| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Apr 2022 09:18:52 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Haowen Bai <baihaowen@...zu.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH V3] staging: rtl8192e: Fix signedness bug in
rtllib_rx_assoc_resp()
On Fri, Apr 15, 2022 at 01:50:36PM +0800, Haowen Bai wrote:
> The rtllib_rx_assoc_resp() function has a signedness bug because it's
> a declared as a u16 but it return -ENOMEM. When you look at it more
> closely it returns a mix of error codes including 0xcafe, -ENOMEM, and
> a->status which is WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG. This is a mess.
>
> Clean it up to just return standard kernel error codes. We can print
> out the a->status before returning a regular error code. The printks
> in the caller need to be adjusted as well.
>
> Signed-off-by: Haowen Bai <baihaowen@...zu.com>
> ---
> V1->V2: reduce return random value; print its own error message.
> V2->V3: change commit message; change s16 -> int.
>
> drivers/staging/rtl8192e/rtllib_softmac.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/staging/rtl8192e/rtllib_softmac.c b/drivers/staging/rtl8192e/rtllib_softmac.c
> index 82bf05eb1cbf..4a1b9a94930f 100644
> --- a/drivers/staging/rtl8192e/rtllib_softmac.c
> +++ b/drivers/staging/rtl8192e/rtllib_softmac.c
> @@ -1764,7 +1764,7 @@ static void rtllib_softmac_check_all_nets(struct rtllib_device *ieee)
> spin_unlock_irqrestore(&ieee->lock, flags);
> }
>
> -static inline u16 auth_parse(struct net_device *dev, struct sk_buff *skb,
> +static inline int auth_parse(struct net_device *dev, struct sk_buff *skb,
> u8 **challenge, int *chlen)
> {
> struct rtllib_authentication *a;
> @@ -1773,7 +1773,7 @@ static inline u16 auth_parse(struct net_device *dev, struct sk_buff *skb,
> if (skb->len < (sizeof(struct rtllib_authentication) -
> sizeof(struct rtllib_info_element))) {
> netdev_dbg(dev, "invalid len in auth resp: %d\n", skb->len);
> - return 0xcafe;
> + return -EINVAL;
> }
> *challenge = NULL;
> a = (struct rtllib_authentication *) skb->data;
> @@ -1787,7 +1787,7 @@ static inline u16 auth_parse(struct net_device *dev, struct sk_buff *skb,
> return -ENOMEM;
> }
> }
> - return le16_to_cpu(a->status);
> + return a->status;
Please do not return a->status. See my previous email. You're sending
new versions too quickly. Wait a day between new versions.
regards,
dan carpenter
Powered by blists - more mailing lists