lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <36cef2a8-10a3-928a-d962-3599333d9ac8@nfschina.com>
Date: Wed, 3 Jul 2024 09:41:45 +0800
From: Su Hui <suhui@...china.com>
To: Arend Van Spriel <arend.vanspriel@...adcom.com>,
 Kalle Valo <kvalo@...nel.org>
Cc: Dan Carpenter <dan.carpenter@...aro.org>, johannes.berg@...el.com,
 kees@...nel.org, a@...repo.ru, marcan@...can.st, quic_alokad@...cinc.com,
 zyytlz.wz@....com, petr.tesarik.ext@...wei.com, duoming@....edu.cn,
 colin.i.king@...il.com, frankyl@...adcom.com, meuleman@...adcom.com,
 phaber@...adcom.com, linville@...driver.com, linux-wireless@...r.kernel.org,
 brcm80211@...ts.linux.dev, brcm80211-dev-list.pdl@...adcom.com,
 linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH wireless 1/9] wifi: cfg80211: avoid garbage value of
 'io_type' in brcmf_cfg80211_attach()

On 2024/7/2 23:39, Arend Van Spriel wrote:
> On July 2, 2024 5:29:27 PM Kalle Valo <kvalo@...nel.org> wrote:
>
>> Arend Van Spriel <arend.vanspriel@...adcom.com> writes:
>>
>>> On July 2, 2024 3:57:27 PM Dan Carpenter <dan.carpenter@...aro.org> 
>>> wrote:
>>>
>>>> On Tue, Jul 02, 2024 at 08:24:44PM +0800, Su Hui wrote:
>>>>> brcmf_fil_cmd_int_get() reads the value of 'io_type' and passes it to
>>>>> brcmf_fil_cmd_data_get(). Initialize 'io_type' to avoid garbage 
>>>>> value.
>>>>
>>>> Since you're going to be resending anyway, please delete the space 
>>>> char
>>>> from the start of the line.
>>>>
>>>> It's weird that brcmf_fil_cmd_data_get() uses the uninitialized data.
>>>> It looks like it just goes to great lengths to preserve the original
>>>> data in io_type...  So it likely is harmless enough but still a 
>>>> strange
>>>> and complicated way write a no-op.
>>>
>>> Not sure if it helps, but I tried to explain the reason in response to
>>> patch 0 (cover letter).
>>
>> Would it make more sense to have just one patch? It's the same issue
>> anyway.
>
> Yes, but I would solve it in brcmf_fil_* functions (fwil.[ch]).
It seems you will send a new patch to solve this issue.
And I guess there is no need for me to resend a v2 patchset or just one 
patch.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ