lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210222054029.GF2087@kadam>
Date:   Mon, 22 Feb 2021 08:40:29 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     karthik alapati <mail@...thek.com>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Mukul Mehar <mukulmehar02@...il.com>,
        devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: wimax: fix sparse incorrect type issue

On Sat, Feb 20, 2021 at 05:04:00PM +0530, karthik alapati wrote:
> fix sparse warning by casting to explicit user address-space
> pointer type
> 
> Signed-off-by: karthik alapati <mail@...thek.com>
> ---
>  drivers/staging/wlan-ng/p80211netdev.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/staging/wlan-ng/p80211netdev.c b/drivers/staging/wlan-ng/p80211netdev.c
> index 6f9666dc0..70570e8a5 100644
> --- a/drivers/staging/wlan-ng/p80211netdev.c
> +++ b/drivers/staging/wlan-ng/p80211netdev.c
> @@ -569,7 +569,7 @@ static int p80211knetdev_do_ioctl(struct net_device *dev,
>  		goto bail;
>  	}
>  
> -	msgbuf = memdup_user(req->data, req->len);
> +	msgbuf = memdup_user((void __user *)req->data, req->len);

This doesn't fix anything it just silences the warning.  Linus Torvalds
worked very hard to create Sparse for the express purpose of printing
the warning.  People don't realize that warnings are very valuable
because they show where the bugs are.

Please look at this some more and figure out how to fix the warning.

To be honest, I'm tempted to not accept any patch which doesn't also fix
the buffer overflows when we pass:

	result = p80211req_dorequest(wlandev, msgbuf);

How do we know that "msgbuf" is large enough?

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ