lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20160930193747.GB26713@mwanda>
Date:   Fri, 30 Sep 2016 22:37:47 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     Malcolm Priestley <tvboxspy@...il.com>
Cc:     Martin Alonso <martin.alonso@...o.com>, pasteka@...si.at,
        devel@...verdev.osuosl.org, gregkh@...uxfoundation.org,
        linux-kernel@...r.kernel.org, forest@...ttletooquiet.net,
        joe@...ches.com
Subject: Re: [PATCH 2/2] staging: vt6656: Make 'rx_rate' u8 instead of u8 *

On Fri, Sep 30, 2016 at 07:53:00PM +0100, Malcolm Priestley wrote:
> On 28/09/16 08:40, Dan Carpenter wrote:
> >On Tue, Sep 27, 2016 at 02:52:49PM -0300, Martin Alonso wrote:
> >>Change the type and uses of rx_rate.
> >>
> >>Signed-off-by: Martin Alonso <martin.alonso@...o.com>
> >>---
> >> drivers/staging/vt6656/dpc.c | 9 +++++----
> >> 1 file changed, 5 insertions(+), 4 deletions(-)
> >>
> >>diff --git a/drivers/staging/vt6656/dpc.c b/drivers/staging/vt6656/dpc.c
> >>index 655f000..782b7d7 100644
> >>--- a/drivers/staging/vt6656/dpc.c
> >>+++ b/drivers/staging/vt6656/dpc.c
> >>@@ -46,7 +46,8 @@ int vnt_rx_data(struct vnt_private *priv, struct vnt_rcb *ptr_rcb,
> >> 	__le64 *tsf_time;
> >> 	u32 frame_size;
> >> 	int ii, r;
> >>-	u8 *rx_rate, *sq, *sq_3;
> >>+	u8 rx_rate;
> >>+	u8 *sq, *sq_3;
> >> 	u32 wbk_status;
> >> 	u8 *skb_data;
> >> 	u16 *pay_load_len;
> >>@@ -75,7 +76,7 @@ int vnt_rx_data(struct vnt_private *priv, struct vnt_rcb *ptr_rcb,
> >>
> >> 	skb_data = (u8 *)skb->data;
> >>
> >>-	rx_rate = skb_data + 5;
> >>+	rx_rate = *(skb_data + 5);
> >
> >It occurs to me that we don't check that skb->len is large enough here.
> >We just assume it has at least 5 bytes.
> >
> >TODO: vt6656: verify skb->len before using it.
> 
> skb->len is always set to the tail room then trimmed by this function.
> 

We call skb_trim() after assuming it's at least 5 bytes so that doesn't
matter for this discussion?

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ