Re: [patch 1/4] rndis_wlan: integer overflows in rndis_wlan_do_link_up_work()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Feb 29, 2012 at 09:21:29AM +0100, walter harms wrote:
> >  			resp_ie_len = le32_to_cpu(info->resp_ie_length);
> > +			if (resp_ie_len > CONTROL_BUFFER_SIZE)
> > +				resp_ie_len = CONTROL_BUFFER_SIZE;
> >  			if (resp_ie_len > 0) {
> >  				offset = le32_to_cpu(info->offset_resp_ies);
> > 
> 
> 
> hi dan,
> the check below  "if (resp_ie_len > 0)" looks strange for an unsigned.
> 

Good point.  I'll resend.

regards,
dan carpenter

Attachment: signature.asc
Description: Digital signature


[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux