lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <9c02683d-c688-4e39-913e-6b20b3bd76a0@gmail.com>
Date: Tue, 15 Oct 2024 00:02:00 +0100
From: "Colin King (gmail)" <colin.i.king@...il.com>
To: Arend van Spriel <arend.vanspriel@...adcom.com>,
 "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
 brcm80211@...ts.linux.dev, brcm80211-dev-list.pdl@...adcom.com
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: incorrect shift and mask operation in
 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c

Hi,

Static analysis on 
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c has found 
an issue with a mask and shift operation in function 
wlc_phy_rxcal_radio_setup_nphy() as follows:

lines 26326-26330:

         offtune_val =
                 (pi->tx_rx_cal_radio_saveregs
                  [2] & 0xF0) >> 8;
         offtune_val =
                 (offtune_val <= 0x7) ? 0xF : 0;

and similar in lines 26376-26381 too.

The issue is that the expression pi->tx_rx_cal_radio_saveregs[2] & 0xF0
when shifted 8 places right is always zero, so this looks like a mistake 
since some value value between 0..0xf is expected in the second statement.

Since pi->tx_rx_cal_radio_saveregs[2] is a u16 value the expression 
could plausible be:

	(pi->tx_rx_cal_radio_saveregs[2] & 0xf0) >> 4
or
	(pi->tx_rx_cal_radio_saveregs[2] & 0xf00) >> 8

I don't have knowledge of the hardware so I'm not sure what a suitable 
fix is.

Regards,

Colin


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ