Codekhana

fs/ext2/namei.c

2 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 192 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		/* fast symlink */
		inode->i_op = &ext2_fast_symlink_inode_operations;
		inode->i_link = (char*)EXT2_I(inode)->i_data;
		memcpy(inode->i_link, symname, l);
		inode->i_size = l-1;
	}
	mark_inode_dirty(inode);

	err = ext2_add_nondir(dentry, inode);

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)

Security

Line: 162 Column: 15 CWE codes: 126

              {
	struct super_block * sb = dir->i_sb;
	int err = -ENAMETOOLONG;
	unsigned l = strlen(symname)+1;
	struct inode * inode;

	if (l > sb->s_blocksize)
		goto out;

Reported by FlawFinder.

fs/ext2/super.c

2 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 1505 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              			bh = sb_bread(sb, tmp_bh.b_blocknr);
			if (!bh)
				return -EIO;
			memcpy(data, bh->b_data+offset, tocopy);
			brelse(bh);
		}
		offset = 0;
		toread -= tocopy;
		data += tocopy;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 1547 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              			goto out;
		}
		lock_buffer(bh);
		memcpy(bh->b_data+offset, data, tocopy);
		flush_dcache_page(bh->b_page);
		set_buffer_uptodate(bh);
		mark_buffer_dirty(bh);
		unlock_buffer(bh);
		brelse(bh);

Reported by FlawFinder.

fs/ext4/file.c

2 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 795 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              {
	struct ext4_sb_info *sbi = EXT4_SB(sb);
	struct path path;
	char buf[64], *cp;
	handle_t *handle;
	int err;

	if (likely(ext4_test_mount_flag(sb, EXT4_MF_MNTDIR_SAMPLED)))
		return 0;

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]

Security

Line: 829 Column: 2 CWE codes: 120

              	if (err)
		goto out_journal;
	lock_buffer(sbi->s_sbh);
	strncpy(sbi->s_es->s_last_mounted, cp,
		sizeof(sbi->s_es->s_last_mounted));
	ext4_superblock_csum_set(sb);
	unlock_buffer(sbi->s_sbh);
	ext4_handle_dirty_metadata(handle, NULL, sbi->s_sbh);
out_journal:

Reported by FlawFinder.

fs/ext4/inode.c

2 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 511 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              #ifdef ES_AGGRESSIVE_TEST
	struct ext4_map_blocks orig_map;

	memcpy(&orig_map, map, sizeof(*map));
#endif

	map->m_flags = 0;
	ext_debug(inode, "flag 0x%x, max_blocks %u, logical block %lu\n",
		  flags, map->m_len, (unsigned long) map->m_lblk);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 1702 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              #ifdef ES_AGGRESSIVE_TEST
	struct ext4_map_blocks orig_map;

	memcpy(&orig_map, map, sizeof(*map));
#endif

	if (invalid_block < ext4_blocks_count(EXT4_SB(inode->i_sb)->s_es))
		invalid_block = ~0;

Reported by FlawFinder.

fs/f2fs/node.h

2 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 198 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              						nm_i->bitmap_size))
		f2fs_bug_on(sbi, 1);
#endif
	memcpy(addr, nm_i->nat_bitmap, nm_i->bitmap_size);
}

static inline pgoff_t current_nat_addr(struct f2fs_sb_info *sbi, nid_t start)
{
	struct f2fs_nm_info *nm_i = NM_I(sbi);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 298 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              {
	struct f2fs_node *src_rn = F2FS_NODE(src);
	struct f2fs_node *dst_rn = F2FS_NODE(dst);
	memcpy(&dst_rn->footer, &src_rn->footer, sizeof(struct node_footer));
}

static inline void fill_node_footer_blkaddr(struct page *page, block_t blkaddr)
{
	struct f2fs_checkpoint *ckpt = F2FS_CKPT(F2FS_P_SB(page));

Reported by FlawFinder.

fs/f2fs/verity.c

2 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 58 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              			return PTR_ERR(page);

		addr = kmap_atomic(page);
		memcpy(buf, addr + offset_in_page(pos), n);
		kunmap_atomic(addr);

		put_page(page);

		buf += n;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 94 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              			return res;

		addr = kmap_atomic(page);
		memcpy(addr + offset_in_page(pos), buf, n);
		kunmap_atomic(addr);

		res = pagecache_write_end(NULL, inode->i_mapping, pos, n, n,
					  page, fsdata);
		if (res < 0)

Reported by FlawFinder.

fs/fat/fat.h

2 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 280 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		src += 2;
	}
#else
	memcpy(dst, src, len * 2);
#endif
}

static inline int fat_get_start(const struct msdos_sb_info *sbi,
				const struct msdos_dir_entry *de)

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 309 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		src++;
	}
#else
	memcpy(dst, src, len * 2);
#endif
}

/* fat/cache.c */
extern void fat_cache_inval_inode(struct inode *inode);

Reported by FlawFinder.

fs/fat/inode.c

2 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 1615 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	u32 total_sectors, total_clusters, fat_clusters, rootdir_sectors;
	int debug;
	long error;
	char buf[50];
	struct timespec64 ts;

	/*
	 * GFP_KERNEL is ok here, because while we do hold the
	 * superblock lock, memory pressure can't call back into

Reported by FlawFinder.

sprintf - Does not check for buffer overflows

Security

Line: 1828 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf

              	 */

	error = -EINVAL;
	sprintf(buf, "cp%d", sbi->options.codepage);
	sbi->nls_disk = load_nls(buf);
	if (!sbi->nls_disk) {
		fat_msg(sb, KERN_ERR, "codepage %s not found", buf);
		goto out_fail;
	}

Reported by FlawFinder.

fs/file_table.c

2 issues

read - Check buffer boundaries if used in a loop including recursive loops

Security

Line: 202 Column: 19 CWE codes: 120 20

              	file->f_wb_err = filemap_sample_wb_err(file->f_mapping);
	file->f_sb_err = file_sample_sb_err(file);
	if ((file->f_mode & FMODE_READ) &&
	     likely(fop->read || fop->read_iter))
		file->f_mode |= FMODE_CAN_READ;
	if ((file->f_mode & FMODE_WRITE) &&
	     likely(fop->write || fop->write_iter))
		file->f_mode |= FMODE_CAN_WRITE;
	file->f_mode |= FMODE_OPENED;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)

Security

Line: 221 Column: 37 CWE codes: 126

              	static const struct dentry_operations anon_ops = {
		.d_dname = simple_dname
	};
	struct qstr this = QSTR_INIT(name, strlen(name));
	struct path path;
	struct file *file;

	path.dentry = d_alloc_pseudo(mnt->mnt_sb, &this);
	if (!path.dentry)

Reported by FlawFinder.

fs/fs_struct.c

2 issues

umask - Ensure that umask is given most restrictive possible setting (e.g., 066 or 077)

Security

Line: 121 Column: 20 CWE codes: 732

              		fs->in_exec = 0;
		spin_lock_init(&fs->lock);
		seqcount_spinlock_init(&fs->seq, &fs->lock);
		fs->umask = old->umask;

		spin_lock(&old->lock);
		fs->root = old->root;
		path_get(&fs->root);
		fs->pwd = old->pwd;

Reported by FlawFinder.

umask - Ensure that umask is given most restrictive possible setting (e.g., 066 or 077)

Security

Line: 158 Column: 22 CWE codes: 732

              
int current_umask(void)
{
	return current->fs->umask;
}
EXPORT_SYMBOL(current_umask);

/* to be mentioned only in INIT_TASK */
struct fs_struct init_fs = {

Reported by FlawFinder.

Modal title

The following issues were found

fs/ext2/namei.c

2 issues

fs/ext2/super.c

2 issues

fs/ext4/file.c

2 issues

fs/ext4/inode.c

2 issues

fs/f2fs/node.h

2 issues

fs/f2fs/verity.c

2 issues

fs/fat/fat.h

2 issues

fs/fat/inode.c

2 issues

fs/file_table.c

2 issues

fs/fs_struct.c

2 issues