| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1706da7b-ca98-2288-6e07-ae5912b90139@gmail.com>
Date: Sun, 22 Aug 2021 19:17:06 +0200
From: Michael Straube <straube.linux@...il.com>
To: Martin Kaiser <martin@...ser.cx>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Larry Finger <Larry.Finger@...inger.net>,
Phillip Potter <phil@...lpotter.co.uk>,
Dan Carpenter <dan.carpenter@...cle.com>,
linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 08/10] staging: r8188eu: clean up the usb_writeN
On 8/22/21 6:58 PM, Martin Kaiser wrote:
> Hi Michael,
>
> Thus wrote Michael Straube (straube.linux@...il.com):
>
>> On 8/21/21 6:48 PM, Martin Kaiser wrote:
>>> Remove unnecessary variables, check the length.
>
>>> Signed-off-by: Martin Kaiser <martin@...ser.cx>
>>> ---
>>> drivers/staging/r8188eu/hal/usb_ops_linux.c | 15 +++++----------
>>> 1 file changed, 5 insertions(+), 10 deletions(-)
>
>>> diff --git a/drivers/staging/r8188eu/hal/usb_ops_linux.c b/drivers/staging/r8188eu/hal/usb_ops_linux.c
>>> index e01f1ac19596..5408383ccec3 100644
>>> --- a/drivers/staging/r8188eu/hal/usb_ops_linux.c
>>> +++ b/drivers/staging/r8188eu/hal/usb_ops_linux.c
>>> @@ -151,20 +151,15 @@ static int usb_write32(struct intf_hdl *pintfhdl, u32 addr, u32 val)
>>> static int usb_writeN(struct intf_hdl *pintfhdl, u32 addr, u32 length, u8 *pdata)
>>> {
>>> - u16 wvalue;
>>> - u16 len;
>>> + u16 wvalue = (u16)(addr & 0x0000ffff);
>>> u8 buf[VENDOR_CMD_MAX_DATA_LEN] = {0};
>>> - int ret;
>>> -
>>> + if (length > VENDOR_CMD_MAX_DATA_LEN)
>>> + return -EINVAL;
>>> - wvalue = (u16)(addr & 0x0000ffff);
>>> - len = length;
>>> - memcpy(buf, pdata, len);
>>> + memcpy(buf, pdata, length);
>
>> Hi Martin, shouldn't this be
>
>> memcpy(buf, pdata, (length & 0xffff));
>
> I don't think this makes any difference. I've already checked that
> length <= VENDOR_CMD_MAX_DATA_LEN, which is 254. memcpy takes a size_t
> parameter for the number of bytes to copy. length will not overflow
> this.
>
> Best regards,
> Martin
>
Hi Martin,
ah, I see now. You are right.
Acked-by: Michael Straube <straube.linux@...il.com>
Thanks,
Michael
Powered by blists - more mailing lists