The following issues were found
drivers/net/wireless/marvell/mwifiex/main.h
2 issues
Line: 649
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct wireless_dev wdev;
struct mwifiex_chan_freq_power cfp;
u32 versionstrsel;
char version_str[128];
#ifdef CONFIG_DEBUG_FS
struct dentry *dfs_dev_dir;
#endif
u16 current_key_index;
struct mutex async_mutex;
Reported by FlawFinder.
Line: 879
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mwifiex_private *priv[MWIFIEX_MAX_BSS_NUM];
u8 priv_num;
const struct firmware *firmware;
char fw_name[32];
int winner;
struct device *dev;
struct wiphy *wiphy;
u8 perm_addr[ETH_ALEN];
unsigned long work_flags;
Reported by FlawFinder.
drivers/net/wireless/marvell/mwifiex/sta_event.c
2 issues
Line: 215
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
priv->curr_bss_params.bss_descriptor.ssid.ssid,
priv->curr_bss_params.bss_descriptor.ssid.ssid_len);
memcpy(&priv->prev_ssid,
&priv->curr_bss_params.bss_descriptor.ssid,
sizeof(struct cfg80211_ssid));
memcpy(priv->prev_bssid,
priv->curr_bss_params.bss_descriptor.mac_address, ETH_ALEN);
Reported by FlawFinder.
Line: 219
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
&priv->curr_bss_params.bss_descriptor.ssid,
sizeof(struct cfg80211_ssid));
memcpy(priv->prev_bssid,
priv->curr_bss_params.bss_descriptor.mac_address, ETH_ALEN);
/* Need to erase the current SSID and BSSID info */
memset(&priv->curr_bss_params, 0x00, sizeof(priv->curr_bss_params));
Reported by FlawFinder.
drivers/net/wireless/marvell/mwifiex/sta_rx.c
2 issues
Line: 241
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (mwifiex_queuing_ra_based(priv) ||
(ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
local_rx_pd->flags & MWIFIEX_RXPD_FLAGS_TDLS_PACKET)) {
memcpy(ta, rx_pkt_hdr->eth803_hdr.h_source, ETH_ALEN);
if (local_rx_pd->flags & MWIFIEX_RXPD_FLAGS_TDLS_PACKET &&
local_rx_pd->priority < MAX_NUM_TID) {
sta_ptr = mwifiex_get_sta_entry(priv, ta);
if (sta_ptr)
sta_ptr->rx_seq[local_rx_pd->priority] =
Reported by FlawFinder.
Line: 256
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rx_pkt_type != PKT_TYPE_BAR &&
local_rx_pd->priority < MAX_NUM_TID)
priv->rx_seq[local_rx_pd->priority] = seq_num;
memcpy(ta, priv->curr_bss_params.bss_descriptor.mac_address,
ETH_ALEN);
}
/* Reorder and send to OS */
ret = mwifiex_11n_rx_reorder_pkt(priv, seq_num, local_rx_pd->priority,
Reported by FlawFinder.
drivers/net/wireless/mediatek/mt76/mt76.h
2 issues
Line: 709
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mt76_rate_power rate_power;
char alpha2[3];
enum nl80211_dfs_regions region;
u32 debugfs_reg;
struct led_classdev led_cdev;
Reported by FlawFinder.
Line: 715
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 debugfs_reg;
struct led_classdev led_cdev;
char led_name[32];
bool led_al;
u8 led_pin;
u8 csa_complete;
Reported by FlawFinder.
drivers/net/wireless/mediatek/mt76/mt7603/eeprom.c
2 issues
Line: 169
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (mt7603_check_eeprom(&dev->mt76) == 0)
mt7603_apply_cal_free_data(dev, dev->mt76.otp.data);
else
memcpy(dev->mt76.eeprom.data, dev->mt76.otp.data,
MT7603_EEPROM_SIZE);
}
eeprom = (u8 *)dev->mt76.eeprom.data;
dev->mphy.cap.has_2ghz = true;
Reported by FlawFinder.
Line: 175
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
eeprom = (u8 *)dev->mt76.eeprom.data;
dev->mphy.cap.has_2ghz = true;
memcpy(dev->mphy.macaddr, eeprom + MT_EE_MAC_ADDR, ETH_ALEN);
/* Check for 1SS devices */
dev->mphy.antenna_mask = 3;
if (FIELD_GET(MT_EE_NIC_CONF_0_RX_PATH, eeprom[MT_EE_NIC_CONF_0]) == 1 ||
FIELD_GET(MT_EE_NIC_CONF_0_TX_PATH, eeprom[MT_EE_NIC_CONF_0]) == 1 ||
Reported by FlawFinder.
drivers/net/wireless/mediatek/mt76/mt7615/debugfs.c
2 issues
Line: 409
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct mt7615_dev *dev = file->private_data;
char buf[32 * ((ETH_ALEN * 3) + 4) + 1];
u8 addr[ETH_ALEN];
int ofs = 0;
int i;
for (i = 0; i < 32; i++) {
Reported by FlawFinder.
Line: 437
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mt7615_dev *dev = file->private_data;
unsigned long idx = 0;
u8 addr[ETH_ALEN];
char buf[32];
char *p;
if (count > sizeof(buf))
return -EINVAL;
Reported by FlawFinder.
drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c
2 issues
Line: 338
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = mt7615_check_eeprom(&dev->mt76);
if (ret && dev->mt76.otp.data) {
memcpy(dev->mt76.eeprom.data, dev->mt76.otp.data,
MT7615_EEPROM_SIZE);
} else {
dev->flash_eeprom = true;
mt7615_cal_free_data(dev);
}
Reported by FlawFinder.
Line: 346
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
mt7615_eeprom_parse_hw_cap(dev);
memcpy(dev->mphy.macaddr, dev->mt76.eeprom.data + MT_EE_MAC_ADDR,
ETH_ALEN);
mt76_eeprom_override(&dev->mphy);
return 0;
Reported by FlawFinder.
drivers/net/wireless/mediatek/mt76/mt7615/init.c
2 issues
Line: 36
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return temperature;
/* display in millidegree celcius */
return sprintf(buf, "%u\n", temperature * 1000);
}
static SENSOR_DEVICE_ATTR(temp1_input, 0444, mt7615_thermal_show_temp,
NULL, 0);
Reported by FlawFinder.
Line: 483
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Make the secondary PHY MAC address local without overlapping with
* the usual MAC address allocation scheme on multiple virtual interfaces
*/
memcpy(mphy->macaddr, dev->mt76.eeprom.data + MT_EE_MAC_ADDR,
ETH_ALEN);
mphy->macaddr[0] |= 2;
mphy->macaddr[0] ^= BIT(7);
mt76_eeprom_override(mphy);
Reported by FlawFinder.
drivers/net/wireless/mediatek/mt76/mt7615/sdio_txrx.c
2 issues
Line: 248
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
&ple_sz))
break;
memcpy(sdio->xmit_buf[qid] + len, e->skb->data,
skb_headlen(e->skb));
len += skb_headlen(e->skb);
nframes++;
skb_walk_frags(e->skb, iter) {
Reported by FlawFinder.
Line: 254
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nframes++;
skb_walk_frags(e->skb, iter) {
memcpy(sdio->xmit_buf[qid] + len, iter->data,
iter->len);
len += iter->len;
nframes++;
}
Reported by FlawFinder.
drivers/net/wireless/mediatek/mt76/mt76x02_mac.c
2 issues
Line: 42
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (key->keylen > 32)
return MT76X02_CIPHER_NONE;
memcpy(key_data, key->key, key->keylen);
switch (key->cipher) {
case WLAN_CIPHER_SUITE_WEP40:
return MT76X02_CIPHER_WEP40;
case WLAN_CIPHER_SUITE_WEP104:
Reported by FlawFinder.
Line: 163
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
if (mac)
memcpy(addr.macaddr, mac, ETH_ALEN);
mt76_wr_copy(dev, MT_WCID_ADDR(idx), &addr, sizeof(addr));
}
EXPORT_SYMBOL_GPL(mt76x02_mac_wcid_setup);
Reported by FlawFinder.