The following issues were found
crypto/ahash.c
2 issues
Line: 151
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
memcpy(alignbuffer, key, keylen);
ret = tfm->setkey(tfm, alignbuffer, keylen);
kfree_sensitive(buffer);
return ret;
}
Reported by FlawFinder.
Line: 261
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct ahash_request_priv *priv = req->priv;
if (!err)
memcpy(priv->result, req->result,
crypto_ahash_digestsize(crypto_ahash_reqtfm(req)));
/* Restore the original crypto request. */
req->result = priv->result;
Reported by FlawFinder.
crypto/asymmetric_keys/mscode_parser.c
2 issues
Line: 44
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
oid = look_up_OID(value, vlen);
if (oid == OID__NR) {
char buffer[50];
sprint_oid(value, vlen, buffer, sizeof(buffer));
pr_err("Unknown OID: %s\n", buffer);
return -EBADMSG;
}
Reported by FlawFinder.
Line: 73
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const void *value, size_t vlen)
{
struct pefile_context *ctx = context;
char buffer[50];
enum OID oid;
oid = look_up_OID(value, vlen);
switch (oid) {
case OID_md4:
Reported by FlawFinder.
drivers/net/wireless/broadcom/brcm80211/brcmfmac/flowring.c
2 issues
Line: 152
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!ring)
return -ENOMEM;
memcpy(hash[hash_idx].mac, mac, ETH_ALEN);
hash[hash_idx].fifo = fifo;
hash[hash_idx].ifidx = ifidx;
hash[hash_idx].flowid = i;
ring->hash_id = hash_idx;
Reported by FlawFinder.
Line: 490
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (tdls_entry == NULL)
return;
memcpy(tdls_entry->mac, peer, ETH_ALEN);
tdls_entry->next = NULL;
if (flow->tdls_entry == NULL) {
flow->tdls_entry = tdls_entry;
} else {
search = flow->tdls_entry;
Reported by FlawFinder.
drivers/net/ethernet/mediatek/mtk_ppe_debugfs.c
2 issues
Line: 86
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mtk_foe_entry *entry = &ppe->foe_table[i];
struct mtk_foe_mac_info *l2;
struct mtk_flow_addr_info ai = {};
unsigned char h_source[ETH_ALEN];
unsigned char h_dest[ETH_ALEN];
int type, state;
u32 ib2;
Reported by FlawFinder.
Line: 87
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mtk_foe_mac_info *l2;
struct mtk_flow_addr_info ai = {};
unsigned char h_source[ETH_ALEN];
unsigned char h_dest[ETH_ALEN];
int type, state;
u32 ib2;
state = FIELD_GET(MTK_FOE_IB1_STATE, entry->ib1);
Reported by FlawFinder.
drivers/net/ethernet/mediatek/mtk_ppe_offload.c
2 issues
Line: 80
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dest += 2;
}
memcpy(dest, src, act->mangle.mask ? 2 : 4);
}
static int
mtk_flow_mangle_ports(const struct flow_action_entry *act,
Reported by FlawFinder.
Line: 124
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
}
memcpy(dest, &act->mangle.val, sizeof(u32));
return 0;
}
static int
Reported by FlawFinder.
drivers/net/ethernet/lantiq_etop.c
2 issues
Line: 560
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err_hw;
ltq_etop_change_mtu(dev, 1500);
memcpy(&mac, &priv->pldata->mac, sizeof(struct sockaddr));
if (!is_valid_ether_addr(mac.sa_data)) {
pr_warn("etop: invalid MAC, using random\n");
eth_random_addr(mac.sa_data);
random_mac = true;
}
Reported by FlawFinder.
Line: 659
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
err = -ENOMEM;
goto err_out;
}
strcpy(dev->name, "eth%d");
dev->netdev_ops = <q_eth_netdev_ops;
dev->ethtool_ops = <q_etop_ethtool_ops;
priv = netdev_priv(dev);
priv->res = res;
priv->pdev = pdev;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx4/mlx4.h
2 issues
Line: 835
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlx4_port_info {
struct mlx4_dev *dev;
int port;
char dev_name[16];
struct device_attribute port_attr;
enum mlx4_port_type tmp_type;
char dev_mtu_name[16];
struct device_attribute port_mtu_attr;
struct mlx4_mac_table mac_table;
Reported by FlawFinder.
Line: 838
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char dev_name[16];
struct device_attribute port_attr;
enum mlx4_port_type tmp_type;
char dev_mtu_name[16];
struct device_attribute port_mtu_attr;
struct mlx4_mac_table mac_table;
struct mlx4_vlan_table vlan_table;
struct mlx4_roce_gid_table gid_table;
int base_qpn;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx4/mlx4_en.h
2 issues
Line: 561
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int registered;
int allocated;
int stride;
unsigned char current_mac[ETH_ALEN + 2];
int mac_index;
unsigned max_mtu;
int base_qpn;
int cqe_factor;
int cqe_size;
Reported by FlawFinder.
Line: 643
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlx4_mac_entry {
struct hlist_node hlist;
unsigned char mac[ETH_ALEN + 2];
u64 reg_id;
struct rcu_head rcu;
};
static inline struct mlx4_cqe *mlx4_en_get_cqe(void *buf, int idx, int cqe_sz)
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx4/qp.c
2 issues
Line: 177
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cpu_to_be16(mlx4_qp_roce_entropy(dev, qp->qpn));
*(__be32 *) mailbox->buf = cpu_to_be32(optpar);
memcpy(mailbox->buf + 8, context, sizeof(*context));
((struct mlx4_qp_context *) (mailbox->buf + 8))->local_qpn =
cpu_to_be32(qp->qpn);
ret = mlx4_cmd(dev, mailbox->dma,
Reported by FlawFinder.
Line: 907
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX4_CMD_QUERY_QP, MLX4_CMD_TIME_CLASS_A,
MLX4_CMD_WRAPPED);
if (!err)
memcpy(context, mailbox->buf + 8, sizeof(*context));
mlx4_free_cmd_mailbox(dev, mailbox);
return err;
}
EXPORT_SYMBOL_GPL(mlx4_qp_query);
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/accel/ipsec_offload.c
2 issues
Line: 149
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* salt and seq_iv */
salt_p = MLX5_ADDR_OF(ipsec_obj, obj, salt);
memcpy(salt_p, &aes_gcm->salt, sizeof(aes_gcm->salt));
switch (aes_gcm->icv_len) {
case 64:
MLX5_SET(ipsec_obj, obj, icv_length,
MLX5_IPSEC_OBJECT_ICV_LEN_8B);
Reported by FlawFinder.
Line: 168
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
}
salt_iv_p = MLX5_ADDR_OF(ipsec_obj, obj, implicit_iv);
memcpy(salt_iv_p, &aes_gcm->seq_iv, sizeof(aes_gcm->seq_iv));
/* esn */
if (attrs->accel_flags & MLX5_ACCEL_ESP_FLAGS_ESN_TRIGGERED) {
MLX5_SET(ipsec_obj, obj, esn_en, 1);
MLX5_SET(ipsec_obj, obj, esn_msb, attrs->esn_msb);
if (attrs->accel_flags & MLX5_ACCEL_ESP_FLAGS_ESN_STATE_OVERLAP)
Reported by FlawFinder.