| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9ff30f03-07f1-0abd-8c57-2601af546de0@canonical.com>
Date: Tue, 31 Jul 2018 12:27:54 +0100
From: Colin Ian King <colin.king@...onical.com>
To: Haim Dreyfuss <haim.dreyfuss@...el.com>,
"David S. Miller" <davem@...emloft.net>,
Johannes Berg <johannes@...solutions.net>,
netdev@...r.kernel.org,
"linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: re: [PATCH] cfg80211: read wmm rules from regulatory database
Hi Haim,
I think there may be an issue with the commit:
>From 230ebaa189af44d50dccb4a1846e39ca594e347b Mon Sep 17 00:00:00 2001
From: Haim Dreyfuss <haim.dreyfuss@...el.com>
Date: Wed, 28 Mar 2018 13:24:09 +0300
Subject: [PATCH] cfg80211: read wmm rules from regulatory database
specifically in function: reg_copy_regd()
+ for (i = 0; i < src_regd->n_reg_rules; i++) {
memcpy(®d->reg_rules[i], &src_regd->reg_rules[i],
sizeof(struct ieee80211_reg_rule));
+ if (!src_regd->reg_rules[i].wmm_rule)
+ continue;
+ regd->reg_rules[i].wmm_rule = d_wmm +
+ (src_regd->reg_rules[i].wmm_rule - s_wmm) /
+ sizeof(struct ieee80211_wmm_rule);
+ }
The pointer arithmetic (src_regd->reg_rules[i].wmm_rule - s_wmm) is
performed in terms of the size of struct ieee80211_wmm_rule and not in
bytes and I believe that the division by sizeof(struct
ieee80211_wmm_rule) is not required.
This issue was detected by static analysis with Coverity Scan,
CID#1467451 ("Extra sizeof expression"), 'suspicious_division'
I'm not 100% sure that is this a false positive or not, but I think it
looks incorrect to me.
Colin
Powered by blists - more mailing lists