| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <514f4e102c3cbbd59f4ba0805b091b36@codeaurora.org>
Date: Mon, 15 Apr 2019 20:24:10 +0300
From: merez@...eaurora.org
To: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
Cc: Kalle Valo <kvalo@...eaurora.org>,
"David S. Miller" <davem@...emloft.net>,
Vladimir Kondratiev <qca_vkondrat@....qualcomm.com>,
linux-wireless@...r.kernel.org, wil6210@....qualcomm.com,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-wireless-owner@...r.kernel.org
Subject: Re: [PATCH] wil6210: fix potential out-of-bounds read
On 2019-04-15 17:56, Gustavo A. R. Silva wrote:
> Notice that *rc* can evaluate to up to 5, include/linux/netdevice.h:
>
> enum gro_result {
> GRO_MERGED,
> GRO_MERGED_FREE,
> GRO_HELD,
> GRO_NORMAL,
> GRO_DROP,
> GRO_CONSUMED,
> };
> typedef enum gro_result gro_result_t;
>
> In case *rc* evaluates to 5, we end up having an out-of-bounds read
> at drivers/net/wireless/ath/wil6210/txrx.c:821:
>
> wil_dbg_txrx(wil, "Rx complete %d bytes => %s\n",
> len, gro_res_str[rc]);
>
> Fix this by adding element "GRO_CONSUMED" to array gro_res_str.
>
> Addresses-Coverity-ID: 1444666 ("Out-of-bounds read")
> Fixes: 194b482b5055 ("wil6210: Debug print GRO Rx result")
> Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
> ---
> drivers/net/wireless/ath/wil6210/txrx.c | 1 +
> 1 file changed, 1 insertion(+)
Reviewed-by: Maya Erez <merez@...eaurora.org>
--
Maya Erez
Qualcomm Israel, Inc. on behalf of Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a
Linux Foundation Collaborative Project
Powered by blists - more mailing lists