| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Sep 2016 19:53:00 +0100
From: Malcolm Priestley <tvboxspy@...il.com>
To: Dan Carpenter <dan.carpenter@...cle.com>,
Martin Alonso <martin.alonso@...o.com>
Cc: pasteka@...si.at, devel@...verdev.osuosl.org,
gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
forest@...ttletooquiet.net, joe@...ches.com
Subject: Re: [PATCH 2/2] staging: vt6656: Make 'rx_rate' u8 instead of u8 *
On 28/09/16 08:40, Dan Carpenter wrote:
> On Tue, Sep 27, 2016 at 02:52:49PM -0300, Martin Alonso wrote:
>> Change the type and uses of rx_rate.
>>
>> Signed-off-by: Martin Alonso <martin.alonso@...o.com>
>> ---
>> drivers/staging/vt6656/dpc.c | 9 +++++----
>> 1 file changed, 5 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/staging/vt6656/dpc.c b/drivers/staging/vt6656/dpc.c
>> index 655f000..782b7d7 100644
>> --- a/drivers/staging/vt6656/dpc.c
>> +++ b/drivers/staging/vt6656/dpc.c
>> @@ -46,7 +46,8 @@ int vnt_rx_data(struct vnt_private *priv, struct vnt_rcb *ptr_rcb,
>> __le64 *tsf_time;
>> u32 frame_size;
>> int ii, r;
>> - u8 *rx_rate, *sq, *sq_3;
>> + u8 rx_rate;
>> + u8 *sq, *sq_3;
>> u32 wbk_status;
>> u8 *skb_data;
>> u16 *pay_load_len;
>> @@ -75,7 +76,7 @@ int vnt_rx_data(struct vnt_private *priv, struct vnt_rcb *ptr_rcb,
>>
>> skb_data = (u8 *)skb->data;
>>
>> - rx_rate = skb_data + 5;
>> + rx_rate = *(skb_data + 5);
>
> It occurs to me that we don't check that skb->len is large enough here.
> We just assume it has at least 5 bytes.
>
> TODO: vt6656: verify skb->len before using it.
skb->len is always set to the tail room then trimmed by this function.
Regards
Malcolm
Powered by blists - more mailing lists