The following issues were found
net/mac80211/ieee80211_i.h
2 issues
Line: 891
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long state;
char name[IFNAMSIZ];
struct ieee80211_fragment_cache frags;
/* TID bitmap for NoAck policy */
u16 noack_map;
Reported by FlawFinder.
Line: 1075
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef CONFIG_MAC80211_LEDS
struct tpt_led_trigger {
char name[32];
const struct ieee80211_tpt_blink *blink_table;
unsigned int blink_table_len;
struct timer_list timer;
struct ieee80211_local *local;
unsigned long prev_traffic;
Reported by FlawFinder.
lib/buildid.c
2 issues
Line: 31
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
!strcmp((char *)(nhdr + 1), "GNU") &&
nhdr->n_descsz > 0 &&
nhdr->n_descsz <= BUILD_ID_SIZE_MAX) {
memcpy(build_id,
note_start + note_offs +
ALIGN(sizeof("GNU"), 4) + sizeof(Elf32_Nhdr),
nhdr->n_descsz);
memset(build_id + nhdr->n_descsz, 0,
BUILD_ID_SIZE_MAX - nhdr->n_descsz);
Reported by FlawFinder.
Line: 178
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
#if IS_ENABLED(CONFIG_STACKTRACE_BUILD_ID) || IS_ENABLED(CONFIG_CRASH_CORE)
unsigned char vmlinux_build_id[BUILD_ID_SIZE_MAX] __ro_after_init;
/**
* init_vmlinux_build_id - Compute and stash the running kernel's build ID
*/
void __init init_vmlinux_build_id(void)
Reported by FlawFinder.
include/net/bluetooth/hci_core.h
2 issues
Line: 309
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head list;
struct mutex lock;
char name[8];
unsigned long flags;
__u16 id;
__u8 bus;
__u8 dev_type;
bdaddr_t bdaddr;
Reported by FlawFinder.
Line: 595
Column: 8
CWE codes:
362
bool aosp_capable;
#endif
int (*open)(struct hci_dev *hdev);
int (*close)(struct hci_dev *hdev);
int (*flush)(struct hci_dev *hdev);
int (*setup)(struct hci_dev *hdev);
int (*shutdown)(struct hci_dev *hdev);
int (*send)(struct hci_dev *hdev, struct sk_buff *skb);
Reported by FlawFinder.
net/caif/chnl_net.c
2 issues
Line: 49
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct caif_connect_request conn_req;
struct list_head list_field;
struct net_device *netdev;
char name[256];
wait_queue_head_t netmgmt_wq;
/* Flow status to remember and control the transmission. */
bool flowenabled;
enum caif_states state;
};
Reported by FlawFinder.
Line: 366
Column: 2
CWE codes:
120
struct chnl_net *priv;
ASSERT_RTNL();
priv = netdev_priv(dev);
strncpy(priv->name, dev->name, sizeof(priv->name));
return 0;
}
static void chnl_net_uninit(struct net_device *dev)
{
Reported by FlawFinder.
include/uapi/linux/if_vlan.h
2 issues
Line: 52
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct vlan_ioctl_args {
int cmd; /* Should be one of the vlan_ioctl_cmds enum above. */
char device1[24];
union {
char device2[24];
int VID;
unsigned int skb_priority;
Reported by FlawFinder.
Line: 55
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char device1[24];
union {
char device2[24];
int VID;
unsigned int skb_priority;
unsigned int name_type;
unsigned int bind_type;
unsigned int flag; /* Matches vlan_dev_priv flags */
Reported by FlawFinder.
include/net/addrconf.h
2 issues
Line: 132
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void addrconf_addr_eui48_base(u8 *eui, const char *const addr)
{
memcpy(eui, addr, 3);
eui[3] = 0xFF;
eui[4] = 0xFE;
memcpy(eui + 5, addr + 3, 3);
}
Reported by FlawFinder.
Line: 135
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(eui, addr, 3);
eui[3] = 0xFF;
eui[4] = 0xFE;
memcpy(eui + 5, addr + 3, 3);
}
static inline void addrconf_addr_eui48(u8 *eui, const char *const addr)
{
addrconf_addr_eui48_base(eui, addr);
Reported by FlawFinder.
include/trace/events/fsi.h
2 issues
Line: 57
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->addr = addr;
__entry->size = size;
__entry->data = 0;
memcpy(&__entry->data, data, size);
),
TP_printk("fsi%d:%02d:%02d %08x[%zu] <= {%*ph}",
__entry->master_idx,
__entry->link,
__entry->id,
Reported by FlawFinder.
Line: 94
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->data = 0;
__entry->ret = ret;
if (__entry->write || !__entry->ret)
memcpy(&__entry->data, data, size);
),
TP_printk("fsi%d:%02d:%02d %08x[%zu] %s {%*ph} ret %d",
__entry->master_idx,
__entry->link,
__entry->id,
Reported by FlawFinder.
include/uapi/linux/cciss_ioctl.h
2 issues
Line: 26
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 count;
} cciss_coalint_struct;
typedef char NodeName_type[16];
typedef __u32 Heartbeat_type;
#define CISS_PARSCSIU2 0x0001
#define CISS_PARCSCIU3 0x0002
Reported by FlawFinder.
Line: 36
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define CISS_FIBRE2G 0x0200
typedef __u32 BusTypes_type;
typedef char FirmwareVer_type[4];
typedef __u32 DriverVer_type;
#define MAX_KMALLOC_SIZE 128000
typedef struct _IOCTL_Command_struct {
Reported by FlawFinder.
include/net/9p/client.h
2 issues
Line: 127
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct idr fids;
struct idr reqs;
char name[__NEW_UTS_LEN + 1];
};
/**
* struct p9_fid - file system entity handle
* @clnt: back pointer to instantiating &p9_client
Reported by FlawFinder.
Line: 176
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct p9_qid qid;
u64 d_off;
unsigned char d_type;
char d_name[256];
};
struct iov_iter;
int p9_show_client_options(struct seq_file *m, struct p9_client *clnt);
Reported by FlawFinder.
lib/cmdline.c
2 issues
Line: 206
Column: 29
CWE codes:
126
bool parse_option_str(const char *str, const char *option)
{
while (*str) {
if (!strncmp(str, option, strlen(option))) {
str += strlen(option);
if (!*str || *str == ',')
return true;
}
Reported by FlawFinder.
Line: 207
Column: 11
CWE codes:
126
{
while (*str) {
if (!strncmp(str, option, strlen(option))) {
str += strlen(option);
if (!*str || *str == ',')
return true;
}
while (*str && *str != ',')
Reported by FlawFinder.