The following issues were found
drivers/staging/rtl8192u/r8192U_wx.c
2 issues
Line: 337
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int len = min_t(int, req->essid_len, IW_ESSID_MAX_SIZE);
ieee->current_network.ssid_len = len;
memcpy(ieee->current_network.ssid, req->essid, len);
}
}
mutex_lock(&priv->wx_mutex);
if (priv->ieee80211->state != IEEE80211_LINKED) {
Reported by FlawFinder.
Line: 737
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ieee->pairwise_key_type = alg;
EnableHWSecurityConfig8192(dev);
}
memcpy((u8 *)key, ext->key, 16); /* we only get 16 bytes key.why? WB 2008.7.1 */
if ((alg & KEY_TYPE_WEP40) && (ieee->auth_mode != 2)) {
setKey(dev,
idx, /* EntryNao */
idx, /* KeyIndex */
Reported by FlawFinder.
drivers/usb/misc/adutux.c
2 issues
Line: 75
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct usb_device *udev; /* save off the usb device pointer */
struct usb_interface *interface;
unsigned int minor; /* the starting minor number for this device */
char serial_number[8];
int open_count; /* number of times this port has been opened */
unsigned long disconnected:1;
char *read_buffer_primary;
Reported by FlawFinder.
Line: 181
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (dev->read_buffer_length <
(4 * usb_endpoint_maxp(dev->interrupt_in_endpoint)) -
(urb->actual_length)) {
memcpy (dev->read_buffer_primary +
dev->read_buffer_length,
dev->interrupt_in_buffer, urb->actual_length);
dev->read_buffer_length += urb->actual_length;
dev_dbg(&dev->udev->dev, "%s reading %d\n", __func__,
Reported by FlawFinder.
drivers/target/loopback/tcm_loop.h
2 issues
Line: 21
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct se_cmd tl_se_cmd;
struct completion tmr_done;
/* Sense buffer that will be mapped into outgoing status */
unsigned char tl_sense_buf[TRANSPORT_SENSE_BUFFER];
};
struct tcm_loop_nexus {
/*
* Pointer to TCM session for I_T Nexus
Reported by FlawFinder.
Line: 46
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tcm_loop_hba {
u8 tl_proto_id;
unsigned char tl_wwn_address[TL_WWN_ADDR_LEN];
struct se_hba_s *se_hba;
struct se_lun *tl_hba_lun;
struct se_port *tl_hba_lun_sep;
struct device dev;
struct Scsi_Host *sh;
Reported by FlawFinder.
drivers/target/iscsi/iscsi_target_parameters.h
2 issues
Line: 9
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <scsi/iscsi_proto.h>
struct iscsi_extra_response {
char key[KEY_MAXLEN];
char value[32];
struct list_head er_list;
} ____cacheline_aligned;
struct iscsi_param {
Reported by FlawFinder.
Line: 10
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iscsi_extra_response {
char key[KEY_MAXLEN];
char value[32];
struct list_head er_list;
} ____cacheline_aligned;
struct iscsi_param {
char *name;
Reported by FlawFinder.
drivers/staging/iio/frequency/ad9834.c
2 issues
Line: 294
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
str = "sine triangle";
return sprintf(buf, "%s\n", str);
}
static IIO_DEVICE_ATTR(out_altvoltage0_out0_wavetype_available, 0444,
ad9834_show_out0_wavetype_available, NULL, 0);
Reported by FlawFinder.
Line: 314
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
str = "square";
return sprintf(buf, "%s\n", str);
}
static IIO_DEVICE_ATTR(out_altvoltage0_out1_wavetype_available, 0444,
ad9834_show_out1_wavetype_available, NULL, 0);
Reported by FlawFinder.
drivers/usb/misc/uss720.c
2 issues
Line: 196
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct parport_uss720_private *priv;
struct uss720_async_request *rq;
static const unsigned char regindex[9] = {
4, 0, 1, 5, 5, 0, 2, 3, 6
};
int ret;
if (!pp)
Reported by FlawFinder.
Line: 326
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (usbstatus != 0 || len < 4 || !buffer)
return 1;
memcpy(priv->reg, buffer, 4);
/* if nAck interrupts are enabled and we have an interrupt, call the interrupt procedure */
if (priv->reg[2] & priv->reg[1] & 0x10)
parport_generic_irq(pp);
return 1;
}
Reported by FlawFinder.
drivers/usb/misc/yurex.c
2 issues
Line: 404
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct usb_yurex *dev;
int len = 0;
char in_buffer[20];
unsigned long flags;
dev = file->private_data;
mutex_lock(&dev->io_mutex);
Reported by FlawFinder.
Line: 431
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct usb_yurex *dev;
int i, set = 0, retval = 0;
char buffer[16 + 1];
char *data = buffer;
unsigned long long c, c2 = 0;
signed long timeout = 0;
DEFINE_WAIT(wait);
Reported by FlawFinder.
drivers/soc/ux500/ux500-soc-id.c
2 issues
Line: 153
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
process_show(struct device *dev, struct device_attribute *attr, char *buf)
{
if (dbx500_id.process == 0x00)
return sprintf(buf, "Standard\n");
return sprintf(buf, "%02xnm\n", dbx500_id.process);
}
static DEVICE_ATTR_RO(process);
Reported by FlawFinder.
Line: 155
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (dbx500_id.process == 0x00)
return sprintf(buf, "Standard\n");
return sprintf(buf, "%02xnm\n", dbx500_id.process);
}
static DEVICE_ATTR_RO(process);
static struct attribute *ux500_soc_attrs[] = {
Reported by FlawFinder.
drivers/tty/serial/omap-serial.c
2 issues
Line: 149
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
unsigned int lsr_break_flag;
unsigned char msr_saved_flags;
char name[20];
unsigned long port_activity;
int context_loss_cnt;
u32 errata;
u32 features;
Reported by FlawFinder.
Line: 1717
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
goto err_rs485;
sprintf(up->name, "OMAP UART%d", up->port.line);
up->port.mapbase = mem->start;
up->port.membase = base;
up->port.flags = omap_up_info->flags;
up->port.uartclk = omap_up_info->uartclk;
up->port.rs485_config = serial_omap_config_rs485;
Reported by FlawFinder.
drivers/usb/gadget/config.c
2 issues
Line: 48
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len > buflen)
return -EINVAL;
memcpy(dest, *src, len);
buflen -= len;
dest += len;
}
return dest - (u8 *)buf;
}
Reported by FlawFinder.
Line: 147
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = mem;
mem += (n_desc + 1) * sizeof(*tmp);
while (*src) {
memcpy(mem, *src, (*src)->bLength);
*tmp = mem;
tmp++;
mem += (*src)->bLength;
src++;
}
Reported by FlawFinder.