lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Apr 2022 08:37:33 +0800 From: Solomon Tan <wjsota@...il.com> To: straube.linux@...il.com, paskripkin@...il.com Cc: Greg KH <gregkh@...uxfoundation.org>, Larry Finger <Larry.Finger@...inger.net>, Phillip Potter <phil@...lpotter.co.uk>, "open list:STAGING SUBSYSTEM" <linux-staging@...ts.linux.dev>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [BUG] staging: r8188eu: KASAN: slab-out-of-bounds in rtw_cmd_thread > > > It looks like > > > commit 0afaa121813e ("staging: r8188eu: use in-kernel ieee channel") > > > intoduced a. See KASAN output below. > > > > > > That commit replaced the use of struct rtw_ieee80211_channel with struct > > > ieee80211_channel. > > > > > > There are several calls to memcpy that used sizeof(struct > > > rtw_ieee80211_channel) > > > and now use sizeof(struct ieee80211_channel) but the sizes of these two > > > structures are not equal. > > > > > drivers/staging/r8188eu/core/rtw_cmd.c:276: memcpy() call. > > As Michael said the sizes of structures do not mach and the memcpy writes > below allocated buffer. > Thanks Pavel. Hi Michael, I could not find the cause of this issue, and I am afraid I might break even more stuff if I attempt to fix it, so I have submitted a new patch to revert my changes. Sorry for the inconvenience. Cheers, Solomon
Powered by blists - more mailing lists