lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID:
 <PA4PR04MB9638A61A144364C3567AEA76D10E2@PA4PR04MB9638.eurprd04.prod.outlook.com>
Date: Thu, 18 Apr 2024 03:37:35 +0000
From: David Lin <yu-hao.lin@....com>
To: David Lin <yu-hao.lin@....com>, Brian Norris <briannorris@...omium.org>
CC: "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"kvalo@...nel.org" <kvalo@...nel.org>, "francesco@...cini.it"
	<francesco@...cini.it>, Pete Hsieh <tsung-hsien.hsieh@....com>, Francesco
 Dolcini <francesco.dolcini@...adex.com>
Subject: RE: [EXT] Re: [PATCH v9 2/2] wifi: mwifiex: add host mlme for AP mode

> From: David Lin <yu-hao.lin@....com>
> Sent: Monday, March 18, 2024 10:04 AM
> To: Brian Norris <briannorris@...omium.org>
> Cc: linux-wireless@...r.kernel.org; linux-kernel@...r.kernel.org;
> kvalo@...nel.org; francesco@...cini.it; Pete Hsieh
> <tsung-hsien.hsieh@....com>; Francesco Dolcini
> <francesco.dolcini@...adex.com>
> Subject: RE: [EXT] Re: [PATCH v9 2/2] wifi: mwifiex: add host mlme for AP
> mode
> > 
> > From: Brian Norris <briannorris@...omium.org>
> > Sent: Saturday, March 16, 2024 8:45 AM
> > To: David Lin <yu-hao.lin@....com>
> > Cc: linux-wireless@...r.kernel.org; linux-kernel@...r.kernel.org;
> > kvalo@...nel.org; francesco@...cini.it; Pete Hsieh
> > <tsung-hsien.hsieh@....com>; Francesco Dolcini
> > <francesco.dolcini@...adex.com>
> > Subject: [EXT] Re: [PATCH v9 2/2] wifi: mwifiex: add host mlme for AP
> > mode
> >
> > Caution: This is an external email. Please take care when clicking
> > links or opening attachments. When in doubt, report the message using
> > the 'Report this email' button
> >
> >
> > On Wed, Mar 06, 2024 at 10:00:53AM +0800, David Lin wrote:
> > > Add host based MLME to enable WPA3 functionalities in AP mode.
> > > This feature required a firmware with the corresponding V2 Key API
> > > support. The feature (WPA3) is currently enabled and verified only
> > > on IW416. Also, verified no regression with change when host MLME is
> > > disabled.
> > >
> > > Signed-off-by: David Lin <yu-hao.lin@....com>
> > > Reviewed-by: Francesco Dolcini <francesco.dolcini@...adex.com>
> >
> > Quick pass for now; nothing jumps out at me today, but I'll give a
> > better look/Ack next week:
> >
> > > --- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
> > > +++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
> >
> >
> > > @@ -3951,12 +3974,43 @@
> > mwifiex_cfg80211_tdls_cancel_chan_switch(struct wiphy *wiphy,
> > >       }
> > >  }
> > >
> > > +static int
> > > +mwifiex_cfg80211_uap_add_station(struct mwifiex_private *priv,
> > > +const u8
> > *mac,
> > > +                              struct station_parameters *params) {
> > > +     struct mwifiex_sta_info add_sta;
> > > +     int ret;
> > > +
> > > +     memcpy(add_sta.peer_mac, mac, ETH_ALEN);
> > > +     add_sta.params = params;
> > > +
> > > +     ret = mwifiex_send_cmd(priv, HostCmd_CMD_ADD_NEW_STATION,
> > > +                            HostCmd_ACT_ADD_STA, 0, (void
> > *)&add_sta,
> > > + true);
> > > +
> > > +     if (!ret) {
> > > +             struct station_info *sinfo;
> > > +
> > > +             sinfo = kzalloc(sizeof(*sinfo), GFP_KERNEL);
> >
> > Couldn't this just be stack allocation?
> >
> >                 struct staion_info sinfo;
> >
> >                 cfg80211_new_sta(priv->netdev, mac, &sinfo,
> > GFP_KERNEL);
> >
> > I'm not sure you need to kzalloc() something here, if you're freeing
> > it a few lines later.
> >
> 
> Will modify it in patch v10.
> 

This modification will let stack overflow. Patch v10 will keep original code.

> >
> > > +             if (!sinfo)
> > > +                     return -ENOMEM;
> > > +
> > > +             cfg80211_new_sta(priv->netdev, mac, sinfo,
> GFP_KERNEL);
> > > +             kfree(sinfo);
> > > +     }
> > > +
> > > +     return ret;
> > > +}
> >
> > Brian


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ