| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aXG8YWkFlfiOSSHD@stanley.mountain>
Date: Thu, 22 Jan 2026 08:57:53 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Minu Jin <s9430939@...er.com>
Cc: gregkh@...uxfoundation.org, andriy.shevchenko@...ux.intel.com,
abrahamadekunle50@...il.com, zxcv2569763104@...il.com,
milospuric856@...il.com, karanja99erick@...il.com,
weibu@...admin.org, linux-staging@...ts.linux.dev,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 3/3] staging: rtl8723bs: prevent partial reads in
_rtw_pktfile_read
On Thu, Jan 22, 2026 at 01:14:50PM +0900, Minu Jin wrote:
> The current implementation of _rtw_pktfile_read() allows reading less
> data than requested if there isn't enough data remaining.
>
> This is problematic because callers usually request a fixed size (like
> a header size) and expect that full amount. Reading only part of the
> data means the caller gets incomplete information, which can lead to
> errors in packet processing.
>
> To fix this, update the function to:
> 1. Return -EINVAL if the remaining data is smaller than the requested
> length.
> 2. Check the return value of skb_copy_bits() and propagate errors.
> 3. Only update the internal pointers (cur_addr, pkt_len) if the read
> is fully successful.
>
> Callers have already been updated in previous patches to handle these
> negative error codes.
>
> Signed-off-by: Minu Jin <s9430939@...er.com>
> ---
> drivers/staging/rtl8723bs/os_dep/xmit_linux.c | 13 ++++++-------
> 1 file changed, 6 insertions(+), 7 deletions(-)
>
> diff --git a/drivers/staging/rtl8723bs/os_dep/xmit_linux.c b/drivers/staging/rtl8723bs/os_dep/xmit_linux.c
> index ea54a573e025..72cf8cd5f7c6 100644
> --- a/drivers/staging/rtl8723bs/os_dep/xmit_linux.c
> +++ b/drivers/staging/rtl8723bs/os_dep/xmit_linux.c
> @@ -23,21 +23,20 @@ void _rtw_open_pktfile(struct sk_buff *pktptr, struct pkt_file *pfile)
>
> int _rtw_pktfile_read(struct pkt_file *pfile, u8 *rmem, unsigned int rlen)
> {
> - unsigned int len;
> int ret;
>
> - len = rtw_remainder_len(pfile);
> - len = (rlen > len) ? len : rlen;
The rest of this looks okay. But just drop patch 1 since you
delete the len variable in the end anyway. Leave the type alone and
leave the whitespace alone. Your subjects are too vague.
patch 1: update _rtw_pktfile_read() to return error codes
patch 2: clean up _rtw_pktfile_read()
regards,
dan carpenter
Powered by blists - more mailing lists