lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 15 Apr 2022 08:10:35 +0200
From:   "Fabio M. De Francesco" <fmdefrancesco@...il.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Haowen Bai <baihaowen@...zu.com>
Cc:     Haowen Bai <baihaowen@...zu.com>, linux-staging@...ts.linux.dev,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH V3] staging: rtl8192e: Fix signedness bug in rtllib_rx_assoc_resp()

On venerdì 15 aprile 2022 08:06:17 CEST Fabio M. De Francesco wrote:
> On venerdì 15 aprile 2022 07:50:36 CEST Haowen Bai wrote:
> > The rtllib_rx_assoc_resp() function has a signedness bug because it's
> > a declared as a u16 but it return -ENOMEM.  When you look at it more
> > closely it returns a mix of error codes including 0xcafe, -ENOMEM, and
> > a->status which is WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG.  This is a mess.
> > 
> > Clean it up to just return standard kernel error codes.  We can print
> > out the a->status before returning a regular error code.  The printks
> > in the caller need to be adjusted as well.
> 
> This commit message suggested by Dan Carpenter is much better. The 
previous 
> one made me think that you were doing several different logical changes.
> 
> >
> > [snip]
> >  
> >  static void rtllib_rx_auth_resp(struct rtllib_device *ieee, struct 
> sk_buff *skb)
> >  {
> > -	u16 errcode;
> > +	int errcode;
> >  	u8 *challenge;
> >  	int chlen = 0;
> >  	bool bSupportNmode = true, bHalfSupportNmode = false;
> > @@ -2292,8 +2292,8 @@ static void rtllib_rx_auth_resp(struct 
> rtllib_device *ieee, struct sk_buff *skb)
> >  	if (errcode) {
> >  		ieee->softmac_stats.rx_auth_rs_err++;
> >  		netdev_info(ieee->dev,
> > -			    "Authentication response status code 
> 0x%x",
> > -			    errcode);
> > +			    "Authentication response status code %d",
> > +			    le16_to_cpu(errcode));
> 
> This is something that I'm still missing. Why do we need that call to 
> le16_to_cpu on "errcode"?
> 
> "errcode" is returned by auth_parse()? I see that this function already 
> changes the endianness of the returned value.

Sorry, I missed that you also changed auth_code().

Fabio

> 
> Thanks,
> 
> Fabio
> 
> 
> >  		rtllib_associate_abort(ieee);
> >  		return;
> >  	}
> > -- 
> > 2.7.4
> > 
> > 
> > 
> 
> 
> 
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ