The following issues were found
lib/parser.c
2 issues
Line: 340
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (size) {
size_t len = ret >= size ? size - 1 : ret;
memcpy(dest, src->from, len);
dest[len] = '\0';
}
return ret;
}
EXPORT_SYMBOL(match_strlcpy);
Reported by FlawFinder.
Line: 60
Column: 21
CWE codes:
126
args[argc].from = s;
switch (*p++) {
case 's': {
size_t str_len = strlen(s);
if (str_len == 0)
return 0;
if (len == -1 || len > str_len)
len = str_len;
Reported by FlawFinder.
include/net/ip.h
2 issues
Line: 616
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void ip_ipgre_mc_map(__be32 naddr, const unsigned char *broadcast, char *buf)
{
if ((broadcast[0] | broadcast[1] | broadcast[2] | broadcast[3]) != 0)
memcpy(buf, broadcast, 4);
else
memcpy(buf, &naddr, sizeof(naddr));
}
#if IS_ENABLED(CONFIG_IPV6)
Reported by FlawFinder.
Line: 618
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((broadcast[0] | broadcast[1] | broadcast[2] | broadcast[3]) != 0)
memcpy(buf, broadcast, 4);
else
memcpy(buf, &naddr, sizeof(naddr));
}
#if IS_ENABLED(CONFIG_IPV6)
#include <linux/ipv6.h>
#endif
Reported by FlawFinder.
net/netfilter/nft_exthdr.c
2 issues
Line: 78
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int ipv4_find_option(struct net *net, struct sk_buff *skb,
unsigned int *offset, int target)
{
unsigned char optbuf[sizeof(struct ip_options) + 40];
struct ip_options *opt = (struct ip_options *)optbuf;
struct iphdr *iph, _iph;
unsigned int start;
bool found = false;
__be32 info;
Reported by FlawFinder.
Line: 214
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*dest = 1;
} else {
dest[priv->len / NFT_REG32_SIZE] = 0;
memcpy(dest, opt + offset, priv->len);
}
return;
}
Reported by FlawFinder.
net/bridge/br_stp_bpdu.c
2 issues
Line: 81
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* called under bridge lock */
void br_send_config_bpdu(struct net_bridge_port *p, struct br_config_bpdu *bpdu)
{
unsigned char buf[35];
if (p->br->stp_enabled != BR_KERNEL_STP)
return;
buf[0] = 0;
Reported by FlawFinder.
Line: 128
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* called under bridge lock */
void br_send_tcn_bpdu(struct net_bridge_port *p)
{
unsigned char buf[4];
if (p->br->stp_enabled != BR_KERNEL_STP)
return;
buf[0] = 0;
Reported by FlawFinder.
include/net/inet_sock.h
2 issues
Line: 65
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ip_options_data {
struct ip_options_rcu opt;
char data[40];
};
struct inet_request_sock {
struct request_sock req;
#define ir_loc_addr req.__req_common.skc_rcv_saddr
Reported by FlawFinder.
Line: 296
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const struct sock *sk_from,
const int ancestor_size)
{
memcpy(inet_sk(sk_to) + 1, inet_sk(sk_from) + 1,
sk_from->sk_prot->obj_size - ancestor_size);
}
int inet_sk_rebuild_header(struct sock *sk);
Reported by FlawFinder.
include/net/ieee802154_netdev.h
2 issues
Line: 157
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
u64 temp;
memcpy(&temp, raw, IEEE802154_ADDR_LEN);
return (__force __le64)swab64(temp);
}
static inline void ieee802154_devaddr_to_raw(void *raw, __le64 addr)
{
Reported by FlawFinder.
Line: 165
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
u64 temp = swab64((__force u64)addr);
memcpy(raw, &temp, IEEE802154_ADDR_LEN);
}
static inline void ieee802154_addr_from_sa(struct ieee802154_addr *a,
const struct ieee802154_addr_sa *sa)
{
Reported by FlawFinder.
include/net/genetlink.h
2 issues
Line: 16
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @name: name of the multicast group, names are per-family
*/
struct genl_multicast_group {
char name[GENL_NAMSIZ];
u8 flags;
};
struct genl_ops;
struct genl_info;
Reported by FlawFinder.
Line: 51
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct genl_family {
int id; /* private */
unsigned int hdrsize;
char name[GENL_NAMSIZ];
unsigned int version;
unsigned int maxattr;
unsigned int mcgrp_offset; /* private */
u8 netnsok:1;
u8 parallel_ops:1;
Reported by FlawFinder.
include/net/fib_rules.h
2 issues
Line: 41
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 pref;
int suppress_ifgroup;
int suppress_prefixlen;
char iifname[IFNAMSIZ];
char oifname[IFNAMSIZ];
struct fib_kuid_range uid_range;
struct fib_rule_port_range sport_range;
struct fib_rule_port_range dport_range;
struct rcu_head rcu;
Reported by FlawFinder.
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int suppress_ifgroup;
int suppress_prefixlen;
char iifname[IFNAMSIZ];
char oifname[IFNAMSIZ];
struct fib_kuid_range uid_range;
struct fib_rule_port_range sport_range;
struct fib_rule_port_range dport_range;
struct rcu_head rcu;
};
Reported by FlawFinder.
kernel/rcu/tasks.h
2 issues
Line: 1282
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if !defined(CONFIG_TINY_RCU)
void show_rcu_tasks_trace_gp_kthread(void)
{
char buf[64];
sprintf(buf, "N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end),
data_race(n_heavy_reader_ofl_updates),
data_race(n_heavy_reader_updates),
data_race(n_heavy_reader_attempts));
Reported by FlawFinder.
Line: 1284
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
char buf[64];
sprintf(buf, "N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end),
data_race(n_heavy_reader_ofl_updates),
data_race(n_heavy_reader_updates),
data_race(n_heavy_reader_attempts));
show_rcu_tasks_generic_gp_kthread(&rcu_tasks_trace, buf);
}
Reported by FlawFinder.
net/l2tp/l2tp_eth.c
2 issues
Line: 260
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strlcpy(name, cfg->ifname, IFNAMSIZ);
name_assign_type = NET_NAME_USER;
} else {
strcpy(name, L2TP_ETH_DEV_NAME);
name_assign_type = NET_NAME_ENUM;
}
session = l2tp_session_create(sizeof(*spriv), tunnel, session_id,
peer_session_id, cfg);
Reported by FlawFinder.
Line: 250
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned char name_assign_type;
struct net_device *dev;
char name[IFNAMSIZ];
struct l2tp_session *session;
struct l2tp_eth *priv;
struct l2tp_eth_sess *spriv;
int rc;
Reported by FlawFinder.