| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Jan 2022 10:14:08 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Kees Cook <keescook@...omium.org>
Cc: Larry Finger <Larry.Finger@...inger.net>,
Phillip Potter <phil@...lpotter.co.uk>,
Michael Straube <straube.linux@...il.com>,
Fabio Aiuto <fabioaiuto83@...il.com>,
linux-staging@...ts.linux.dev, Martin Kaiser <martin@...ser.cx>,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] staging: r8188eu: Check for NULL header value
On Wed, Jan 12, 2022 at 04:19:34PM -0800, Kees Cook wrote:
> When building with -Warray-bounds, the following warning is emitted:
>
> In file included from ./include/linux/string.h:253,
> from ./arch/x86/include/asm/page_32.h:22,
> from ./arch/x86/include/asm/page.h:14,
> from ./arch/x86/include/asm/thread_info.h:12,
> from ./include/linux/thread_info.h:60,
> from ./arch/x86/include/asm/preempt.h:7,
> from ./include/linux/preempt.h:78,
> from ./include/linux/rcupdate.h:27,
> from ./include/linux/rculist.h:11,
> from ./include/linux/sched/signal.h:5,
> from ./drivers/staging/rtl8723bs/include/drv_types.h:17,
> from drivers/staging/rtl8723bs/core/rtw_recv.c:7:
> In function 'memcpy',
> inlined from 'wlanhdr_to_ethhdr' at drivers/staging/rtl8723bs/core/rtw_recv.c:1554:2:
> ./include/linux/fortify-string.h:41:33: warning: '__builtin_memcpy' offset [0, 5] is out of the bounds [0, 0] [-Warray-bounds]
> 41 | #define __underlying_memcpy __builtin_memcpy
> | ^
>
> This is because the compiler sees it is possible for "ptr" to be a NULL
> value, and concludes that it has zero size and attempts to copy to it
> would overflow. Instead, detect the NULL return and error out early.
>
> Cc: Larry Finger <Larry.Finger@...inger.net>
> Cc: Phillip Potter <phil@...lpotter.co.uk>
> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Cc: Michael Straube <straube.linux@...il.com>
> Cc: Fabio Aiuto <fabioaiuto83@...il.com>
> Cc: linux-staging@...ts.linux.dev
> Signed-off-by: Kees Cook <keescook@...omium.org>
> ---
> drivers/staging/r8188eu/core/rtw_recv.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/staging/r8188eu/core/rtw_recv.c b/drivers/staging/r8188eu/core/rtw_recv.c
> index 51a13262a226..93b0aa5688e3 100644
> --- a/drivers/staging/r8188eu/core/rtw_recv.c
> +++ b/drivers/staging/r8188eu/core/rtw_recv.c
> @@ -1191,6 +1191,9 @@ static int wlanhdr_to_ethhdr(struct recv_frame *precvframe)
> u8 *ptr = get_recvframe_data(precvframe); /* point to frame_ctrl field */
> struct rx_pkt_attrib *pattrib = &precvframe->attrib;
>
> + if (!ptr)
> + return _FAIL;
Same objection as on the other staging driver change, this is not the
correct way to solve this.
thanks,
greg k-h
Powered by blists - more mailing lists