I was looking at how TOTAL_CAM_ENTRY is used and I saw this code. We
print an error but continue writing "EntryNo" to a register as if it
were valid. "EntryNo" is controlled by the user in rtl8192_ioctl() so
it definitely can be invalid. I'm not positive what happens with the
invalid data but it can't be good.
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
diff --git a/drivers/staging/rtl8192e/rtl8192e/rtl_cam.c b/drivers/staging/rtl8192e/rtl8192e/rtl_cam.c
index c146b7e..29dd93a 100644
--- a/drivers/staging/rtl8192e/rtl8192e/rtl_cam.c
+++ b/drivers/staging/rtl8192e/rtl8192e/rtl_cam.c
@@ -117,8 +117,10 @@ void rtl92e_set_key(struct net_device *dev, u8 EntryNo, u8 KeyIndex,
}
}
priv->rtllib->is_set_key = true;
- if (EntryNo >= TOTAL_CAM_ENTRY)
+ if (EntryNo >= TOTAL_CAM_ENTRY) {
netdev_info(dev, "%s(): Invalid CAM entry\n", __func__);
+ return;
+ }
RT_TRACE(COMP_SEC,
"====>to rtl92e_set_key(), dev:%p, EntryNo:%d, KeyIndex:%d,KeyType:%d, MacAddr %pM\n",
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
