lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250519014434.901-1-vulab@iscas.ac.cn>
Date: Mon, 19 May 2025 09:44:33 +0800
From: Wentao Liang <vulab@...as.ac.cn>
To: ajay.kathat@...rochip.com,
	claudiu.beznea@...on.dev,
	kvalo@...nel.org
Cc: linux-wireless@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Wentao Liang <vulab@...as.ac.cn>,
	stable@...r.kernel.org
Subject: [PATCH v2] wifi: wilc1000: Add error handling for wilc_sdio_cmd52()

The wilc_sdio_read_size() calls wilc_sdio_cmd52() but does not check the
return value. This could lead to execution with potentially invalid data
if wilc_sdio_cmd52() fails. A proper implementation can be found in
wilc_sdio_read_reg().

Add error handling for wilc_sdio_cmd52(). If wilc_sdio_cmd52() fails,
log an error message via dev_err().

Fixes: 0e1af73ddeb9 ("staging/wilc1000: use proper naming for global symbols")
Cc: stable@...r.kernel.org # v4.15
Signed-off-by: Wentao Liang <vulab@...as.ac.cn>
---
v2: Fix code error.

 drivers/net/wireless/microchip/wilc1000/sdio.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/microchip/wilc1000/sdio.c b/drivers/net/wireless/microchip/wilc1000/sdio.c
index 5262c8846c13..8ff49b08bbd2 100644
--- a/drivers/net/wireless/microchip/wilc1000/sdio.c
+++ b/drivers/net/wireless/microchip/wilc1000/sdio.c
@@ -771,6 +771,7 @@ static int wilc_sdio_read_size(struct wilc *wilc, u32 *size)
 {
 	u32 tmp;
 	struct sdio_cmd52 cmd;
+	struct sdio_func *func = dev_to_sdio_func(wilc->dev);
 
 	/**
 	 *      Read DMA count in words
@@ -780,12 +781,20 @@ static int wilc_sdio_read_size(struct wilc *wilc, u32 *size)
 	cmd.raw = 0;
 	cmd.address = WILC_SDIO_INTERRUPT_DATA_SZ_REG;
 	cmd.data = 0;
-	wilc_sdio_cmd52(wilc, &cmd);
+	ret = wilc_sdio_cmd52(wilc, &cmd);
+	if (ret) {
+		dev_err(&func->dev, "Fail cmd 52, interrupt data register...\n");
+		return ret;
+	}
 	tmp = cmd.data;
 
 	cmd.address = WILC_SDIO_INTERRUPT_DATA_SZ_REG + 1;
 	cmd.data = 0;
-	wilc_sdio_cmd52(wilc, &cmd);
+	ret = wilc_sdio_cmd52(wilc, &cmd);
+	if (ret) {
+		dev_err(&func->dev, "Fail cmd 52, interrupt data register...\n");
+		return ret;
+	}
 	tmp |= (cmd.data << 8);
 
 	*size = tmp;
-- 
2.42.0.windows.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ