On 11/24/2012 02:16 PM, Dan Carpenter wrote:
Hello Larry Finger,
The patch 2865d42c78a9: "staging: r8712u: Add the new driver to the
mainline kernel" from Aug 20, 2010, leads to the following warning:
drivers/staging/rtl8712/mlme_linux.c:161 r8712_report_sec_ie()
error: buffer overflow 'sec_ie' 255 <= 255
drivers/staging/rtl8712/mlme_linux.c
158 len = sec_ie[1] + 2;
159 len = (len < IW_CUSTOM_MAX) ? len : IW_CUSTOM_MAX;
^^^^^^^^^^^^^
We set len to 256 here.
160 for (i = 0; i < len; i++)
161 p += sprintf(p, "%02x", sec_ie[i]);
^^^^^^
sec_ie[] comes from r8712_restruct_sec_ie() and it is only 255 bytes so
we are reading one past the end of the array.
162 p += sprintf(p, ")");
regards,
Dan,
Thanks for the heads-up.
Larry
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
