The following issues were found
include/trace/events/rxrpc.h
2 issues
Line: 713
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
),
TP_fast_assign(
memcpy(__entry->why, why, 4);
__entry->call_nr = call_nr;
__entry->cid = cid;
__entry->call_id = call_id;
__entry->abort_code = abort_code;
__entry->error = error;
Reported by FlawFinder.
Line: 1419
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
TP_fast_assign(
__entry->call = call->debug_id;
__entry->ix = ix;
memcpy(__entry->anno, call->rxtx_annotations, 64);
),
TP_printk("c=%08x ix=%u a=%64phN",
__entry->call,
__entry->ix,
Reported by FlawFinder.
include/uapi/linux/netfilter_bridge/ebt_stp.h
2 issues
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ebt_stp_config_info {
__u8 flags;
__u16 root_priol, root_priou;
char root_addr[6], root_addrmsk[6];
__u32 root_costl, root_costu;
__u16 sender_priol, sender_priou;
char sender_addr[6], sender_addrmsk[6];
__u16 portl, portu;
__u16 msg_agel, msg_ageu;
Reported by FlawFinder.
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char root_addr[6], root_addrmsk[6];
__u32 root_costl, root_costu;
__u16 sender_priol, sender_priou;
char sender_addr[6], sender_addrmsk[6];
__u16 portl, portu;
__u16 msg_agel, msg_ageu;
__u16 max_agel, max_ageu;
__u16 hello_timel, hello_timeu;
__u16 forward_delayl, forward_delayu;
Reported by FlawFinder.
net/ipv6/raw.c
2 issues
Line: 711
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct raw6_frag_vec {
struct msghdr *msg;
int hlen;
char c[4];
};
static int rawv6_probe_proto_opt(struct raw6_frag_vec *rfv, struct flowi6 *fl6)
{
int err = 0;
Reported by FlawFinder.
Line: 744
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int copy = min(rfv->hlen - offset, len);
if (skb->ip_summed == CHECKSUM_PARTIAL)
memcpy(to, rfv->c + offset, copy);
else
skb->csum = csum_block_add(
skb->csum,
csum_partial_copy_nocheck(rfv->c + offset,
to, copy),
Reported by FlawFinder.
include/net/lib80211.h
2 issues
Line: 106
Column: 30
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
so just point to that. */
spinlock_t *lock;
struct lib80211_crypt_data *crypt[NUM_WEP_KEYS];
int tx_keyidx; /* default TX key index (crypt[tx_keyidx]) */
struct list_head crypt_deinit_list;
struct timer_list crypt_deinit_timer;
int crypt_quiesced;
};
Reported by FlawFinder.
Line: 120
Column: 38
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
int lib80211_unregister_crypto_ops(struct lib80211_crypto_ops *ops);
struct lib80211_crypto_ops *lib80211_get_crypto_ops(const char *name);
void lib80211_crypt_delayed_deinit(struct lib80211_crypt_info *info,
struct lib80211_crypt_data **crypt);
#endif /* LIB80211_H */
Reported by FlawFinder.
lib/842/842_decompress.c
2 issues
Line: 205
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(unsigned long)total,
(unsigned long)beN_to_cpu(&p->ostart[offset], size));
memcpy(p->out, &p->ostart[offset], size);
p->out += size;
p->olen -= size;
return 0;
}
Reported by FlawFinder.
Line: 319
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOSPC;
while (rep-- > 0) {
memcpy(p.out, p.out - 8, 8);
p.out += 8;
p.olen -= 8;
}
if (sw842_template_counts)
Reported by FlawFinder.
mm/kasan/shadow.c
2 issues
Line: 62
Column: 8
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
#endif
#undef memcpy
void *memcpy(void *dest, const void *src, size_t len)
{
if (!kasan_check_range((unsigned long)src, len, false, _RET_IP_) ||
!kasan_check_range((unsigned long)dest, len, true, _RET_IP_))
return NULL;
Reported by FlawFinder.
Line: 63
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#endif
#undef memcpy
void *memcpy(void *dest, const void *src, size_t len)
{
if (!kasan_check_range((unsigned long)src, len, false, _RET_IP_) ||
!kasan_check_range((unsigned long)dest, len, true, _RET_IP_))
return NULL;
Reported by FlawFinder.
net/netrom/nr_subr.c
2 issues
Line: 163
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*dptr++ = 0;
*dptr++ = frametype;
*dptr++ = nr->window;
memcpy(dptr, &nr->user_addr, AX25_ADDR_LEN);
dptr[6] &= ~AX25_CBIT;
dptr[6] &= ~AX25_EBIT;
dptr[6] |= AX25_SSSID_SPARE;
dptr += AX25_ADDR_LEN;
memcpy(dptr, &nr->source_addr, AX25_ADDR_LEN);
Reported by FlawFinder.
Line: 168
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dptr[6] &= ~AX25_EBIT;
dptr[6] |= AX25_SSSID_SPARE;
dptr += AX25_ADDR_LEN;
memcpy(dptr, &nr->source_addr, AX25_ADDR_LEN);
dptr[6] &= ~AX25_CBIT;
dptr[6] &= ~AX25_EBIT;
dptr[6] |= AX25_SSSID_SPARE;
dptr += AX25_ADDR_LEN;
*dptr++ = timeout % 256;
Reported by FlawFinder.
include/net/iucv/iucv.h
2 issues
Line: 278
Column: 25
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
* Returns the result of the CP IUCV call.
*/
int iucv_path_connect(struct iucv_path *path, struct iucv_handler *handler,
u8 *userid, u8 *system, u8 *userdata,
void *private);
/**
* iucv_path_quiesce:
* @path: address of iucv path structure
Reported by FlawFinder.
Line: 486
Column: 20
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
u8 userdata[16], void *private);
int (*path_connect)(struct iucv_path *path,
struct iucv_handler *handler,
u8 userid[8], u8 system[8], u8 userdata[16], void *private);
int (*path_quiesce)(struct iucv_path *path, u8 userdata[16]);
int (*path_resume)(struct iucv_path *path, u8 userdata[16]);
int (*path_sever)(struct iucv_path *path, u8 userdata[16]);
int (*iucv_register)(struct iucv_handler *handler, int smp);
void (*iucv_unregister)(struct iucv_handler *handler, int smp);
Reported by FlawFinder.
include/net/ipv6.h
2 issues
Line: 525
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
b = plen & 0x7;
memset(pfx->s6_addr, 0, sizeof(pfx->s6_addr));
memcpy(pfx->s6_addr, addr, o);
if (b != 0)
pfx->s6_addr[o] = addr->s6_addr[o] & (0xff00 >> b);
}
static inline void ipv6_addr_prefix_copy(struct in6_addr *addr,
Reported by FlawFinder.
Line: 538
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int o = plen >> 3,
b = plen & 0x7;
memcpy(addr->s6_addr, pfx, o);
if (b != 0) {
addr->s6_addr[o] &= ~(0xff00 >> b);
addr->s6_addr[o] |= (pfx->s6_addr[o] & (0xff00 >> b));
}
}
Reported by FlawFinder.
include/net/ip_tunnels.h
2 issues
Line: 472
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void ip_tunnel_info_opts_get(void *to,
const struct ip_tunnel_info *info)
{
memcpy(to, info + 1, info->options_len);
}
static inline void ip_tunnel_info_opts_set(struct ip_tunnel_info *info,
const void *from, int len,
__be16 flags)
Reported by FlawFinder.
Line: 481
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
info->options_len = len;
if (len > 0) {
memcpy(ip_tunnel_info_opts(info), from, len);
info->key.tun_flags |= flags;
}
}
static inline struct ip_tunnel_info *lwt_tun_info(struct lwtunnel_state *lwtstate)
Reported by FlawFinder.