[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210220182154.9457-1-atulgopinathan@gmail.com>
Date: Sat, 20 Feb 2021 23:51:53 +0530
From: Atul Gopinathan <atulgopinathan@...il.com>
To: gregkh@...uxfoundation.org
Cc: gustavo@...eddedor.com, tiwai@...e.de, devel@...verdev.osuosl.org,
linux-kernel@...r.kernel.org,
Atul Gopinathan <atulgopinathan@...il.com>
Subject: [PATCH 1/2] staging: rtl8192e: Pass array value to memcpy instead of struct pointer
The variable "info_element" is of the following type:
struct rtllib_info_element *info_element
rtllib_info_element is a struct containing the following fields as
defined in drivers/staging/rtl8192e/rtllib.h:
struct rtllib_info_element {
u8 id;
u8 len;
u8 data[];
} __packed;
The following code of interest (to which this patch applies) is
supposed to check if the "info_element->len" is greater than 4 and
equal to 6, if this is satisfied then, the last two bytes (the
4th and 5th index of u8 "data" array) are copied into
"network->CcxRmState".
Currently the code uses "memcpy()" with the source as
"&info_element[4]" which would copy in wrong and unintended
information.
This patch rectifies this error by using "&info_element->data[4]" which
rightly copies the last two bytes as the required state information.
Signed-off-by: Atul Gopinathan <atulgopinathan@...il.com>
---
drivers/staging/rtl8192e/rtllib_rx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8192e/rtllib_rx.c b/drivers/staging/rtl8192e/rtllib_rx.c
index 66c135321da4..15bbb63ca130 100644
--- a/drivers/staging/rtl8192e/rtllib_rx.c
+++ b/drivers/staging/rtl8192e/rtllib_rx.c
@@ -1963,15 +1963,15 @@ static void rtllib_parse_mife_generic(struct rtllib_device *ieee,
if (info_element->len > 4 &&
info_element->data[0] == 0x00 &&
info_element->data[1] == 0x40 &&
info_element->data[2] == 0x96 &&
info_element->data[3] == 0x01) {
if (info_element->len == 6) {
- memcpy(network->CcxRmState, &info_element[4], 2);
+ memcpy(network->CcxRmState, &info_element->data[4], 2);
if (network->CcxRmState[0] != 0)
network->bCcxRmEnable = true;
else
network->bCcxRmEnable = false;
network->MBssidMask = network->CcxRmState[1] & 0x07;
if (network->MBssidMask != 0) {
network->bMBssidValid = true;
--
2.27.0
Powered by blists - more mailing lists