| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Apr 2022 20:52:44 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Rebecca Mckeever <remckee0@...il.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org,
outreachy@...ts.linux.dev
Subject: Re: [PATCH] staging: rtl8192u: change get_key functions to return 0
instead of -1
On Wed, Apr 20, 2022 at 07:23:28AM -0500, Rebecca Mckeever wrote:
> Currently, these three get_key functions return -1 when the provided len
> value is less a specific key length value, which can result in buffer
> overflow depending on how the returned value is used. These functions are
> used in three places in ieee80211/ieee80211_wx.c:
>
> ieee80211_wx_get_encode() :
> The behavior of this function will be unchanged.
>
> ieee80211_wx_get_encode_ext() :
> The result of the get_key function is written to ext->key_len,
> resulting in a buffer overflow if the result is negative.
>
> ieee80211_wx_set_encode() :
> The behavior of this function will change. When len is less than the
> key length value, it will set a default key of all 0.
>
> Suggested-by: Dan Carpenter <dan.carpenter@...cle.com>
> Signed-off-by: Rebecca Mckeever <remckee0@...il.com>
Of course I suggested this one, but reviewing it again it still seems
like the right thing. Good commit message. It explains the
controversial bit nicely which is the behavior change in
ieee80211_wx_set_encode(). When you explain the all controversial bits
in advance then it builds trust.
regards,
dan carpenter
Powered by blists - more mailing lists