lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20220530074420.GL2146@kadam>
Date:   Mon, 30 May 2022 10:44:21 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     Larry Finger <Larry.Finger@...inger.net>
Cc:     gregkh@...uxfoundation.org, phil@...lpotter.co.uk,
        linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/2] staging: r8188eu: Fix warning of array overflow
 in ioctl_linux.c

On Sat, May 28, 2022 at 07:47:10PM -0500, Larry Finger wrote:
> Building with -Warray-bounds results in the following warning plus others
> related to the same problem:
> 
> CC [M]  drivers/staging/r8188eu/os_dep/ioctl_linux.o
> In function ‘wpa_set_encryption’,
>     inlined from ‘rtw_wx_set_enc_ext’ at drivers/staging/r8188eu/os_dep/ioctl_linux.c:1868:9:
> drivers/staging/r8188eu/os_dep/ioctl_linux.c:412:41: warning: array subscript ‘struct ndis_802_11_wep[0]’ is partly outside array bounds of ‘void[25]’ [-Warray-bounds]
>   412 |                         pwep->KeyLength = wep_key_len;

I'm not totally sure I understand where the void[25] comes from...

This is a false positive, though?  Another fix would be to just declare
the struct as a variable size array?  I don't know where the 16 comes
from either.  :P  I have not followed this logic to other functions.  If
the 16 is important then the bug is real.

Your patch is harmless and less risky than changing the struct
definition so I'm fine with that.  But I'm just trying to understand the
situation better.

regards,
dan carpenter

diff --git a/drivers/staging/r8188eu/include/wlan_bssdef.h b/drivers/staging/r8188eu/include/wlan_bssdef.h
index 9d1c9e763287..0d4fb1d0b22b 100644
--- a/drivers/staging/r8188eu/include/wlan_bssdef.h
+++ b/drivers/staging/r8188eu/include/wlan_bssdef.h
@@ -158,7 +158,7 @@ struct ndis_802_11_wep {
 	u32     KeyIndex;      /*  0 is the per-client key,
 				  * 1-N are the global keys */
 	u32     KeyLength;     /*  length of key in bytes */
-	u8     KeyMaterial[16];/*  variable len depending on above field */
+	u8     KeyMaterial[];/*  variable len depending on above field */
 };
 
 struct ndis_802_11_auth_req {

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ