From: Jhih-Ming Huang > Sent: 21 June 2021 09:19 > > This patch fixes the sparse warning of fix cast to restricted __le32. > > There was a change for replacing private CRC-32 routines with in kernel > ones. > However, the author used le32_to_cpu to convert crc32_le(), and we > should cpu_to_le32. > > Ths commit also fixes the payload checking by memcmp instead of checking element > by element and removes the unused variable. ... > diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c > b/drivers/staging/rtl8723bs/core/rtw_security.c > index a99f439328f1..8dc6a976b487 100644 > --- a/drivers/staging/rtl8723bs/core/rtw_security.c > +++ b/drivers/staging/rtl8723bs/core/rtw_security.c ... > @@ -537,7 +532,7 @@ u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe) > u32 pnh; > u8 rc4key[16]; > u8 ttkey[16]; > - u8 crc[4]; > + __le32 crc; > signed int length; > > u8 *pframe, *payload, *iv, *prwskey; > @@ -618,10 +613,9 @@ u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe) > arc4_setkey(ctx, rc4key, 16); > arc4_crypt(ctx, payload, payload, length); > > - *((u32 *)crc) = le32_to_cpu(~crc32_le(~0, payload, length - 4)); > + crc = cpu_to_le32(~crc32_le(~0, payload, length - 4)); > > - if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] || > - crc[1] != payload[length - 3] || crc[0] != payload[length - 4]) > + if (memcmp(&crc, payload + length - 4, 4) != 0) Shouldn't this be using (IIRC) get_unaligned_le32() ? David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
