The following issues were found
include/linux/usb.h
1 issues
Line: 628
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct usb_device {
int devnum;
char devpath[16];
u32 route;
enum usb_device_state state;
enum usb_device_speed speed;
unsigned int rx_lanes;
unsigned int tx_lanes;
Reported by FlawFinder.
kernel/bpf/arraymap.c
1 issues
Line: 315
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
if (array->map.map_type == BPF_MAP_TYPE_PERCPU_ARRAY) {
memcpy(this_cpu_ptr(array->pptrs[index & array->index_mask]),
value, map->value_size);
} else {
val = array->value +
array->elem_size * (index & array->index_mask);
if (map_flags & BPF_F_LOCK)
Reported by FlawFinder.
kernel/bpf/bpf_local_storage.c
1 issues
Line: 74
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
GFP_ATOMIC | __GFP_NOWARN);
if (selem) {
if (value)
memcpy(SDATA(selem)->data, value, smap->map.value_size);
return selem;
}
if (charge_mem)
mem_uncharge(smap, owner, smap->elem_size);
Reported by FlawFinder.
kernel/bpf/bpf_lsm.c
1 issues
Line: 33
#undef LSM_HOOK
#define LSM_HOOK(RET, DEFAULT, NAME, ...) BTF_ID(func, bpf_lsm_##NAME)
BTF_SET_START(bpf_lsm_hooks)
#include <linux/lsm_hook_defs.h>
#undef LSM_HOOK
BTF_SET_END(bpf_lsm_hooks)
int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog,
Reported by Cppcheck.
kernel/audit_watch.c
1 issues
Line: 514
Column: 47
CWE codes:
126
if (!pathname)
return -ENOMEM;
audit_mark = audit_alloc_mark(new, pathname, strlen(pathname));
if (IS_ERR(audit_mark)) {
kfree(pathname);
return PTR_ERR(audit_mark);
}
new->exe = audit_mark;
Reported by FlawFinder.
kernel/audit_fsnotify.c
1 issues
Line: 82
struct inode *inode;
int ret;
if (pathname[0] != '/' || pathname[len-1] == '/')
return ERR_PTR(-EINVAL);
dentry = kern_path_locked(pathname, &path);
if (IS_ERR(dentry))
return ERR_CAST(dentry); /* returning an error */
Reported by Cppcheck.
kernel/audit.h
1 issues
Line: 138
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
kuid_t target_uid;
unsigned int target_sessionid;
u32 target_sid;
char target_comm[TASK_COMM_LEN];
struct audit_tree_refs *trees, *first_trees;
struct list_head killed_trees;
int tree_count;
Reported by FlawFinder.
kernel/bpf/cpumap.c
1 issues
Line: 502
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Array index key correspond to CPU number */
u32 key_cpu = *(u32 *)key;
memcpy(&cpumap_value, value, map->value_size);
if (unlikely(map_flags > BPF_EXIST))
return -EINVAL;
if (unlikely(key_cpu >= cmap->map.max_entries))
return -E2BIG;
Reported by FlawFinder.
ipc/util.c
1 issues
Line: 689
CWE codes:
476
*/
int ipc_update_perm(struct ipc64_perm *in, struct kern_ipc_perm *out)
{
kuid_t uid = make_kuid(current_user_ns(), in->uid);
kgid_t gid = make_kgid(current_user_ns(), in->gid);
if (!uid_valid(uid) || !gid_valid(gid))
return -EINVAL;
out->uid = uid;
Reported by Cppcheck.
kernel/bpf/inode.c
1 issues
Line: 426
Column: 40
CWE codes:
126
int ret;
inode_lock(parent->d_inode);
dentry = lookup_one_len(name, parent, strlen(name));
if (IS_ERR(dentry)) {
inode_unlock(parent->d_inode);
return PTR_ERR(dentry);
}
ret = bpf_mkobj_ops(dentry, mode, link, &bpf_link_iops,
Reported by FlawFinder.