The following issues were found
net/ife/ife.c
2 issues
Line: 53
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iethh = (struct ethhdr *) skb->data;
__skb_push(skb, total_push);
memcpy(skb->data, iethh, skb->dev->hard_header_len);
skb_reset_mac_header(skb);
skboff += skb->dev->hard_header_len;
/* total metadata length */
ifehdr = (struct ifeheadr *) (skb->data + skboff);
Reported by FlawFinder.
Line: 167
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*tlv = htonl(htlv);
memset(dptr, 0, totlen - NLA_HDRLEN);
memcpy(dptr, dval, dlen);
return totlen;
}
EXPORT_SYMBOL_GPL(ife_tlv_meta_encode);
Reported by FlawFinder.
include/uapi/rdma/rdma_user_rxe.h
2 issues
Line: 108
Column: 11
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
__u32 mr_lkey;
__u32 mw_rkey;
__u32 rkey;
__u32 access;
} mw;
/* reg is only used by the kernel and is not part of the uapi */
#ifdef __KERNEL__
struct {
union {
Reported by FlawFinder.
Line: 118
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
__aligned_u64 reserved;
};
__u32 key;
__u32 access;
} reg;
#endif
} wr;
};
Reported by FlawFinder.
include/scsi/libfcoe.h
2 issues
Line: 252
Column: 32
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct fc_frame *);
/* libfcoe funcs */
u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN], unsigned int, unsigned int);
int fcoe_libfc_config(struct fc_lport *, struct fcoe_ctlr *,
const struct libfc_function_template *, int init_fcp);
u32 fcoe_fc_crc(struct fc_frame *fp);
int fcoe_start_io(struct sk_buff *skb);
int fcoe_get_wwn(struct net_device *netdev, u64 *wwn, int type);
Reported by FlawFinder.
Line: 303
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @disable: handler to sysfs entry of disable for FCoE instances
*/
struct fcoe_transport {
char name[IFNAMSIZ];
bool attached;
struct list_head list;
bool (*match) (struct net_device *device);
int (*alloc) (struct net_device *device);
int (*create) (struct net_device *device, enum fip_mode fip_mode);
Reported by FlawFinder.
kernel/kcsan/debugfs.c
2 issues
Line: 226
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static ssize_t
debugfs_write(struct file *file, const char __user *buf, size_t count, loff_t *off)
{
char kbuf[KSYM_NAME_LEN];
char *arg;
int read_len = count < (sizeof(kbuf) - 1) ? count : (sizeof(kbuf) - 1);
if (copy_from_user(kbuf, buf, read_len))
return -EFAULT;
Reported by FlawFinder.
Line: 242
Column: 21
CWE codes:
126
} else if (str_has_prefix(arg, "microbench=")) {
unsigned long iters;
if (kstrtoul(&arg[strlen("microbench=")], 0, &iters))
return -EINVAL;
microbenchmark(iters);
} else if (!strcmp(arg, "whitelist")) {
set_report_filterlist_whitelist(true);
} else if (!strcmp(arg, "blacklist")) {
Reported by FlawFinder.
include/scsi/fcoe_sysfs.h
2 issues
Line: 53
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct fcoe_sysfs_function_template *f;
struct list_head fcfs;
char work_q_name[20];
struct workqueue_struct *work_q;
char devloss_work_q_name[20];
struct workqueue_struct *devloss_work_q;
struct mutex lock;
Reported by FlawFinder.
Line: 55
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head fcfs;
char work_q_name[20];
struct workqueue_struct *work_q;
char devloss_work_q_name[20];
struct workqueue_struct *devloss_work_q;
struct mutex lock;
int fcf_dev_loss_tmo;
enum fip_conn_type mode;
Reported by FlawFinder.
include/uapi/mtd/ubi-user.h
2 issues
Line: 346
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 flags;
__s16 name_len;
__s8 padding2[4];
char name[UBI_MAX_VOLUME_NAME + 1];
} __packed;
/**
* struct ubi_rsvol_req - a data structure used in volume re-size requests.
* @vol_id: ID of the volume to re-size
Reported by FlawFinder.
Line: 403
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__s32 vol_id;
__s16 name_len;
__s8 padding2[2];
char name[UBI_MAX_VOLUME_NAME + 1];
} ents[UBI_MAX_RNVOL];
} __packed;
/**
* struct ubi_leb_change_req - a data structure used in atomic LEB change
Reported by FlawFinder.
kernel/kexec_core.c
2 issues
Line: 829
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* For file based kexec, source pages are in kernel memory */
if (image->file_mode)
memcpy(ptr, kbuf, uchunk);
else
result = copy_from_user(ptr, buf, uchunk);
kunmap(page);
if (result) {
result = -EFAULT;
Reported by FlawFinder.
Line: 895
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* For file based kexec, source pages are in kernel memory */
if (image->file_mode)
memcpy(ptr, kbuf, uchunk);
else
result = copy_from_user(ptr, buf, uchunk);
kexec_flush_icache_page(page);
kunmap(page);
arch_kexec_pre_free_pages(page_address(page), 1);
Reported by FlawFinder.
include/uapi/mtd/nftl-user.h
2 issues
Line: 29
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Block Control Information */
struct nftl_bci {
unsigned char ECCSig[6];
__u8 Status;
__u8 Status1;
}__attribute__((packed));
/* Unit Control Information */
Reported by FlawFinder.
Line: 69
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* NFTL Media Header */
struct NFTLMediaHeader {
char DataOrgID[6];
__u16 NumEraseUnits;
__u16 FirstPhysicalEUN;
__u32 FormattedSize;
unsigned char UnitSizeFactor;
} __attribute__((packed));
Reported by FlawFinder.
kernel/kheaders.c
2 issues
Line: 51
CWE codes:
570
static int __init ikheaders_init(void)
{
kheaders_attr.size = (&kernel_headers_data_end -
&kernel_headers_data);
return sysfs_create_bin_file(kernel_kobj, &kheaders_attr);
}
static void __exit ikheaders_cleanup(void)
Reported by Cppcheck.
Line: 37
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct bin_attribute *bin_attr,
char *buf, loff_t off, size_t len)
{
memcpy(buf, &kernel_headers_data + off, len);
return len;
}
static struct bin_attribute kheaders_attr __ro_after_init = {
.attr = {
Reported by FlawFinder.
lib/zlib_inflate/infutil.h
2 issues
Line: 26
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct inflate_state inflate_state;
#ifdef CONFIG_ZLIB_DFLTCC
struct dfltcc_state dfltcc_state;
unsigned char working_window[(1 << MAX_WBITS) + PAGE_SIZE];
#else
unsigned char working_window[(1 << MAX_WBITS)];
#endif
};
Reported by FlawFinder.
Line: 28
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dfltcc_state dfltcc_state;
unsigned char working_window[(1 << MAX_WBITS) + PAGE_SIZE];
#else
unsigned char working_window[(1 << MAX_WBITS)];
#endif
};
#ifdef CONFIG_ZLIB_DFLTCC
/* dfltcc_state must be doubleword aligned for DFLTCC call */
Reported by FlawFinder.