| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Mar 2022 14:28:42 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Martin Kaiser' <martin@...ser.cx>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CC: Larry Finger <Larry.Finger@...inger.net>,
Phillip Potter <phil@...lpotter.co.uk>,
Michael Straube <straube.linux@...il.com>,
"linux-staging@...ts.linux.dev" <linux-staging@...ts.linux.dev>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH 1/7] staging: r8188eu: use ieee80211 define for version
check
From: Martin Kaiser
> Sent: 23 March 2022 07:49
>
> Use the IEEE80211_FCTL_VERS define to check the version number
> of a received frame.
>
> Signed-off-by: Martin Kaiser <martin@...ser.cx>
> ---
> drivers/staging/r8188eu/core/rtw_recv.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/drivers/staging/r8188eu/core/rtw_recv.c b/drivers/staging/r8188eu/core/rtw_recv.c
> index 8800ea4825ff..524a00345501 100644
> --- a/drivers/staging/r8188eu/core/rtw_recv.c
> +++ b/drivers/staging/r8188eu/core/rtw_recv.c
> @@ -1063,7 +1063,6 @@ static int validate_recv_frame(struct adapter *adapter, struct recv_frame *precv
> struct rx_pkt_attrib *pattrib = &precv_frame->attrib;
> u8 *ptr = precv_frame->rx_data;
> __le16 fc = *(__le16 *)ptr;
Those two lines are somewhat horrid.
Casts of pointers to integer types have a nasty habit of being bugs.
In any case 'ptr' should probably be 'frame_data'.
If the first two bytes are some kind of 16 bit id, then what follows?
Should this be a 'struct' that defines the frame data layout??
David
> - u8 ver = (unsigned char)(*ptr) & 0x3;
> struct mlme_ext_priv *pmlmeext = &adapter->mlmeextpriv;
>
> if (pmlmeext->sitesurvey_res.state == SCAN_PROCESS) {
> @@ -1072,8 +1071,7 @@ static int validate_recv_frame(struct adapter *adapter, struct recv_frame *precv
> pmlmeext->channel_set[ch_set_idx].rx_count++;
> }
>
> - /* add version chk */
> - if (ver != 0)
> + if ((fc & IEEE80211_FCTL_VERS) != 0)
> return _FAIL;
>
> pattrib->to_fr_ds = get_tofr_ds(ptr);
> --
> 2.30.2
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists