The following issues were found
drivers/net/ethernet/marvell/prestera/prestera_devlink.c
2 issues
Line: 359
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct netlink_ext_ack *extack)
{
struct prestera_switch *sw = devlink_priv(dl);
char buf[16];
int err;
err = devlink_info_driver_name_put(req, PRESTERA_DRV_NAME);
if (err)
return err;
Reported by FlawFinder.
Line: 453
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
attrs.flavour = DEVLINK_PORT_FLAVOUR_PHYSICAL;
attrs.phys.port_number = port->fp_id;
attrs.switch_id.id_len = sizeof(sw->id);
memcpy(attrs.switch_id.id, &sw->id, attrs.switch_id.id_len);
devlink_port_attrs_set(&port->dl_port, &attrs);
err = devlink_port_register(dl, &port->dl_port, port->fp_id);
if (err) {
Reported by FlawFinder.
drivers/net/ethernet/marvell/prestera/prestera_pci.c
2 issues
Line: 643
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
int err;
pick_fw_ver:
snprintf(fw_path, sizeof(fw_path), PRESTERA_FW_PATH_FMT,
ver_maj, ver_min);
err = request_firmware_direct(&fw->bin, fw_path, fw->dev.dev);
if (err) {
if (ver_maj == PRESTERA_SUPP_FW_MAJ_VER) {
Reported by FlawFinder.
Line: 639
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ver_maj = PRESTERA_SUPP_FW_MAJ_VER;
int ver_min = PRESTERA_SUPP_FW_MIN_VER;
char fw_path[128];
int err;
pick_fw_ver:
snprintf(fw_path, sizeof(fw_path), PRESTERA_FW_PATH_FMT,
ver_maj, ver_min);
Reported by FlawFinder.
lib/kasprintf.c
2 issues
Line: 22
Column: 10
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list aq;
va_copy(aq, ap);
first = vsnprintf(NULL, 0, fmt, aq);
va_end(aq);
p = kmalloc_track_caller(first+1, gfp);
if (!p)
return NULL;
Reported by FlawFinder.
Line: 29
Column: 11
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!p)
return NULL;
second = vsnprintf(p, first+1, fmt, ap);
WARN(first != second, "different return values (%u and %u) from vsnprintf(\"%s\", ...)",
first, second, fmt);
return p;
}
Reported by FlawFinder.
net/ipv4/inet_connection_sock.c
2 issues
Line: 716
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
req_sk = req_to_sk(req);
nreq_sk = req_to_sk(nreq);
memcpy(nreq_sk, req_sk,
offsetof(struct sock, sk_dontcopy_begin));
memcpy(&nreq_sk->sk_dontcopy_end, &req_sk->sk_dontcopy_end,
req->rsk_ops->obj_size - offsetof(struct sock, sk_dontcopy_end));
sk_node_init(&nreq_sk->sk_node);
Reported by FlawFinder.
Line: 718
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(nreq_sk, req_sk,
offsetof(struct sock, sk_dontcopy_begin));
memcpy(&nreq_sk->sk_dontcopy_end, &req_sk->sk_dontcopy_end,
req->rsk_ops->obj_size - offsetof(struct sock, sk_dontcopy_end));
sk_node_init(&nreq_sk->sk_node);
nreq_sk->sk_tx_queue_mapping = req_sk->sk_tx_queue_mapping;
#ifdef CONFIG_XPS
Reported by FlawFinder.
include/pcmcia/ds.h
2 issues
Line: 141
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 manf_id;
u16 card_id;
char *prod_id[4];
u64 dma_mask;
struct device dev;
/* data private to drivers */
Reported by FlawFinder.
Line: 148
Column: 16
CWE codes:
362
/* data private to drivers */
void *priv;
unsigned int open;
};
#define to_pcmcia_dev(n) container_of(n, struct pcmcia_device, dev)
#define to_pcmcia_drv(n) container_of(n, struct pcmcia_driver, drv)
Reported by FlawFinder.
net/bluetooth/af_bluetooth.c
2 issues
Line: 46
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static DEFINE_RWLOCK(bt_proto_lock);
static struct lock_class_key bt_lock_key[BT_MAX_PROTO];
static const char *const bt_key_strings[BT_MAX_PROTO] = {
"sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP",
"sk_lock-AF_BLUETOOTH-BTPROTO_HCI",
"sk_lock-AF_BLUETOOTH-BTPROTO_SCO",
"sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM",
"sk_lock-AF_BLUETOOTH-BTPROTO_BNEP",
Reported by FlawFinder.
Line: 58
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
static struct lock_class_key bt_slock_key[BT_MAX_PROTO];
static const char *const bt_slock_key_strings[BT_MAX_PROTO] = {
"slock-AF_BLUETOOTH-BTPROTO_L2CAP",
"slock-AF_BLUETOOTH-BTPROTO_HCI",
"slock-AF_BLUETOOTH-BTPROTO_SCO",
"slock-AF_BLUETOOTH-BTPROTO_RFCOMM",
"slock-AF_BLUETOOTH-BTPROTO_BNEP",
Reported by FlawFinder.
kernel/rcu/tree_stall.h
2 issues
Line: 355
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct rcu_data *rdp = &per_cpu(rcu_data, cpu);
sprintf(cp, "last_accelerate: %04lx/%04lx dyntick_enabled: %d",
rdp->last_accelerate & 0xffff, jiffies & 0xffff,
!!rdp->tick_nohz_enabled_snap);
}
#else /* #ifdef CONFIG_RCU_FAST_NO_HZ */
Reported by FlawFinder.
Line: 416
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned long delta;
bool falsepositive;
char fast_no_hz[72];
struct rcu_data *rdp = per_cpu_ptr(&rcu_data, cpu);
char *ticks_title;
unsigned long ticks_value;
/*
Reported by FlawFinder.
net/bluetooth/bnep/bnep.h
2 issues
Line: 113
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int sock; /* Connected socket */
__u32 flags;
__u16 role;
char device[16]; /* Name of the Ethernet device */
};
struct bnep_conndel_req {
__u32 flags;
__u8 dst[ETH_ALEN];
Reported by FlawFinder.
Line: 126
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u16 role;
__u16 state;
__u8 dst[ETH_ALEN];
char device[16];
};
struct bnep_connlist_req {
__u32 cnum;
struct bnep_conninfo __user *ci;
Reported by FlawFinder.
include/net/tc_act/tc_vlan.h
2 issues
Line: 14
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tcf_vlan_params {
int tcfv_action;
unsigned char tcfv_push_dst[ETH_ALEN];
unsigned char tcfv_push_src[ETH_ALEN];
u16 tcfv_push_vid;
__be16 tcfv_push_proto;
u8 tcfv_push_prio;
bool tcfv_push_prio_exists;
Reported by FlawFinder.
Line: 15
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tcf_vlan_params {
int tcfv_action;
unsigned char tcfv_push_dst[ETH_ALEN];
unsigned char tcfv_push_src[ETH_ALEN];
u16 tcfv_push_vid;
__be16 tcfv_push_proto;
u8 tcfv_push_prio;
bool tcfv_push_prio_exists;
struct rcu_head rcu;
Reported by FlawFinder.
net/ipv4/ip_tunnel_core.c
2 issues
Line: 143
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst = &res->u.tun_info;
dst->key.tun_id = src->key.tun_id;
if (src->mode & IP_TUNNEL_INFO_IPV6)
memcpy(&dst->key.u.ipv6.dst, &src->key.u.ipv6.src,
sizeof(struct in6_addr));
else
dst->key.u.ipv4.dst = src->key.u.ipv4.src;
dst->key.tun_flags = src->key.tun_flags;
dst->mode = src->mode | IP_TUNNEL_INFO_TX;
Reported by FlawFinder.
Line: 494
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (info) {
struct geneve_opt *opt = ip_tunnel_info_opts(info) + opts_len;
memcpy(opt->opt_data, nla_data(attr), data_len);
opt->length = data_len / 4;
attr = tb[LWTUNNEL_IP_OPT_GENEVE_CLASS];
opt->opt_class = nla_get_be16(attr);
attr = tb[LWTUNNEL_IP_OPT_GENEVE_TYPE];
opt->type = nla_get_u8(attr);
Reported by FlawFinder.