lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon,  6 Apr 2020 13:17:56 +0200
From:   Jerome Pouiller <Jerome.Pouiller@...abs.com>
To:     devel@...verdev.osuosl.org, linux-wireless@...r.kernel.org
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Kalle Valo <kvalo@...eaurora.org>,
        "David S . Miller" <davem@...emloft.net>,
        Jérôme Pouiller 
        <jerome.pouiller@...abs.com>
Subject: [PATCH 11/11] staging: wfx: send just necessary bytes

From: Jérôme Pouiller <jerome.pouiller@...abs.com>

Size of hif_mib_template_frame must be sufficient to contains bytes
declared by frame_length and cannot exceed 700bytes.

Change the API to reflect that.

Signed-off-by: Jérôme Pouiller <jerome.pouiller@...abs.com>
---
 drivers/staging/wfx/hif_api_mib.h | 4 +++-
 drivers/staging/wfx/hif_tx_mib.c  | 3 ++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/wfx/hif_api_mib.h b/drivers/staging/wfx/hif_api_mib.h
index 0490157b4f3b..9f30cf503ad5 100644
--- a/drivers/staging/wfx/hif_api_mib.h
+++ b/drivers/staging/wfx/hif_api_mib.h
@@ -270,12 +270,14 @@ enum hif_tmplt {
 	HIF_TMPLT_NA     = 0x7
 };
 
+#define HIF_API_MAX_TEMPLATE_FRAME_SIZE 700
+
 struct hif_mib_template_frame {
 	u8     frame_type;
 	u8     init_rate:7;
 	u8     mode:1;
 	__le16 frame_length;
-	u8     frame[700];
+	u8     frame[];
 } __packed;
 
 struct hif_mib_beacon_wake_up_period {
diff --git a/drivers/staging/wfx/hif_tx_mib.c b/drivers/staging/wfx/hif_tx_mib.c
index ac534406144c..41f3090d29be 100644
--- a/drivers/staging/wfx/hif_tx_mib.c
+++ b/drivers/staging/wfx/hif_tx_mib.c
@@ -148,6 +148,7 @@ int hif_set_template_frame(struct wfx_vif *wvif, struct sk_buff *skb,
 {
 	struct hif_mib_template_frame *arg;
 
+	WARN(skb->len > HIF_API_MAX_TEMPLATE_FRAME_SIZE, "frame is too big");
 	skb_push(skb, 4);
 	arg = (struct hif_mib_template_frame *)skb->data;
 	skb_pull(skb, 4);
@@ -155,7 +156,7 @@ int hif_set_template_frame(struct wfx_vif *wvif, struct sk_buff *skb,
 	arg->frame_type = frame_type;
 	arg->frame_length = cpu_to_le16(skb->len);
 	return hif_write_mib(wvif->wdev, wvif->id, HIF_MIB_ID_TEMPLATE_FRAME,
-			     arg, sizeof(*arg));
+			     arg, sizeof(*arg) + skb->len);
 }
 
 int hif_set_mfp(struct wfx_vif *wvif, bool capable, bool required)
-- 
2.25.1

Powered by blists - more mailing lists