The following issues were found
drivers/scsi/bfa/bfa_fcpim.c
2 issues
Line: 2267
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return BFA_STATUS_FAILED;
lun_mask = bfa_get_lun_mask(bfa);
memcpy(buf, lun_mask, sizeof(struct bfa_lunmask_cfg_s));
return BFA_STATUS_OK;
}
bfa_status_t
bfa_fcpim_lunmask_add(struct bfa_s *bfa, u16 vf_id, wwn_t *pwwn,
Reported by FlawFinder.
Line: 3894
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!throttle.cfg_value)
throttle.cfg_value = throttle.cur_value;
throttle.max_value = (u16)(fcpim->fcp->max_ioim_reqs);
memcpy(buf, &throttle, sizeof(struct bfa_defs_fcpim_throttle_s));
return BFA_STATUS_OK;
}
Reported by FlawFinder.
drivers/scsi/bnx2fc/bnx2fc.h
2 issues
Line: 250
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int num_ofld_sess;
struct list_head vports;
char chip_num[BCM_CHIP_LEN];
};
struct bnx2fc_interface {
struct list_head list;
unsigned long if_flags;
Reported by FlawFinder.
Line: 485
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head list;
struct bnx2fc_rport *tgt;
struct fcoe_task_ctx_entry *task;
unsigned char rq_data[BNX2FC_RQ_BUF_SZ];
u16 wqe;
u8 num_rq;
};
struct bnx2fc_unsol_els {
struct fc_lport *lport;
Reported by FlawFinder.
drivers/scsi/bnx2i/bnx2i_sysfs.c
2 issues
Line: 44
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct bnx2i_hba *hba = bnx2i_dev_to_hba(dev);
return sprintf(buf, "0x%x\n", hba->max_sqes);
}
/**
* bnx2i_set_sq_info - update send queue (SQ) size parameter
Reported by FlawFinder.
Line: 102
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct bnx2i_hba *hba = bnx2i_dev_to_hba(dev);
return sprintf(buf, "0x%x\n", hba->num_ccell);
}
/**
* bnx2i_set_ccell_info - set command cell (HQ) size
Reported by FlawFinder.
drivers/scsi/csiostor/csio_init.c
2 issues
Line: 978
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto err_lnode_exit;
}
sprintf(hw->fwrev_str, "%u.%u.%u.%u\n",
FW_HDR_FW_VER_MAJOR_G(hw->fwrev),
FW_HDR_FW_VER_MINOR_G(hw->fwrev),
FW_HDR_FW_VER_MICRO_G(hw->fwrev),
FW_HDR_FW_VER_BUILD_G(hw->fwrev));
Reported by FlawFinder.
Line: 525
Column: 2
CWE codes:
120
goto err;
hw->pdev = pdev;
strncpy(hw->drv_version, CSIO_DRV_VERSION, 32);
/* memory pool/DMA pool allocation */
if (csio_resource_alloc(hw))
goto err_free_hw;
Reported by FlawFinder.
drivers/scsi/csiostor/csio_rnode.c
2 issues
Line: 538
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy wwnn, wwpn and nport id */
rn->nport_id = (ntohl(*did) >> 8) & CSIO_DID_MASK;
memcpy(csio_rn_wwnn(rn), rdevp->wwnn, 8);
memcpy(csio_rn_wwpn(rn), rdevp->wwpn, 8);
rn->rn_sparm.csp.sp_bb_data = rdevp->rcv_fr_sz;
fc_class = FW_RDEV_WR_CLASS_GET(rdevp->vft_to_qos);
rn->rn_sparm.clsp[fc_class - 1].cp_class = htons(FC_CPC_VALID);
Reported by FlawFinder.
Line: 539
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy wwnn, wwpn and nport id */
rn->nport_id = (ntohl(*did) >> 8) & CSIO_DID_MASK;
memcpy(csio_rn_wwnn(rn), rdevp->wwnn, 8);
memcpy(csio_rn_wwpn(rn), rdevp->wwpn, 8);
rn->rn_sparm.csp.sp_bb_data = rdevp->rcv_fr_sz;
fc_class = FW_RDEV_WR_CLASS_GET(rdevp->vft_to_qos);
rn->rn_sparm.clsp[fc_class - 1].cp_class = htons(FC_CPC_VALID);
return 0;
Reported by FlawFinder.
drivers/scsi/csiostor/csio_wr.c
2 issues
Line: 960
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nbytes = ((wrp->size1 - wr_off) >= data_len) ?
data_len : (wrp->size1 - wr_off);
memcpy((uint8_t *) wrp->addr1 + wr_off, data_buf, nbytes);
data_len -= nbytes;
/* Write the remaining data from the begining of circular buffer */
if (data_len) {
CSIO_DB_ASSERT(data_len <= wrp->size2);
Reported by FlawFinder.
Line: 967
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (data_len) {
CSIO_DB_ASSERT(data_len <= wrp->size2);
CSIO_DB_ASSERT(wrp->addr2 != NULL);
memcpy(wrp->addr2, (uint8_t *) data_buf + nbytes, data_len);
}
}
/*
* csio_wr_issue - Notify chip of Work request.
Reported by FlawFinder.
drivers/scsi/cxlflash/lunmgt.c
2 issues
Line: 47
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lli->host_no = sdev->host->host_no;
lli->in_table = false;
memcpy(lli->wwid, wwid, DK_CXLFLASH_MANAGE_LUN_WWID_LEN);
out:
return lli;
}
/**
Reported by FlawFinder.
Line: 72
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
mutex_init(&gli->mutex);
memcpy(gli->wwid, wwid, DK_CXLFLASH_MANAGE_LUN_WWID_LEN);
out:
return gli;
}
/**
Reported by FlawFinder.
drivers/scsi/device_handler/scsi_dh_hp_sw.c
2 issues
Line: 83
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int hp_sw_tur(struct scsi_device *sdev, struct hp_sw_dh_data *h)
{
unsigned char cmd[6] = { TEST_UNIT_READY };
struct scsi_sense_hdr sshdr;
int ret = SCSI_DH_OK, res;
u64 req_flags = REQ_FAILFAST_DEV | REQ_FAILFAST_TRANSPORT |
REQ_FAILFAST_DRIVER;
Reported by FlawFinder.
Line: 119
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int hp_sw_start_stop(struct hp_sw_dh_data *h)
{
unsigned char cmd[6] = { START_STOP, 0, 0, 0, 1, 0 };
struct scsi_sense_hdr sshdr;
struct scsi_device *sdev = h->sdev;
int res, rc = SCSI_DH_OK;
int retry_cnt = HP_SW_RETRIES;
u64 req_flags = REQ_FAILFAST_DEV | REQ_FAILFAST_TRANSPORT |
Reported by FlawFinder.
drivers/scsi/dpt/dpti_i2o.h
2 issues
Line: 71
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct i2o_device *next; /* Chain */
struct i2o_device *prev;
char dev_name[8]; /* linux /dev name if available */
i2o_lct_entry lct_data;/* Device LCT information */
u32 flags;
struct proc_dir_entry* proc_entry; /* /proc dir */
struct adpt_device *owner;
struct _adpt_hba *controller; /* Controlling IOP */
Reported by FlawFinder.
Line: 85
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct i2o_controller
{
char name[16];
int unit;
int type;
int enabled;
struct notifier_block *event_notifer; /* Events */
Reported by FlawFinder.
drivers/scsi/dpt/dptsig.h
2 issues
Line: 293
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
typedef struct dpt_sig {
char dsSignature[6]; /* ALWAYS "dPtSiG" */
sigBYTE dsSigVersion; /* signature version (currently 1) */
sigBYTE dsProcessorFamily; /* what type of processor */
sigBYTE dsProcessor; /* precise processor */
sigBYTE dsFiletype; /* type of file */
sigBYTE dsFiletypeFlags; /* flags to specify load type, etc. */
Reported by FlawFinder.
Line: 313
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
sigBYTE dsDay; /* creation day */
sigBYTE dsYear; /* creation year since 1980 (1993=13) */
/* description (NULL terminated) */
char dsDescription[dsDescription_size];
} dpt_sig_S;
/* 32 bytes minimum - with no description. Put NULL at description[0] */
/* 81 bytes maximum - with 49 character description plus NULL. */
/* This line added at Roycroft's request */
Reported by FlawFinder.