lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210220182154.9457-1-atulgopinathan@gmail.com>
Date:   Sat, 20 Feb 2021 23:51:53 +0530
From:   Atul Gopinathan <atulgopinathan@...il.com>
To:     gregkh@...uxfoundation.org
Cc:     gustavo@...eddedor.com, tiwai@...e.de, devel@...verdev.osuosl.org,
        linux-kernel@...r.kernel.org,
        Atul Gopinathan <atulgopinathan@...il.com>
Subject: [PATCH 1/2] staging: rtl8192e: Pass array value to memcpy instead of struct pointer

The variable "info_element" is of the following type:
struct rtllib_info_element *info_element

rtllib_info_element is a struct containing the following fields as
defined in drivers/staging/rtl8192e/rtllib.h:

struct rtllib_info_element {
        u8 id;
        u8 len;
        u8 data[];
} __packed;

The following code of interest (to which this patch applies) is
supposed to check if the "info_element->len" is greater than 4 and
equal to 6, if this is satisfied then, the last two bytes (the
4th and 5th index of u8 "data" array) are copied into
"network->CcxRmState".

Currently the code uses "memcpy()" with the source as
"&info_element[4]" which would copy in wrong and unintended
information.

This patch rectifies this error by using "&info_element->data[4]" which
rightly copies the last two bytes as the required state information.

Signed-off-by: Atul Gopinathan <atulgopinathan@...il.com>
---
 drivers/staging/rtl8192e/rtllib_rx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/rtl8192e/rtllib_rx.c b/drivers/staging/rtl8192e/rtllib_rx.c
index 66c135321da4..15bbb63ca130 100644
--- a/drivers/staging/rtl8192e/rtllib_rx.c
+++ b/drivers/staging/rtl8192e/rtllib_rx.c
@@ -1963,15 +1963,15 @@ static void rtllib_parse_mife_generic(struct rtllib_device *ieee,
 
 	if (info_element->len > 4 &&
 	    info_element->data[0] == 0x00 &&
 	    info_element->data[1] == 0x40 &&
 	    info_element->data[2] == 0x96 &&
 	    info_element->data[3] == 0x01) {
 		if (info_element->len == 6) {
-			memcpy(network->CcxRmState, &info_element[4], 2);
+			memcpy(network->CcxRmState, &info_element->data[4], 2);
 			if (network->CcxRmState[0] != 0)
 				network->bCcxRmEnable = true;
 			else
 				network->bCcxRmEnable = false;
 			network->MBssidMask = network->CcxRmState[1] & 0x07;
 			if (network->MBssidMask != 0) {
 				network->bMBssidValid = true;
-- 
2.27.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ