The following issues were found
include/net/mac802154.h
1 issues
Line: 249
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_mac_header(skb)) < IEEE802154_FC_LEN))
return cpu_to_le16(0);
memcpy(&fc, skb_mac_header(skb), IEEE802154_FC_LEN);
return fc;
}
/**
* ieee802154_skb_dst_pan - get the pointer to destination pan field
Reported by FlawFinder.
include/net/mac80211.h
1 issues
Line: 2717
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
static inline void SET_IEEE80211_PERM_ADDR(struct ieee80211_hw *hw, const u8 *addr)
{
memcpy(hw->wiphy->perm_addr, addr, ETH_ALEN);
}
static inline struct ieee80211_rate *
ieee80211_get_tx_rate(const struct ieee80211_hw *hw,
const struct ieee80211_tx_info *c)
Reported by FlawFinder.
include/net/llc.h
1 issues
Line: 31
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct llc_addr {
unsigned char lsap;
unsigned char mac[IFHWADDRLEN];
};
#define LLC_SAP_STATE_INACTIVE 1
#define LLC_SAP_STATE_ACTIVE 2
Reported by FlawFinder.
net/rds/transport.c
1 issues
Line: 52
Column: 9
CWE codes:
126
void rds_trans_register(struct rds_transport *trans)
{
BUG_ON(strlen(trans->t_name) + 1 > TRANSNAMSIZ);
down_write(&rds_trans_sem);
if (transports[trans->t_type])
printk(KERN_ERR "RDS Transport type %d already registered\n",
Reported by FlawFinder.
net/ipv6/netfilter/ip6t_rpfilter.c
1 issues
Line: 47
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int lookup_flags;
if (rpfilter_addr_unicast(&iph->daddr)) {
memcpy(&fl6.saddr, &iph->daddr, sizeof(struct in6_addr));
lookup_flags = RT6_LOOKUP_F_HAS_SADDR;
} else {
lookup_flags = 0;
}
Reported by FlawFinder.
net/nfc/netlink.c
1 issues
Line: 1219
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nfc_dev *dev;
int rc;
u32 idx;
char firmware_name[NFC_FIRMWARE_NAME_MAXSIZE + 1];
if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || !info->attrs[NFC_ATTR_FIRMWARE_NAME])
return -EINVAL;
idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
Reported by FlawFinder.
net/nsh/nsh.c
1 issues
Line: 34
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_push(skb, length);
nh = (struct nshhdr *)(skb->data);
memcpy(nh, pushed_nh, length);
nh->np = next_proto;
skb_postpush_rcsum(skb, nh, length);
skb->protocol = htons(ETH_P_NSH);
skb_reset_mac_header(skb);
Reported by FlawFinder.
include/net/lapb.h
1 issues
Line: 77
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short nr, ns; /* N(R), N(S) */
unsigned char cr; /* Command/Response */
unsigned char pf; /* Poll/Final */
unsigned char control[2]; /* Original control data*/
};
/*
* The per LAPB connection control structure.
*/
Reported by FlawFinder.
net/ipv6/seg6.c
1 issues
Line: 149
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out_unlock;
}
memcpy(hinfo->secret, secret, slen);
hinfo->slen = slen;
hinfo->alg_id = algid;
hinfo->hmackeyid = hmackeyid;
err = seg6_hmac_info_add(net, hmackeyid, hinfo);
Reported by FlawFinder.
include/net/ip6_tunnel.h
1 issues
Line: 22
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define IP6_TNL_F_CAP_PER_PACKET 0x40000
struct __ip6_tnl_parm {
char name[IFNAMSIZ]; /* name of tunnel device */
int link; /* ifindex of underlying L2 interface */
__u8 proto; /* tunnel protocol */
__u8 encap_limit; /* encapsulation limit for tunnel */
__u8 hop_limit; /* hop limit for tunnel */
bool collect_md;
Reported by FlawFinder.