The following issues were found
net/batman-adv/bat_algo.c
2 issues
Line: 24
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "bat_algo.h"
#include "netlink.h"
char batadv_routing_algo[20] = "BATMAN_IV";
static struct hlist_head batadv_algo_list;
/**
* batadv_algo_init() - Initialize batman-adv algorithm management data
* structures
Reported by FlawFinder.
Line: 122
Column: 20
CWE codes:
126
{
struct batadv_algo_ops *bat_algo_ops;
char *algo_name = (char *)val;
size_t name_len = strlen(algo_name);
if (name_len > 0 && algo_name[name_len - 1] == '\n')
algo_name[name_len - 1] = '\0';
bat_algo_ops = batadv_algo_get(algo_name);
Reported by FlawFinder.
include/video/da8xx-fb.h
2 issues
Line: 32
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct da8xx_lcdc_platform_data {
const char manu_name[10];
void *controller_data;
const char type[25];
};
struct lcd_ctrl_config {
Reported by FlawFinder.
Line: 34
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct da8xx_lcdc_platform_data {
const char manu_name[10];
void *controller_data;
const char type[25];
};
struct lcd_ctrl_config {
enum panel_shade panel_shade;
Reported by FlawFinder.
kernel/trace/trace_benchmark.c
2 issues
Line: 12
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct task_struct *bm_event_thread;
static char bm_str[BENCHMARK_EVENT_STRLEN] = "START";
static u64 bm_total;
static u64 bm_totalsq;
static u64 bm_last;
static u64 bm_max;
Reported by FlawFinder.
Line: 208
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
kthread_stop(bm_event_thread);
bm_event_thread = NULL;
strcpy(bm_str, "START");
bm_total = 0;
bm_totalsq = 0;
bm_last = 0;
bm_max = 0;
bm_min = 0;
Reported by FlawFinder.
net/netfilter/nft_payload.c
2 issues
Line: 67
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (offset + len > VLAN_ETH_HLEN + vlan_hlen)
ethlen -= offset + len - VLAN_ETH_HLEN + vlan_hlen;
memcpy(dst_u8, vlanh + offset - vlan_hlen, ethlen);
len -= ethlen;
if (len == 0)
return true;
Reported by FlawFinder.
Line: 191
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mask.data[k] = (__force u32)remainder_mask;
}
memcpy(®->mask, &mask, field_len);
return true;
}
static int nft_payload_offload_ll(struct nft_offload_ctx *ctx,
Reported by FlawFinder.
include/uapi/linux/romfs_fs.h
2 issues
Line: 30
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be32 word1;
__be32 size;
__be32 checksum;
char name[0]; /* volume name */
};
/* On disk inode */
struct romfs_inode {
Reported by FlawFinder.
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be32 spec;
__be32 size;
__be32 checksum;
char name[0];
};
#define ROMFH_TYPE 7
#define ROMFH_HRD 0
#define ROMFH_DIR 1
Reported by FlawFinder.
net/netfilter/nfnetlink_acct.c
2 issues
Line: 35
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long flags;
struct list_head head;
refcount_t refcnt;
char name[NFACCT_NAME_MAX];
struct rcu_head rcu_head;
char data[];
};
struct nfacct_filter {
Reported by FlawFinder.
Line: 72
Column: 6
CWE codes:
126
return -EINVAL;
acct_name = nla_data(tb[NFACCT_NAME]);
if (strlen(acct_name) == 0)
return -EINVAL;
list_for_each_entry(nfacct, &nfnl_acct_net->nfnl_acct_list, head) {
if (strncmp(nfacct->name, acct_name, NFACCT_NAME_MAX) != 0)
continue;
Reported by FlawFinder.
include/uapi/sound/skl-tplg-interface.h
2 issues
Line: 154
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 rsvd:30;
__u32 param_id;
__u32 max;
char params[0];
} __packed;
enum skl_tkn_dir {
SKL_DIR_IN,
SKL_DIR_OUT
Reported by FlawFinder.
Line: 202
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} __packed;
struct skl_dfw_v4_module {
char uuid[SKL_UUID_STR_SZ];
__u16 module_id;
__u16 instance_id;
__u32 max_mcps;
__u32 mem_pages;
Reported by FlawFinder.
net/hsr/hsr_main.h
2 issues
Line: 108
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} __packed;
struct hsr_sup_payload {
unsigned char macaddress_A[ETH_ALEN];
} __packed;
static inline void set_hsr_stag_path(struct hsr_sup_tag *hst, u16 path)
{
set_hsr_tag_path((struct hsr_tag *)hst, path);
Reported by FlawFinder.
Line: 215
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 net_id; /* for PRP, it occupies most significant 3 bits
* of lan_id
*/
unsigned char sup_multicast_addr[ETH_ALEN] __aligned(sizeof(u16));
/* Align to u16 boundary to avoid unaligned access
* in ether_addr_equal
*/
#ifdef CONFIG_DEBUG_FS
struct dentry *node_tbl_root;
Reported by FlawFinder.
net/batman-adv/fragmentation.c
2 issues
Line: 427
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Add the header */
skb_push(skb_fragment, header_size);
memcpy(skb_fragment->data, frag_head, header_size);
err:
return skb_fragment;
}
Reported by FlawFinder.
Line: 537
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto put_primary_if;
skb_push(skb, header_size);
memcpy(skb->data, &frag_header, header_size);
/* Send the last fragment */
batadv_inc_counter(bat_priv, BATADV_CNT_FRAG_TX);
batadv_add_counter(bat_priv, BATADV_CNT_FRAG_TX_BYTES,
skb->len + ETH_HLEN);
Reported by FlawFinder.
net/hsr/hsr_netlink.h
2 issues
Line: 23
Column: 54
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int __init hsr_netlink_init(void);
void __exit hsr_netlink_exit(void);
void hsr_nl_ringerror(struct hsr_priv *hsr, unsigned char addr[ETH_ALEN],
struct hsr_port *port);
void hsr_nl_nodedown(struct hsr_priv *hsr, unsigned char addr[ETH_ALEN]);
void hsr_nl_framedrop(int dropcount, int dev_idx);
void hsr_nl_linkdown(int dev_idx);
Reported by FlawFinder.
Line: 25
Column: 53
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void hsr_nl_ringerror(struct hsr_priv *hsr, unsigned char addr[ETH_ALEN],
struct hsr_port *port);
void hsr_nl_nodedown(struct hsr_priv *hsr, unsigned char addr[ETH_ALEN]);
void hsr_nl_framedrop(int dropcount, int dev_idx);
void hsr_nl_linkdown(int dev_idx);
#endif /* __HSR_NETLINK_H */
Reported by FlawFinder.