* fs/ksmbd/misc.c:188:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-...
@ 2023-03-04 21:34 kernel test robot
0 siblings, 0 replies; 2+ messages in thread
From: kernel test robot @ 2023-03-04 21:34 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp
::::::
:::::: Manual check reason: "low confidence static check warning: fs/ksmbd/misc.c:188:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]"
::::::
BCC: lkp@intel.com
CC: llvm@lists.linux.dev
CC: oe-kbuild-all@lists.linux.dev
CC: linux-kernel@vger.kernel.org
TO: Namjae Jeon <linkinjeon@kernel.org>
CC: Steve French <stfrench@microsoft.com>
CC: Hyunchul Lee <hyc.lee@gmail.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 0988a0ea791999ebbf95693f2676381825b05033
commit: 50f500b7f6335404b18bbffa93e3a905a08d061a ksmbd: remove filename in ksmbd_file
date: 11 months ago
:::::: branch date: 21 hours ago
:::::: commit date: 11 months ago
config: arm-randconfig-c002-20230302 (https://download.01.org/0day-ci/archive/20230305/202303050501.Pn4ckHYC-lkp@intel.com/config)
compiler: clang version 17.0.0 (https://github.com/llvm/llvm-project 67409911353323ca5edf2049ef0df54132fa1ca7)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50f500b7f6335404b18bbffa93e3a905a08d061a
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 50f500b7f6335404b18bbffa93e3a905a08d061a
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
| Link: https://lore.kernel.org/r/202303050501.Pn4ckHYC-lkp@intel.com/
clang_analyzer warnings: (new ones prefixed by >>)
^~~~~~~~
drivers/media/test-drivers/vivid/vivid-core.c:1751:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(dev->mdev.bus_info, sizeof(dev->mdev.bus_info),
^~~~~~~~
drivers/media/test-drivers/vivid/vivid-core.c:1759:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(dev->v4l2_dev.name, sizeof(dev->v4l2_dev.name),
^~~~~~~~
drivers/media/test-drivers/vivid/vivid-core.c:1759:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(dev->v4l2_dev.name, sizeof(dev->v4l2_dev.name),
^~~~~~~~
drivers/media/test-drivers/vivid/vivid-core.c:1836:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(dev->edid, vivid_hdmi_edid, sizeof(vivid_hdmi_edid));
^~~~~~
drivers/media/test-drivers/vivid/vivid-core.c:1836:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(dev->edid, vivid_hdmi_edid, sizeof(vivid_hdmi_edid));
^~~~~~
Suppressed 59 warnings (58 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
12 warnings generated.
drivers/power/supply/ds2781_battery.c:459:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
return sprintf(buf, "%d\n",
^~~~~~~
drivers/power/supply/ds2781_battery.c:459:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
return sprintf(buf, "%d\n",
^~~~~~~
drivers/power/supply/ds2781_battery.c:512:8: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
ret = sprintf(buf, "%d\n", sense_resistor);
^~~~~~~
drivers/power/supply/ds2781_battery.c:512:8: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
ret = sprintf(buf, "%d\n", sense_resistor);
^~~~~~~
drivers/power/supply/ds2781_battery.c:550:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
return sprintf(buf, "%d\n", rsgain);
^~~~~~~
drivers/power/supply/ds2781_battery.c:550:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
return sprintf(buf, "%d\n", rsgain);
^~~~~~~
drivers/power/supply/ds2781_battery.c:593:8: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
ret = sprintf(buf, "%d\n", sfr & DS2781_SFR_PIOSC);
^~~~~~~
drivers/power/supply/ds2781_battery.c:593:8: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
ret = sprintf(buf, "%d\n", sfr & DS2781_SFR_PIOSC);
^~~~~~~
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
29 warnings generated.
Suppressed 29 warnings (29 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
42 warnings generated.
drivers/gpu/drm/panel/panel-xinpeng-xpp055c272.c:74:17: warning: Value stored to 'dev' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
struct device *dev = ctx->dev;
^~~ ~~~~~~~~
drivers/gpu/drm/panel/panel-xinpeng-xpp055c272.c:74:17: note: Value stored to 'dev' during its initialization is never read
struct device *dev = ctx->dev;
^~~ ~~~~~~~~
Suppressed 41 warnings (41 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
41 warnings generated.
Suppressed 41 warnings (41 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
44 warnings generated.
drivers/media/i2c/mt9v111.c:492:13: warning: Although the value stored to 'vb' is used in the enclosing expression, the value is never actually read from 'vb' [clang-analyzer-deadcode.DeadStores]
best_fps = vb = hb = 0;
^ ~~~~~~
drivers/media/i2c/mt9v111.c:492:13: note: Although the value stored to 'vb' is used in the enclosing expression, the value is never actually read from 'vb'
best_fps = vb = hb = 0;
^ ~~~~~~
Suppressed 43 warnings (42 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
43 warnings generated.
Suppressed 43 warnings (42 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
43 warnings generated.
Suppressed 43 warnings (42 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
43 warnings generated.
Suppressed 43 warnings (42 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
43 warnings generated.
Suppressed 43 warnings (42 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
43 warnings generated.
Suppressed 43 warnings (42 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
44 warnings generated.
drivers/media/i2c/ov5640.c:1007:2: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores]
ret = ov5640_mod_reg(sensor, OV5640_REG_SC_PLL_CTRL0,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/media/i2c/ov5640.c:1007:2: note: Value stored to 'ret' is never read
ret = ov5640_mod_reg(sensor, OV5640_REG_SC_PLL_CTRL0,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 43 warnings (42 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
43 warnings generated.
Suppressed 43 warnings (42 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
43 warnings generated.
Suppressed 43 warnings (42 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
103 warnings generated.
>> fs/ksmbd/misc.c:188:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(nt_pathname, "/");
^~~~~~
fs/ksmbd/misc.c:188:3: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(nt_pathname, "/");
^~~~~~
>> fs/ksmbd/misc.c:189:2: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcat(nt_pathname, &ab_pathname[share_path_len]);
^~~~~~
fs/ksmbd/misc.c:189:2: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119
strcat(nt_pathname, &ab_pathname[share_path_len]);
^~~~~~
fs/ksmbd/misc.c:272:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(new_name, share->path, path_len);
^~~~~~
fs/ksmbd/misc.c:272:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(new_name, share->path, path_len);
^~~~~~
fs/ksmbd/misc.c:278:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(new_name + path_len + no_slash, name, name_len);
^~~~~~
fs/ksmbd/misc.c:278:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(new_name + path_len + no_slash, name, name_len);
^~~~~~
Suppressed 99 warnings (98 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
125 warnings generated.
fs/ksmbd/oplock.c:99:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:99:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:104:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(lease->parent_lease_key, lctx->parent_lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:104:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(lease->parent_lease_key, lctx->parent_lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:412:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:412:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:434:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:434:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:454:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:454:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:633:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2);
^~~~~~
fs/ksmbd/oplock.c:633:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2);
^~~~~~
fs/ksmbd/oplock.c:646:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(rsp_hdr->Signature, 0, 16);
^~~~~~
fs/ksmbd/oplock.c:646:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(rsp_hdr->Signature, 0, 16);
^~~~~~
fs/ksmbd/oplock.c:740:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2);
^~~~~~
fs/ksmbd/oplock.c:740:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2);
^~~~~~
fs/ksmbd/oplock.c:753:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(rsp_hdr->Signature, 0, 16);
^~~~~~
fs/ksmbd/oplock.c:753:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(rsp_hdr->Signature, 0, 16);
^~~~~~
fs/ksmbd/oplock.c:764:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(rsp->LeaseKey, br_info->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:764:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(rsp->LeaseKey, br_info->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:809:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(br_info->lease_key, lease->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:809:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(br_info->lease_key, lease->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:1018:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(lease2->lease_key, lease1->lease_key,
^~~~~~
fs/ksmbd/oplock.c:1018:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(lease2->lease_key, lease1->lease_key,
^~~~~~
fs/ksmbd/oplock.c:1044:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(lb->client_guid, opinfo->conn->ClientGUID,
^~~~~~
fs/ksmbd/oplock.c:1044:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(lb->client_guid, opinfo->conn->ClientGUID,
^~~~~~
fs/ksmbd/oplock.c:1341:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(buf, 0, sizeof(struct create_lease_v2));
vim +188 fs/ksmbd/misc.c
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 151
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 152 /**
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 153 * convert_to_nt_pathname() - extract and return windows path string
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 154 * whose share directory prefix was removed from file path
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 155 * @filename : unix filename
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 156 * @sharepath: share path string
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 157 *
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 158 * Return : windows path string or error
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 159 */
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 160
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 161 char *convert_to_nt_pathname(struct ksmbd_share_config *share,
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 162 struct path *path)
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 163 {
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 164 char *pathname, *ab_pathname, *nt_pathname;
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 165 int share_path_len = share->path_sz;
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 166
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 167 pathname = kmalloc(PATH_MAX, GFP_KERNEL);
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 168 if (!pathname)
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 169 return ERR_PTR(-EACCES);
87ffb310d5e8a4 fs/ksmbd/misc.c Dan Carpenter 2021-09-30 170
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 171 ab_pathname = d_path(path, pathname, PATH_MAX);
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 172 if (IS_ERR(ab_pathname)) {
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 173 nt_pathname = ERR_PTR(-EACCES);
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 174 goto free_pathname;
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 175 }
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 176
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 177 if (strncmp(ab_pathname, share->path, share_path_len)) {
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 178 nt_pathname = ERR_PTR(-EACCES);
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 179 goto free_pathname;
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 180 }
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 181
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 182 nt_pathname = kzalloc(strlen(&ab_pathname[share_path_len]) + 2, GFP_KERNEL);
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 183 if (!nt_pathname) {
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 184 nt_pathname = ERR_PTR(-ENOMEM);
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 185 goto free_pathname;
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 186 }
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 187 if (ab_pathname[share_path_len] == '\0')
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 @188 strcpy(nt_pathname, "/");
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 @189 strcat(nt_pathname, &ab_pathname[share_path_len]);
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 190
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 191 ksmbd_conv_path_to_windows(nt_pathname);
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 192
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 193 free_pathname:
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 194 kfree(pathname);
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 195 return nt_pathname;
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 196 }
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 197
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
^ permalink raw reply [flat|nested] 2+ messages in thread
* fs/ksmbd/misc.c:188:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-...
@ 2023-03-03 22:39 kernel test robot
0 siblings, 0 replies; 2+ messages in thread
From: kernel test robot @ 2023-03-03 22:39 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp
::::::
:::::: Manual check reason: "low confidence static check warning: fs/ksmbd/misc.c:188:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]"
::::::
BCC: lkp@intel.com
CC: llvm@lists.linux.dev
CC: oe-kbuild-all@lists.linux.dev
CC: linux-kernel@vger.kernel.org
TO: Namjae Jeon <linkinjeon@kernel.org>
CC: Steve French <stfrench@microsoft.com>
CC: Hyunchul Lee <hyc.lee@gmail.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 0a3f9a6b0265b64c02226fcabb5e9a958307913b
commit: 50f500b7f6335404b18bbffa93e3a905a08d061a ksmbd: remove filename in ksmbd_file
date: 11 months ago
:::::: branch date: 4 hours ago
:::::: commit date: 11 months ago
config: arm-randconfig-c002-20230302 (https://download.01.org/0day-ci/archive/20230304/202303040627.sI4R0m4s-lkp@intel.com/config)
compiler: clang version 17.0.0 (https://github.com/llvm/llvm-project 67409911353323ca5edf2049ef0df54132fa1ca7)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50f500b7f6335404b18bbffa93e3a905a08d061a
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 50f500b7f6335404b18bbffa93e3a905a08d061a
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
| Link: https://lore.kernel.org/r/202303040627.sI4R0m4s-lkp@intel.com/
clang_analyzer warnings: (new ones prefixed by >>)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/media/i2c/adv7842.c:3491:6: note: Assuming 'rev' is not equal to 8210
if (rev != 0x2012) {
^~~~~~~~~~~~~
drivers/media/i2c/adv7842.c:3491:2: note: Taking true branch
if (rev != 0x2012) {
^
drivers/media/i2c/adv7842.c:3492:3: note: Loop condition is false. Exiting loop
v4l2_info(sd, "got rev=0x%04x on first read attempt\n", rev);
^
include/media/v4l2-common.h:67:2: note: expanded from macro 'v4l2_info'
v4l2_printk(KERN_INFO, dev, fmt , ## arg)
^
include/media/v4l2-common.h:58:2: note: expanded from macro 'v4l2_printk'
printk(level "%s: " fmt, (dev)->name , ## arg)
^
include/linux/printk.h:446:26: note: expanded from macro 'printk'
#define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__)
^
include/linux/printk.h:417:3: note: expanded from macro 'printk_index_wrap'
__printk_index_emit(_fmt, NULL, NULL); \
^
include/linux/printk.h:392:34: note: expanded from macro '__printk_index_emit'
#define __printk_index_emit(...) do {} while (0)
^
drivers/media/i2c/adv7842.c:3493:9: note: Calling 'adv_smbus_read_byte_data_check'
rev = adv_smbus_read_byte_data_check(client, 0xea, false) << 8 |
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/media/i2c/adv7842.c:277:6: note: Assuming the condition is false
if (!i2c_smbus_xfer(client->adapter, client->addr, client->flags,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/media/i2c/adv7842.c:277:2: note: Taking false branch
if (!i2c_smbus_xfer(client->adapter, client->addr, client->flags,
^
drivers/media/i2c/adv7842.c:281:6: note: 'check' is false
if (check)
^~~~~
drivers/media/i2c/adv7842.c:281:2: note: Taking false branch
if (check)
^
drivers/media/i2c/adv7842.c:284:2: note: Returning the value -5
return -EIO;
^~~~~~~~~~~
drivers/media/i2c/adv7842.c:3493:9: note: Returning from 'adv_smbus_read_byte_data_check'
rev = adv_smbus_read_byte_data_check(client, 0xea, false) << 8 |
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/media/i2c/adv7842.c:3493:61: note: The result of the left shift is undefined because the left operand is negative
rev = adv_smbus_read_byte_data_check(client, 0xea, false) << 8 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
Suppressed 62 warnings (54 in non-user code, 8 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
45 warnings generated.
drivers/media/i2c/rj54n1cb0c.c:687:3: warning: Value stored to 'input_w' is never read [clang-analyzer-deadcode.DeadStores]
input_w = output_w;
^ ~~~~~~~~
drivers/media/i2c/rj54n1cb0c.c:687:3: note: Value stored to 'input_w' is never read
input_w = output_w;
^ ~~~~~~~~
drivers/media/i2c/rj54n1cb0c.c:688:3: warning: Value stored to 'input_h' is never read [clang-analyzer-deadcode.DeadStores]
input_h = output_h;
^ ~~~~~~~~
drivers/media/i2c/rj54n1cb0c.c:688:3: note: Value stored to 'input_h' is never read
input_h = output_h;
^ ~~~~~~~~
Suppressed 43 warnings (42 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
48 warnings generated.
drivers/media/i2c/s5c73m3/s5c73m3-core.c:350:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(fw_name, sizeof(fw_name), "SlimISP_%.2s.bin",
^~~~~~~~
drivers/media/i2c/s5c73m3/s5c73m3-core.c:350:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(fw_name, sizeof(fw_name), "SlimISP_%.2s.bin",
^~~~~~~~
drivers/media/i2c/s5c73m3/s5c73m3-core.c:678:2: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores]
ret = s5c73m3_write(state, 0x30100120, 0x0820);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/media/i2c/s5c73m3/s5c73m3-core.c:678:2: note: Value stored to 'ret' is never read
ret = s5c73m3_write(state, 0x30100120, 0x0820);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/media/i2c/s5c73m3/s5c73m3-core.c:679:2: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores]
ret = s5c73m3_write(state, 0x30100124, 0x0820);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/media/i2c/s5c73m3/s5c73m3-core.c:679:2: note: Value stored to 'ret' is never read
ret = s5c73m3_write(state, 0x30100124, 0x0820);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/media/i2c/s5c73m3/s5c73m3-core.c:682:2: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores]
ret = s5c73m3_write(state, 0x00010418, 0x0008);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/media/i2c/s5c73m3/s5c73m3-core.c:682:2: note: Value stored to 'ret' is never read
ret = s5c73m3_write(state, 0x00010418, 0x0008);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/media/i2c/s5c73m3/s5c73m3-core.c:1481:2: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores]
ret = media_create_pad_link(&state->sensor_sd.entity,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/media/i2c/s5c73m3/s5c73m3-core.c:1481:2: note: Value stored to 'ret' is never read
ret = media_create_pad_link(&state->sensor_sd.entity,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 43 warnings (42 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
103 warnings generated.
>> fs/ksmbd/misc.c:188:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(nt_pathname, "/");
^~~~~~
fs/ksmbd/misc.c:188:3: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(nt_pathname, "/");
^~~~~~
>> fs/ksmbd/misc.c:189:2: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcat(nt_pathname, &ab_pathname[share_path_len]);
^~~~~~
fs/ksmbd/misc.c:189:2: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119
strcat(nt_pathname, &ab_pathname[share_path_len]);
^~~~~~
fs/ksmbd/misc.c:272:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(new_name, share->path, path_len);
^~~~~~
fs/ksmbd/misc.c:272:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(new_name, share->path, path_len);
^~~~~~
fs/ksmbd/misc.c:278:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(new_name + path_len + no_slash, name, name_len);
^~~~~~
fs/ksmbd/misc.c:278:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(new_name + path_len + no_slash, name, name_len);
^~~~~~
Suppressed 99 warnings (98 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
125 warnings generated.
fs/ksmbd/oplock.c:99:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:99:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:104:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(lease->parent_lease_key, lctx->parent_lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:104:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(lease->parent_lease_key, lctx->parent_lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:412:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:412:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:434:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:434:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:454:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:454:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:633:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2);
^~~~~~
fs/ksmbd/oplock.c:633:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2);
^~~~~~
fs/ksmbd/oplock.c:646:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(rsp_hdr->Signature, 0, 16);
^~~~~~
fs/ksmbd/oplock.c:646:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(rsp_hdr->Signature, 0, 16);
^~~~~~
fs/ksmbd/oplock.c:740:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2);
^~~~~~
fs/ksmbd/oplock.c:740:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2);
^~~~~~
fs/ksmbd/oplock.c:753:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(rsp_hdr->Signature, 0, 16);
^~~~~~
fs/ksmbd/oplock.c:753:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(rsp_hdr->Signature, 0, 16);
^~~~~~
fs/ksmbd/oplock.c:764:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(rsp->LeaseKey, br_info->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:764:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(rsp->LeaseKey, br_info->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:809:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(br_info->lease_key, lease->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:809:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(br_info->lease_key, lease->lease_key, SMB2_LEASE_KEY_SIZE);
^~~~~~
fs/ksmbd/oplock.c:1018:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(lease2->lease_key, lease1->lease_key,
^~~~~~
fs/ksmbd/oplock.c:1018:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(lease2->lease_key, lease1->lease_key,
^~~~~~
fs/ksmbd/oplock.c:1044:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(lb->client_guid, opinfo->conn->ClientGUID,
^~~~~~
fs/ksmbd/oplock.c:1044:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(lb->client_guid, opinfo->conn->ClientGUID,
^~~~~~
fs/ksmbd/oplock.c:1341:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(buf, 0, sizeof(struct create_lease_v2));
vim +188 fs/ksmbd/misc.c
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 151
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 152 /**
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 153 * convert_to_nt_pathname() - extract and return windows path string
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 154 * whose share directory prefix was removed from file path
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 155 * @filename : unix filename
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 156 * @sharepath: share path string
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 157 *
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 158 * Return : windows path string or error
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 159 */
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 160
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 161 char *convert_to_nt_pathname(struct ksmbd_share_config *share,
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 162 struct path *path)
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 163 {
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 164 char *pathname, *ab_pathname, *nt_pathname;
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 165 int share_path_len = share->path_sz;
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 166
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 167 pathname = kmalloc(PATH_MAX, GFP_KERNEL);
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 168 if (!pathname)
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 169 return ERR_PTR(-EACCES);
87ffb310d5e8a4 fs/ksmbd/misc.c Dan Carpenter 2021-09-30 170
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 171 ab_pathname = d_path(path, pathname, PATH_MAX);
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 172 if (IS_ERR(ab_pathname)) {
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 173 nt_pathname = ERR_PTR(-EACCES);
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 174 goto free_pathname;
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 175 }
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 176
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 177 if (strncmp(ab_pathname, share->path, share_path_len)) {
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 178 nt_pathname = ERR_PTR(-EACCES);
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 179 goto free_pathname;
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 180 }
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 181
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 182 nt_pathname = kzalloc(strlen(&ab_pathname[share_path_len]) + 2, GFP_KERNEL);
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 183 if (!nt_pathname) {
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 184 nt_pathname = ERR_PTR(-ENOMEM);
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 185 goto free_pathname;
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 186 }
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 187 if (ab_pathname[share_path_len] == '\0')
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 @188 strcpy(nt_pathname, "/");
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 @189 strcat(nt_pathname, &ab_pathname[share_path_len]);
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 190
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 191 ksmbd_conv_path_to_windows(nt_pathname);
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 192
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 193 free_pathname:
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 194 kfree(pathname);
50f500b7f63354 fs/ksmbd/misc.c Namjae Jeon 2022-02-24 195 return nt_pathname;
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 196 }
e2f34481b24db2 fs/cifsd/misc.c Namjae Jeon 2021-03-16 197
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-03-04 21:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-04 21:34 fs/ksmbd/misc.c:188:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer- kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2023-03-03 22:39 kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.