Enforce the first argument to be a correct type of a pointer to struct element and avoid unnecessary typecasts from const to non-const pointers (the change in validate_ie_attr() is needed to make this part work). In addition, avoid signed/unsigned comparison within for_each_element() and mark struct element packed just in case. Signed-off-by: Jouni Malinen <j@xxxxx> --- include/linux/ieee80211.h | 18 +++++++++--------- net/wireless/nl80211.c | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h index 8da5ba9..8584c14 100644 --- a/include/linux/ieee80211.h +++ b/include/linux/ieee80211.h @@ -3284,16 +3284,16 @@ struct element { u8 id; u8 datalen; u8 data[]; -}; +} __packed; /* element iteration helpers */ -#define for_each_element(element, _data, _datalen) \ - for (element = (void *)(_data); \ - (u8 *)(_data) + (_datalen) - (u8 *)element >= \ - sizeof(*element) && \ - (u8 *)(_data) + (_datalen) - (u8 *)element >= \ - sizeof(*element) + element->datalen; \ - element = (void *)(element->data + element->datalen)) +#define for_each_element(_elem, _data, _datalen) \ + for (_elem = (const struct element *)(_data); \ + (const u8 *)(_data) + (_datalen) - (const u8 *)_elem >= \ + (int)sizeof(*_elem) && \ + (const u8 *)(_data) + (_datalen) - (const u8 *)_elem >= \ + (int)sizeof(*_elem) + _elem->datalen; \ + _elem = (const struct element *)(_elem->data + _elem->datalen)) #define for_each_element_id(element, _id, data, datalen) \ for_each_element(element, data, datalen) \ @@ -3330,7 +3330,7 @@ struct element { static inline bool for_each_element_completed(const struct element *element, const void *data, size_t datalen) { - return (u8 *)element == (u8 *)data + datalen; + return (const u8 *)element == (const u8 *)data + datalen; } #endif /* LINUX_IEEE80211_H */ diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 5d85f60..80878b4 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -205,7 +205,7 @@ static int validate_ie_attr(const struct nlattr *attr, { const u8 *data = nla_data(attr); unsigned int len = nla_len(attr); - struct element *elem; + const struct element *elem; for_each_element(elem, data, len) { /* nothing */ -- 2.7.4