The following issues were found
include/net/pkt_cls.h
1 issues
Line: 516
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
tcf_change_indev(struct net *net, struct nlattr *indev_tlv,
struct netlink_ext_ack *extack)
{
char indev[IFNAMSIZ];
struct net_device *dev;
if (nla_strscpy(indev, indev_tlv, IFNAMSIZ) < 0) {
NL_SET_ERR_MSG_ATTR(extack, indev_tlv,
"Interface name too long");
Reported by FlawFinder.
net/ipv4/sysctl_net_ipv4.c
1 issues
Line: 227
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct net *net = container_of(ctl->data, struct net,
ipv4.tcp_congestion_control);
char val[TCP_CA_NAME_MAX];
struct ctl_table tbl = {
.data = val,
.maxlen = TCP_CA_NAME_MAX,
};
int ret;
Reported by FlawFinder.
include/linux/textsearch.h
1 issues
Line: 26
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ts_state
{
unsigned int offset;
char cb[48];
};
/**
* struct ts_ops - search module operations
* @name: name of search algorithm
Reported by FlawFinder.
net/ipv4/tcp_bpf.c
1 issues
Line: 258
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!psock->cork)
return -ENOMEM;
}
memcpy(psock->cork, msg, sizeof(*msg));
return 0;
}
tosend = msg->sg.size;
if (psock->apply_bytes && psock->apply_bytes < tosend)
Reported by FlawFinder.
include/linux/tee_drv.h
1 issues
Line: 100
Column: 8
CWE codes:
362
struct tee_driver_ops {
void (*get_version)(struct tee_device *teedev,
struct tee_ioctl_version_data *vers);
int (*open)(struct tee_context *ctx);
void (*release)(struct tee_context *ctx);
int (*open_session)(struct tee_context *ctx,
struct tee_ioctl_open_session_arg *arg,
struct tee_param *param);
int (*close_session)(struct tee_context *ctx, u32 session);
Reported by FlawFinder.
net/ipv4/tcp_diag.c
1 issues
Line: 44
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info->tcpm_family = key->family;
info->tcpm_prefixlen = key->prefixlen;
info->tcpm_keylen = key->keylen;
memcpy(info->tcpm_key, key->key, key->keylen);
if (key->family == AF_INET)
info->tcpm_addr[0] = key->addr.a4.s_addr;
#if IS_ENABLED(CONFIG_IPV6)
else if (key->family == AF_INET6)
Reported by FlawFinder.
net/nfc/nci/rsp.c
1 issues
Line: 63
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
min((int)ndev->num_supported_rf_interfaces,
NCI_MAX_SUPPORTED_RF_INTERFACES);
memcpy(ndev->supported_rf_interfaces,
rsp_1->supported_rf_interfaces,
ndev->num_supported_rf_interfaces);
rsp_2 = (void *) (skb->data + 6 + rsp_1->num_supported_rf_interfaces);
Reported by FlawFinder.
net/ipv4/udp.c
1 issues
Line: 1139
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rcu_read_lock();
inet_opt = rcu_dereference(inet->inet_opt);
if (inet_opt) {
memcpy(&opt_copy, inet_opt,
sizeof(*inet_opt) + inet_opt->opt.optlen);
ipc.opt = &opt_copy.opt;
}
rcu_read_unlock();
}
Reported by FlawFinder.
net/ipv4/xfrm4_policy.c
1 issues
Line: 226
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
int ret;
memcpy(&net->xfrm.xfrm4_dst_ops, &xfrm4_dst_ops_template,
sizeof(xfrm4_dst_ops_template));
ret = dst_entries_init(&net->xfrm.xfrm4_dst_ops);
if (ret)
return ret;
Reported by FlawFinder.
include/net/netrom.h
1 issues
Line: 111
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nr_node {
struct hlist_node node_node;
ax25_address callsign;
char mnemonic[7];
unsigned char which;
unsigned char count;
struct nr_route routes[3];
refcount_t refcount;
spinlock_t node_lock;
Reported by FlawFinder.