The following issues were found
net/netfilter/nft_xfrm.c
2 issues
Line: 138
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*dest = state->id.daddr.a4;
return;
case NFT_XFRM_KEY_DADDR_IP6:
memcpy(dest, &state->id.daddr.in6, sizeof(struct in6_addr));
return;
case NFT_XFRM_KEY_SADDR_IP4:
*dest = state->props.saddr.a4;
return;
case NFT_XFRM_KEY_SADDR_IP6:
Reported by FlawFinder.
Line: 144
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*dest = state->props.saddr.a4;
return;
case NFT_XFRM_KEY_SADDR_IP6:
memcpy(dest, &state->props.saddr.in6, sizeof(struct in6_addr));
return;
case NFT_XFRM_KEY_REQID:
*dest = state->props.reqid;
return;
case NFT_XFRM_KEY_SPI:
Reported by FlawFinder.
net/core/netprio_cgroup.c
2 issues
Line: 74
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
if (old)
memcpy(new->priomap, old->priomap,
old->priomap_len * sizeof(old->priomap[0]));
new->priomap_len = new_len;
/* install the new priomap */
Reported by FlawFinder.
Line: 198
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static ssize_t write_priomap(struct kernfs_open_file *of,
char *buf, size_t nbytes, loff_t off)
{
char devname[IFNAMSIZ + 1];
struct net_device *dev;
u32 prio;
int ret;
if (sscanf(buf, "%"__stringify(IFNAMSIZ)"s %u", devname, &prio) != 2)
Reported by FlawFinder.
include/sound/opl3.h
2 issues
Line: 237
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Instrument data */
struct fm_instrument {
struct fm_operator op[4];
unsigned char feedback_connection[2];
unsigned char echo_delay;
unsigned char echo_atten;
unsigned char chorus_spread;
unsigned char trnsps;
unsigned char fix_dur;
Reported by FlawFinder.
Line: 257
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char bank;
unsigned char type;
struct fm_instrument inst;
char name[24];
struct fm_patch *next;
};
/*
Reported by FlawFinder.
net/netfilter/nf_conntrack_core.c
2 issues
Line: 2161
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ct = nf_ct_get(skb, &ctinfo);
if (ct) {
src_tuple = nf_ct_tuple(ct, CTINFO2DIR(ctinfo));
memcpy(dst_tuple, src_tuple, sizeof(*dst_tuple));
return true;
}
if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb),
NFPROTO_IPV4, dev_net(skb->dev),
Reported by FlawFinder.
Line: 2178
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ct = nf_ct_tuplehash_to_ctrack(hash);
src_tuple = nf_ct_tuple(ct, !hash->tuple.dst.dir);
memcpy(dst_tuple, src_tuple, sizeof(*dst_tuple));
nf_ct_put(ct);
return true;
}
Reported by FlawFinder.
net/netfilter/nf_conntrack_expect.c
2 issues
Line: 322
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
exp->tuple.dst.protonum = proto;
if (saddr) {
memcpy(&exp->tuple.src.u3, saddr, len);
if (sizeof(exp->tuple.src.u3) > len)
/* address needs to be cleared for nf_ct_tuple_equal */
memset((void *)&exp->tuple.src.u3 + len, 0x00,
sizeof(exp->tuple.src.u3) - len);
memset(&exp->mask.src.u3, 0xFF, len);
Reported by FlawFinder.
Line: 344
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
exp->mask.src.u.all = 0;
}
memcpy(&exp->tuple.dst.u3, daddr, len);
if (sizeof(exp->tuple.dst.u3) > len)
/* address needs to be cleared for nf_ct_tuple_equal */
memset((void *)&exp->tuple.dst.u3 + len, 0x00,
sizeof(exp->tuple.dst.u3) - len);
Reported by FlawFinder.
include/uapi/linux/netfilter/xt_nfacct.h
2 issues
Line: 10
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nf_acct;
struct xt_nfacct_match_info {
char name[NFACCT_NAME_MAX];
struct nf_acct *nfacct;
};
struct xt_nfacct_match_info_v1 {
char name[NFACCT_NAME_MAX];
Reported by FlawFinder.
Line: 15
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct xt_nfacct_match_info_v1 {
char name[NFACCT_NAME_MAX];
struct nf_acct *nfacct __attribute__((aligned(8)));
};
#endif /* _XT_NFACCT_MATCH_H */
Reported by FlawFinder.
include/linux/w1.h
2 issues
Line: 67
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct w1_slave {
struct module *owner;
unsigned char name[W1_MAXNAMELEN];
struct list_head w1_slave_entry;
struct w1_reg_num reg_num;
atomic_t refcnt;
int ttl;
unsigned long flags;
Reported by FlawFinder.
Line: 202
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct w1_master {
struct list_head w1_master_entry;
struct module *owner;
unsigned char name[W1_MAXNAMELEN];
/* list_mutex protects just slist and async_list so slaves can be
* searched for and async commands added while the master has
* w1_master.mutex locked and is operating on the bus.
* lock order w1_mlock, w1_master.mutex, w1_master.list_mutex
*/
Reported by FlawFinder.
net/core/scm.c
2 issues
Line: 169
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kgid_t gid;
if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct ucred)))
goto error;
memcpy(&creds, CMSG_DATA(cmsg), sizeof(struct ucred));
err = scm_check_creds(&creds);
if (err)
goto error;
p->creds.pid = creds.pid;
Reported by FlawFinder.
Line: 247
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cm->cmsg_level = level;
cm->cmsg_type = type;
cm->cmsg_len = cmlen;
memcpy(CMSG_DATA(cm), data, cmlen - sizeof(*cm));
}
cmlen = min(CMSG_SPACE(len), msg->msg_controllen);
msg->msg_control += cmlen;
msg->msg_controllen -= cmlen;
Reported by FlawFinder.
net/netfilter/nf_conntrack_irc.c
2 issues
Line: 170
Column: 35
CWE codes:
126
&iph->daddr, ntohs(th->dest));
for (i = 0; i < ARRAY_SIZE(dccprotos); i++) {
if (memcmp(data, dccprotos[i], strlen(dccprotos[i]))) {
/* no match */
continue;
}
data += strlen(dccprotos[i]);
pr_debug("DCC %s detected\n", dccprotos[i]);
Reported by FlawFinder.
Line: 174
Column: 12
CWE codes:
126
/* no match */
continue;
}
data += strlen(dccprotos[i]);
pr_debug("DCC %s detected\n", dccprotos[i]);
/* we have at least
* (19+MINMATCHLEN)-5-dccprotos[i].matchlen bytes valid
* data left (== 14/13 bytes) */
Reported by FlawFinder.
kernel/power/snapshot.c
2 issues
Line: 156
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct linked_page {
struct linked_page *next;
char data[LINKED_PAGE_DATA_SIZE];
} __packed;
/*
* List of "safe" pages (ie. pages that were not used by the image kernel
* before hibernation) that may be used as temporary storage for image kernel
Reported by FlawFinder.
Line: 2063
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifndef CONFIG_ARCH_HIBERNATION_HEADER
static int init_header_complete(struct swsusp_info *info)
{
memcpy(&info->uts, init_utsname(), sizeof(struct new_utsname));
info->version_code = LINUX_VERSION_CODE;
return 0;
}
static const char *check_image_kernel(struct swsusp_info *info)
Reported by FlawFinder.