lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1c5c8efb-055f-31b2-b25f-18d3f6e64226@microchip.com>
Date:   Mon, 7 Jan 2019 06:06:55 +0000
From:   <Ajay.Kathat@...rochip.com>
To:     <jmilan.dev@...il.com>, <Larry.Finger@...inger.net>
CC:     <linux-kernel@...r.kernel.org>, <devel@...verdev.osuosl.org>,
        <linux-wireless@...r.kernel.org>, <gregkh@...uxfoundation.org>,
        <Adham.Abozaeid@...rochip.com>
Subject: Re: [PATCH v2] staging: wilc1000: fix cast to restricted __le32

Hi Julius,

On 1/6/2019 12:48 PM, Július Milan wrote:
>> Before you send V3, are you sure this is the correct fix? As "frame_type" is
>> input as u16, it seems to me that the frame_type member of struct wilc_reg_frame
>> should be __le16, not __le32.
> 
> Yes, I am confident about it.
> The frame_type member of struct wilc_reg_frame contains in some cases
> 32 bit value
> as you can see in function wilc_wlan_cfg_set_wid.
> Cast to 32 bits is also safe, due to resultant endianness.

Thanks for submitting your patch.

But as Larry pointed we need to change the 'frame_type' type to '__le16'
in 'wilc_reg_frame' struct.
The correct fix for this issue is to change the datatype from ‘__le32’
to ‘__le16’, as the firmware expects it to be a 16bit value.

As wilc_wlan_cfg_set_wid(), is a generic function to pack different
types of WID's e.g char u8 (0x0xxx), short (u16) (0x1xxx), int (u32)
(0x2xxx), byte-string (0x3xxx) and binary data(0x4xxx). And based on the
WID type the specific pack format is used.
To frame register, WID_REGISTER_FRAME(0x3085) WID value is used and it's
of byte-string type. So the packed struct value is transmitted as an
array of u8 data. IMO there is no endianness issue provided firmware
extracts members information in the correct structure order.

Please resubmit the patch by changing 'frame_type' type to '__le16' in
'wilc_reg_frame' struct.

Regards,
Ajay

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ