lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20210222081038.GS2222@kadam>
Date:   Mon, 22 Feb 2021 11:10:39 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     karthek <mail@...thek.com>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Mukul Mehar <mukulmehar02@...il.com>,
        devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: wimax: fix sparse incorrect type issue

On Mon, Feb 22, 2021 at 11:31:48AM +0530, karthek wrote:
> On Mon, Feb 22, 2021 at 11:10 AM Dan Carpenter <dan.carpenter@...cle.com> wrote:
> >
> > On Sat, Feb 20, 2021 at 05:04:00PM +0530, karthik alapati wrote:
> > > fix sparse warning by casting to explicit user address-space
> > > pointer type
> > >
> > > Signed-off-by: karthik alapati <mail@...thek.com>
> > > ---
> > >  drivers/staging/wlan-ng/p80211netdev.c | 2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/staging/wlan-ng/p80211netdev.c b/drivers/staging/wlan-ng/p80211netdev.c
> > > index 6f9666dc0..70570e8a5 100644
> > > --- a/drivers/staging/wlan-ng/p80211netdev.c
> > > +++ b/drivers/staging/wlan-ng/p80211netdev.c
> > > @@ -569,7 +569,7 @@ static int p80211knetdev_do_ioctl(struct net_device *dev,
> > >               goto bail;
> > >       }
> > >
> > > -     msgbuf = memdup_user(req->data, req->len);
> > > +     msgbuf = memdup_user((void __user *)req->data, req->len);
> >
> > This doesn't fix anything it just silences the warning.  Linus Torvalds
> > worked very hard to create Sparse for the express purpose of printing
> > the warning.  People don't realize that warnings are very valuable
> > because they show where the bugs are.
> >
> > Please look at this some more and figure out how to fix the warning.
> >
> > To be honest, I'm tempted to not accept any patch which doesn't also fix
> > the buffer overflows when we pass:
> >
> >         result = p80211req_dorequest(wlandev, msgbuf);
> >
> > How do we know that "msgbuf" is large enough?
> >
> > regards,
> > dan carpenter
> >
> 
> Thanks dan but right after sending this patch i immediately replied to
> it stating
> to ignore this patch as i found this already applied in staging-testing branch
> https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git/commit/?h=staging-testing&id=3a8a144d2a754df45127c74e273fa166f690ba43 


It's still possible to fix this in the correct way and fix the buffer
overflows.

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ