((__be16 *)gid_raw)[0]),
be16_to_cpu(((__be16 *)gid_raw)[1]),
be16_to_cpu(((__be16 *)gid_raw)[2]),
be16_to_cpu(((__be16 *)gid_raw)[3]),
be16_to_cpu(((__be16 *)gid_raw)[4]),
Reported by FlawFinder.
net/xfrm/xfrm_replay.c
3 issues
Line: 88
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
}
memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
c.event = XFRM_MSG_NEWAE;
c.data.aevent = event;
km_state_notify(x, &c);
if (x->replay_maxage &&
Reported by FlawFinder.
Line: 345
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
}
memcpy(x->preplay_esn, x->replay_esn,
xfrm_replay_state_esn_len(replay_esn));
c.event = XFRM_MSG_NEWAE;
c.data.aevent = event;
km_state_notify(x, &c);
Reported by FlawFinder.
Line: 411
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
}
memcpy(x->preplay_esn, x->replay_esn,
xfrm_replay_state_esn_len(replay_esn));
c.event = XFRM_MSG_NEWAE;
c.data.aevent = event;
km_state_notify(x, &c);
Reported by FlawFinder.
scripts/kconfig/tests/preprocess/escape/__init__.py
3 issues
Line: 6
Column: 1
Escape sequence tests.
"""
def test(conf):
assert conf.oldaskconfig() == 0
assert conf.stderr_matches('expected_stderr')
Reported by Pylint.
Line: 7
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
"""
def test(conf):
assert conf.oldaskconfig() == 0
assert conf.stderr_matches('expected_stderr')
Reported by Bandit.
Line: 8
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def test(conf):
assert conf.oldaskconfig() == 0
assert conf.stderr_matches('expected_stderr')
Reported by Bandit.
scripts/kconfig/tests/no_write_if_dep_unmet/__init__.py
3 issues
Line: 18
Column: 1
"""
def test(conf):
assert conf.oldaskconfig('config', 'n') == 0
assert conf.config_matches('expected_config')
Reported by Pylint.
Line: 19
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def test(conf):
assert conf.oldaskconfig('config', 'n') == 0
assert conf.config_matches('expected_config')
Reported by Bandit.
Line: 20
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def test(conf):
assert conf.oldaskconfig('config', 'n') == 0
assert conf.config_matches('expected_config')
Reported by Bandit.
net/tls/tls_device.c
3 issues
Line: 768
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
prot = &tls_ctx->prot_info;
rx_ctx = tls_offload_ctx_rx(tls_ctx);
memcpy(rcd_sn, tls_ctx->rx.rec_seq, prot->rec_seq_size);
switch (rx_ctx->resync_type) {
case TLS_OFFLOAD_SYNC_TYPE_DRIVER_REQ:
resync_req = atomic64_read(&rx_ctx->resync_req);
req_seq = resync_req >> 32;
Reported by FlawFinder.
Line: 854
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct tls_prot_info *prot = &tls_ctx->prot_info;
u8 rcd_sn[TLS_MAX_REC_SEQ_SIZE];
memcpy(rcd_sn, tls_ctx->rx.rec_seq, prot->rec_seq_size);
tls_bigint_increment(rcd_sn, prot->rec_seq_size);
tls_device_resync_rx(tls_ctx, sk, tcp_sk(sk)->copied_seq,
rcd_sn);
}
Reported by FlawFinder.
Line: 1083
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto free_offload_ctx;
}
memcpy(ctx->tx.iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv, iv_size);
prot->rec_seq_size = rec_seq_size;
ctx->tx.rec_seq = kmemdup(rec_seq, rec_seq_size, GFP_KERNEL);
if (!ctx->tx.rec_seq) {
rc = -ENOMEM;
Reported by FlawFinder.
sound/pci/echoaudio/midi.c
3 issues
Line: 315
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
return err;
strcpy(chip->rmidi->name, card->shortname);
chip->rmidi->private_data = chip;
snd_rawmidi_set_ops(chip->rmidi, SNDRV_RAWMIDI_STREAM_INPUT,
&snd_echo_midi_input);
snd_rawmidi_set_ops(chip->rmidi, SNDRV_RAWMIDI_STREAM_OUTPUT,
Reported by FlawFinder.
Line: 73
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
chip->comm_page->midi_output[0] = bytes;
memcpy(&chip->comm_page->midi_output[1], data, bytes);
chip->comm_page->midi_out_free_count = 0;
clear_handshake(chip);
send_vector(chip, DSP_VC_MIDI_WRITE);
dev_dbg(chip->card->dev, "write_midi: %d\n", bytes);
return bytes;
Reported by FlawFinder.
Line: 207
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct echoaudio *chip = from_timer(chip, t, timer);
unsigned long flags;
int bytes, sent, time;
unsigned char buf[MIDI_OUT_BUFFER_SIZE - 1];
/* No interrupts are involved: we have to check at regular intervals
if the card's output buffer has room for new data. */
sent = bytes = 0;
spin_lock_irqsave(&chip->lock, flags);
Reported by FlawFinder.
net/smc/smc_diag.c
3 issues
Line: 51
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
r->id.idiag_dst[0] = smc->clcsock->sk->sk_daddr;
#if IS_ENABLED(CONFIG_IPV6)
} else if (sk->sk_protocol == SMCPROTO_SMC6) {
memcpy(&r->id.idiag_src, &smc->clcsock->sk->sk_v6_rcv_saddr,
sizeof(smc->clcsock->sk->sk_v6_rcv_saddr));
memcpy(&r->id.idiag_dst, &smc->clcsock->sk->sk_v6_daddr,
sizeof(smc->clcsock->sk->sk_v6_daddr));
#endif
}
Reported by FlawFinder.
Line: 53
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (sk->sk_protocol == SMCPROTO_SMC6) {
memcpy(&r->id.idiag_src, &smc->clcsock->sk->sk_v6_rcv_saddr,
sizeof(smc->clcsock->sk->sk_v6_rcv_saddr));
memcpy(&r->id.idiag_dst, &smc->clcsock->sk->sk_v6_daddr,
sizeof(smc->clcsock->sk->sk_v6_daddr));
#endif
}
}
Reported by FlawFinder.
Line: 154
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
.lnk[0].link_id = smc->conn.lnk->link_id,
};
memcpy(linfo.lnk[0].ibname,
smc->conn.lgr->lnk[0].smcibdev->ibdev->name,
sizeof(smc->conn.lnk->smcibdev->ibdev->name));
smc_gid_be16_convert(linfo.lnk[0].gid,
smc->conn.lnk->gid);
smc_gid_be16_convert(linfo.lnk[0].peer_gid,
Reported by FlawFinder.
net/xfrm/espintcp.c
3 issues
Line: 323
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iov_iter pfx_iter;
struct kvec pfx_iov = {};
size_t msglen = size + 2;
char buf[2] = {0};
int err, end;
if (msg->msg_flags & ~MSG_DONTWAIT)
return -EOPNOTSUPP;
Reported by FlawFinder.
Line: 561
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const struct proto *orig_prot,
const struct proto_ops *orig_ops)
{
memcpy(espintcp_prot, orig_prot, sizeof(struct proto));
memcpy(espintcp_ops, orig_ops, sizeof(struct proto_ops));
espintcp_prot->sendmsg = espintcp_sendmsg;
espintcp_prot->recvmsg = espintcp_recvmsg;
espintcp_prot->close = espintcp_close;
espintcp_prot->release_cb = espintcp_release;
Reported by FlawFinder.
Line: 562
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const struct proto_ops *orig_ops)
{
memcpy(espintcp_prot, orig_prot, sizeof(struct proto));
memcpy(espintcp_ops, orig_ops, sizeof(struct proto_ops));
espintcp_prot->sendmsg = espintcp_sendmsg;
espintcp_prot->recvmsg = espintcp_recvmsg;
espintcp_prot->close = espintcp_close;
espintcp_prot->release_cb = espintcp_release;
espintcp_ops->poll = espintcp_poll;
Reported by FlawFinder.
sound/soc/intel/catpt/loader.c
3 issues
Line: 21
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define FW_SIGNATURE_SIZE 4
struct catpt_fw_hdr {
char signature[FW_SIGNATURE_SIZE];
u32 file_size;
u32 modules;
u32 file_format;
u32 reserved[4];
} __packed;
Reported by FlawFinder.
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} __packed;
struct catpt_fw_mod_hdr {
char signature[FW_SIGNATURE_SIZE];
u32 mod_size;
u32 blocks;
u16 slot;
u16 module_id;
u32 entry_point;
Reported by FlawFinder.
Line: 568
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto release_fw;
}
memcpy(vaddr, img->data, img->size);
fw = (struct catpt_fw_hdr *)vaddr;
if (restore)
ret = catpt_restore_firmware(cdev, chan, paddr, fw);
else
ret = catpt_load_firmware(cdev, chan, paddr, fw);
Reported by FlawFinder.
sound/pci/ctxfi/xfi.c
3 issues
Line: 30
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
module_param(multiple, uint, 0444);
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX;
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR;
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP;
static unsigned int subsystem[SNDRV_CARDS];
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for Creative X-Fi driver");
Reported by FlawFinder.
Line: 101
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
goto error;
strcpy(card->driver, "SB-XFi");
strcpy(card->shortname, "Creative X-Fi");
snprintf(card->longname, sizeof(card->longname), "%s %s %s",
card->shortname, atc->chip_name, atc->model_name);
err = snd_card_register(card);
Reported by FlawFinder.
Line: 102
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto error;
strcpy(card->driver, "SB-XFi");
strcpy(card->shortname, "Creative X-Fi");
snprintf(card->longname, sizeof(card->longname), "%s %s %s",
card->shortname, atc->chip_name, atc->model_name);
err = snd_card_register(card);
if (err < 0)
Reported by FlawFinder.