On 09.05.2018 22:17, Ajay Singh wrote: > On Wed, 9 May 2018 16:42:59 +0300 > Claudiu Beznea <Claudiu.Beznea@xxxxxxxxxxxxx> wrote: > >> On 07.05.2018 11:43, Ajay Singh wrote: >>> Use kmemdup instead of kmalloc & memcpy in add_network_to_shadow(). >>> >>> Signed-off-by: Ajay Singh <ajay.kathat@xxxxxxxxxxxxx> >>> --- >>> drivers/staging/wilc1000/wilc_wfi_cfgoperations.c | 4 ++-- >>> 1 file changed, 2 insertions(+), 2 deletions(-) >>> >>> diff --git a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c >>> b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c index >>> 0ae2065..ca221f1 100644 --- >>> a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c +++ >>> b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c @@ -331,8 >>> +331,8 @@ static void add_network_to_shadow(struct network_info >>> *nw_info, shadow_nw_info->tsf_hi = nw_info->tsf_hi; if (ap_found != >>> -1) kfree(shadow_nw_info->ies); >>> - shadow_nw_info->ies = kmalloc(nw_info->ies_len, >>> GFP_KERNEL); >>> - memcpy(shadow_nw_info->ies, nw_info->ies, >>> nw_info->ies_len); >>> + shadow_nw_info->ies = kmemdup(nw_info->ies, >>> nw_info->ies_len, >>> + GFP_KERNEL); >> >> Maybe, in case of NULL, you will want to set ies_len = 0 ? > > > I couldn't find code where 'ies_len' is check to validity of data. > Mostly we use NULL check for "ies" pointer for data > validity.So in my opinion setting it to zero would be > irrelevant. I'm seeing this in refresh_scan(): network_info = &last_scanned_shadow[i]; if (!memcmp("DIRECT-", network_info->ssid, 7) && !direct_scan) continue; freq = ieee80211_channel_to_frequency((s32)network_info->ch, NL80211_BAND_2GHZ); channel = ieee80211_get_channel(wiphy, freq); rssi = get_rssi_avg(network_info); bss = cfg80211_inform_bss(wiphy, channel, CFG80211_BSS_FTYPE_UNKNOWN, network_info->bssid, network_info->tsf_hi, network_info->cap_info, network_info->beacon_period, (const u8 *)network_info->ies, (size_t)network_info->ies_len, (s32)rssi * 100, GFP_KERNEL); Looking further into cfg80211_inform_bss(): -> cfg80211_inform_bss_data() -> cfg80211_get_bss_channel() -> cfg80211_find_ie() -> cfg80211_find_ie_match(): while (len >= 2 && len >= ies[1] + 2) { if ((ies[0] == eid) && (ies[1] + 2 >= match_offset + match_len) && !memcmp(ies + match_offset, match, match_len)) return ies; len -= ies[1] + 2; ies += ies[1] + 2; } > > >> >>> shadow_nw_info->time_scan = jiffies; >>> shadow_nw_info->time_scan_cached = jiffies; >>> shadow_nw_info->found = 1; >>> > > > Regards, > Ajay > >