| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Apr 2020 15:40:23 +0200
From: Jerome Pouiller <Jerome.Pouiller@...abs.com>
To: devel@...verdev.osuosl.org, linux-wireless@...r.kernel.org
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Kalle Valo <kvalo@...eaurora.org>,
"David S . Miller" <davem@...emloft.net>,
Jérôme Pouiller
<jerome.pouiller@...abs.com>
Subject: [PATCH 09/17] staging: wfx: fix overflow in frame counters
From: Jérôme Pouiller <jerome.pouiller@...abs.com>
It has been reported that trying to send small packets of data could
produce a "inconsistent notification" warning.
It seems that in some circumstances, the number of frame queued in the
driver could greatly increase and exceed UCHAR_MAX. So the field
"buffered" from struct sta_priv can overflow.
Just increase the size of "bueffered" to fix the problem.
Fixes: 7d2d2bfdeb82 ("staging: wfx: relocate "buffered" information to sta_priv")
Signed-off-by: Jérôme Pouiller <jerome.pouiller@...abs.com>
---
drivers/staging/wfx/sta.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/wfx/sta.h b/drivers/staging/wfx/sta.h
index f7e876d1b031..a0e025c18341 100644
--- a/drivers/staging/wfx/sta.h
+++ b/drivers/staging/wfx/sta.h
@@ -18,7 +18,7 @@ struct wfx_vif;
struct wfx_sta_priv {
int link_id;
int vif_id;
- u8 buffered[IEEE80211_NUM_TIDS];
+ int buffered[IEEE80211_NUM_TIDS];
// Ensure atomicity of "buffered" and calls to ieee80211_sta_set_buffered()
spinlock_t lock;
};
--
2.26.1
Powered by blists - more mailing lists