The following issues were found
include/net/netns/ipv4.h
1 issues
Line: 35
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct inet_timewait_death_row {
atomic_t tw_count;
char tw_pad[L1_CACHE_BYTES - sizeof(atomic_t)];
struct inet_hashinfo *hashinfo;
int sysctl_max_tw_buckets;
};
Reported by FlawFinder.
include/net/netlink.h
1 issues
Line: 1477
Column: 32
CWE codes:
126
static inline int nla_put_string(struct sk_buff *skb, int attrtype,
const char *str)
{
return nla_put(skb, attrtype, strlen(str) + 1, str);
}
/**
* nla_put_flag - Add a flag netlink attribute to a socket buffer
* @skb: socket buffer to add attribute to
Reported by FlawFinder.
net/ipv6/datagram.c
1 issues
Line: 502
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*addr_len = sizeof(*sin);
}
memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err));
sin = &errhdr.offender;
memset(sin, 0, sizeof(*sin));
if (ip6_datagram_support_cmsg(skb, serr)) {
sin->sin6_family = AF_INET6;
Reported by FlawFinder.
include/net/netfilter/xt_rateest.h
1 issues
Line: 16
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* following fields not accessed in hot path */
unsigned int refcnt;
struct hlist_node list;
char name[IFNAMSIZ];
struct gnet_estimator params;
struct rcu_head rcu;
/* keep this field far away to speedup xt_rateest_mt() */
struct net_rate_estimator __rcu *rate_est;
Reported by FlawFinder.
include/net/netfilter/nf_tables.h
1 issues
Line: 161
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
if (len % NFT_REG32_SIZE)
dst[len / NFT_REG32_SIZE] = 0;
memcpy(dst, src, len);
}
/**
* struct nft_ctx - nf_tables rule/set context
*
Reported by FlawFinder.
net/ipv6/icmp.c
1 issues
Line: 286
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
icmp6h = icmp6_hdr(skb);
memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
icmp6h->icmp6_cksum = 0;
if (skb_queue_len(&sk->sk_write_queue) == 1) {
skb->csum = csum_partial(icmp6h,
sizeof(struct icmp6hdr), skb->csum);
Reported by FlawFinder.
include/net/netfilter/nf_conntrack_timeout.h
1 issues
Line: 24
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head head;
struct rcu_head rcu_head;
refcount_t refcnt;
char name[CTNL_TIMEOUT_NAME_MAX];
struct nf_ct_timeout timeout;
};
struct nf_conn_timeout {
struct nf_ct_timeout __rcu *timeout;
Reported by FlawFinder.
net/nfc/nci/spi.c
1 issues
Line: 177
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct sk_buff *skb;
struct spi_message m;
unsigned char req[2], resp_hdr[2];
struct spi_transfer tx, rx;
unsigned short rx_len = 0;
int ret;
spi_message_init(&m);
Reported by FlawFinder.
include/net/netfilter/nf_conntrack_expect.h
1 issues
Line: 73
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nf_conntrack_expect_policy {
unsigned int max_expected;
unsigned int timeout;
char name[NF_CT_EXP_POLICY_NAME_LEN];
};
#define NF_CT_EXPECT_CLASS_DEFAULT 0
#define NF_CT_EXPECT_MAX_CNT 255
Reported by FlawFinder.
include/net/mrp.h
1 issues
Line: 108
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum mrp_applications type;
unsigned int maxattr;
struct packet_type pkttype;
unsigned char group_address[ETH_ALEN];
u8 version;
};
struct mrp_applicant {
struct mrp_application *app;
Reported by FlawFinder.