lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 04 Jul 2019 10:53:09 +0300 From: merez@...eaurora.org To: Colin King <colin.king@...onical.com> Cc: Kalle Valo <kvalo@...eaurora.org>, "David S . Miller" <davem@...emloft.net>, linux-wireless@...r.kernel.org, wil6210@....qualcomm.com, netdev@...r.kernel.org, kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH][next] wil6210: fix wil_cid_valid with negative cid values On 2019-07-02 17:40, Colin King wrote: > From: Colin Ian King <colin.king@...onical.com> > > There are several occasions where a negative cid value is passed > into wil_cid_valid and this is converted into a u8 causing the > range check of cid >= 0 to always succeed. Fix this by making > the cid argument an int to handle any -ve error value of cid. > > An example of this behaviour is in wil_cfg80211_dump_station, > where cid is assigned -ENOENT if the call to wil_find_cid_by_idx > fails, and this -ve value is passed to wil_cid_valid. I believe > that the conversion of -ENOENT to the u8 value 254 which is > greater than wil->max_assoc_sta causes wil_find_cid_by_idx to > currently work fine, but I think is by luck and not the > intended behaviour. > > Signed-off-by: Colin Ian King <colin.king@...onical.com> > --- > drivers/net/wireless/ath/wil6210/wil6210.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/net/wireless/ath/wil6210/wil6210.h > b/drivers/net/wireless/ath/wil6210/wil6210.h > index 6f456b311a39..25a1adcb38eb 100644 > --- a/drivers/net/wireless/ath/wil6210/wil6210.h > +++ b/drivers/net/wireless/ath/wil6210/wil6210.h > @@ -1144,7 +1144,7 @@ static inline void wil_c(struct wil6210_priv > *wil, u32 reg, u32 val) > /** > * wil_cid_valid - check cid is valid > */ > -static inline bool wil_cid_valid(struct wil6210_priv *wil, u8 cid) > +static inline bool wil_cid_valid(struct wil6210_priv *wil, int cid) > { > return (cid >= 0 && cid < wil->max_assoc_sta); > } Reviewed-by: Maya Erez <merez@...eaurora.org> -- Maya Erez Qualcomm Israel, Inc. on behalf of Qualcomm Innovation Center, Inc. The Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project
Powered by blists - more mailing lists