lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun,  7 Jun 2015 17:43:01 -0700
From:	David Decotigny <ddecotig@...il.com>
To:	Larry Finger <Larry.Finger@...inger.net>,
	Jes Sorensen <Jes.Sorensen@...hat.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-wireless@...r.kernel.org, devel@...verdev.osuosl.org,
	linux-kernel@...r.kernel.org
Cc:	Joe Perches <joe@...ches.com>,
	Dan Carpenter <dan.carpenter@...cle.com>,
	David Decotigny <ddecotig@...il.com>
Subject: [PATCH v2 1/2] staging: rtl8723au: core: avoid bitwise arithmetic with forced endianness

This fixes bitwise arithmetic performed on the host on a variable
previously converted to little-endian, and subsequently converted
again to little-endian:
  - issue_action_BA23a() called with "status" crafted in host byte order
  - "status" converted to LE
  - bitwise arithmetic on the (LE) "status", performed with masks and
    shifts in host byte order
  - result converted to LE (again) and stored in device structure

Sparse warning addressed by this patch:
  drivers/staging/rtl8723au/core/rtw_mlme_ext.c:3806:16: warning: incorrect type in assignment (different base types)
  drivers/staging/rtl8723au/core/rtw_mlme_ext.c:3806:16:    expected unsigned short [unsigned] status
  drivers/staging/rtl8723au/core/rtw_mlme_ext.c:3806:16:    got restricted __le16 [usertype] <noident>

Additional notes: initial cpu_to_le16 was introduced by kernel bulk
  commit 5e93f3520 "staging: r8723au: Add source files for new driver
  - part 1", initially from github according to commit description. On
  github, this traces back to another bulk commit: 2896bda04353 "Add
  new files in core directory", which is the 1st version of the
  driver.

Signed-off-by: David Decotigny <ddecotig@...il.com>
---
 drivers/staging/rtl8723au/core/rtw_mlme_ext.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/staging/rtl8723au/core/rtw_mlme_ext.c b/drivers/staging/rtl8723au/core/rtw_mlme_ext.c
index 196beaf..7c3b5dd 100644
--- a/drivers/staging/rtl8723au/core/rtw_mlme_ext.c
+++ b/drivers/staging/rtl8723au/core/rtw_mlme_ext.c
@@ -3803,8 +3803,6 @@ void issue_action_BA23a(struct rtw_adapter *padapter,
 
 	pattrib->pktlen = sizeof(struct ieee80211_hdr_3addr) + 1;
 
-	status = cpu_to_le16(status);
-
 	switch (action) {
 	case WLAN_ACTION_ADDBA_REQ:
 		pattrib->pktlen += sizeof(mgmt->u.action.u.addba_req);
-- 
2.2.0.rc0.207.ga3a616c

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ