| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b6cd3d69-12a4-693a-e48f-d769c79fc455@quicinc.com>
Date: Thu, 24 Feb 2022 15:35:07 -0800
From: Jeff Johnson <quic_jjohnson@...cinc.com>
To: "Gustavo A. R. Silva" <gustavoars@...nel.org>,
<linux-wireless@...r.kernel.org>, <linux-kernel@...r.kernel.org>
CC: Kalle Valo <kvalo@...nel.org>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, <netdev@...r.kernel.org>,
<linux-hardening@...r.kernel.org>
Subject: Re: [PATCH v2 2/6][next] ath6kl: wmi: Replace one-element array with
flexible-array member in struct wmi_start_scan_cmd
On 2/24/2022 1:16 PM, Gustavo A. R. Silva wrote:
> Replace one-element array with flexible-array member in struct
> wmi_start_scan_cmd. Also, make use of the struct_size() helper.
>
> This issue was found with the help of Coccinelle and audited and fixed,
> manually.
>
> Link: https://www.kernel.org/doc/html/v5.16/process/deprecated.html#zero-length-and-one-element-arrays
> Link: https://github.com/KSPP/linux/issues/79
> Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org>
> ---
> Changes in v2:
> - None.
>
> drivers/net/wireless/ath/ath6kl/wmi.c | 8 +-------
> drivers/net/wireless/ath/ath6kl/wmi.h | 2 +-
> 2 files changed, 2 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/net/wireless/ath/ath6kl/wmi.c b/drivers/net/wireless/ath/ath6kl/wmi.c
> index e1c950014f3e..bdfc057c5a82 100644
> --- a/drivers/net/wireless/ath/ath6kl/wmi.c
> +++ b/drivers/net/wireless/ath/ath6kl/wmi.c
> @@ -1959,21 +1959,15 @@ static int ath6kl_wmi_startscan_cmd(struct wmi *wmi, u8 if_idx,
> {
> struct sk_buff *skb;
> struct wmi_start_scan_cmd *sc;
> - s8 size;
> int i, ret;
>
> - size = sizeof(struct wmi_start_scan_cmd);
> -
> if ((scan_type != WMI_LONG_SCAN) && (scan_type != WMI_SHORT_SCAN))
> return -EINVAL;
>
> if (num_chan > WMI_MAX_CHANNELS)
> return -EINVAL;
>
> - if (num_chan)
> - size += sizeof(u16) * (num_chan - 1);
> -
> - skb = ath6kl_wmi_get_new_buf(size);
> + skb = ath6kl_wmi_get_new_buf(struct_size(sc, ch_list, num_chan));
> if (!skb)
> return -ENOMEM;
>
> diff --git a/drivers/net/wireless/ath/ath6kl/wmi.h b/drivers/net/wireless/ath/ath6kl/wmi.h
> index 322539ed9c12..9e168752bec2 100644
> --- a/drivers/net/wireless/ath/ath6kl/wmi.h
> +++ b/drivers/net/wireless/ath/ath6kl/wmi.h
> @@ -889,7 +889,7 @@ struct wmi_start_scan_cmd {
> u8 num_ch;
>
> /* channels in Mhz */
> - __le16 ch_list[1];
> + __le16 ch_list[];
> } __packed;
>
> /*
my e-mail client hung while reviewing v1, so now giving
Reviewed-by: Jeff Johnson <quic_jjohnson@...cinc.com>
Powered by blists - more mailing lists