| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Feb 2023 19:18:36 +0300
From: Anton Gusev <aagusev@...ras.ru>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Anton Gusev <aagusev@...ras.ru>, linux-staging@...ts.linux.dev,
linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org
Subject: [PATCH] staging/wlan-ng: Check hfa384x_dowmem result in hfa384x_drvr_flashdl_write
In hfa384x_drvr_flashdl_write, hfa384x_dowmem is called in a cycle
without checking the result. Ignoring an error there may lead to an
incorrect flash download buffer value during the consequent write.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Anton Gusev <aagusev@...ras.ru>
---
drivers/staging/wlan-ng/hfa384x_usb.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/staging/wlan-ng/hfa384x_usb.c b/drivers/staging/wlan-ng/hfa384x_usb.c
index c7cd54171d99..baac5c02f904 100644
--- a/drivers/staging/wlan-ng/hfa384x_usb.c
+++ b/drivers/staging/wlan-ng/hfa384x_usb.c
@@ -1880,6 +1880,12 @@ int hfa384x_drvr_flashdl_write(struct hfa384x *hw, u32 daddr,
writepage,
writeoffset,
writebuf, writelen);
+ if (result) {
+ netdev_err(hw->wlandev->netdev,
+ "dowmem(page=%x,offset=%x,data=%p,len=%d) failed, result=%d. Aborting d/l\n",
+ writepage, writeoffset, writebuf, writelen, result);
+ return result;
+ }
}
/* set the download 'write flash' mode */
--
2.39.1
Powered by blists - more mailing lists