On Fri, 2019-03-15 at 17:38 +0200, Luca Coelho wrote: > From: Luca Coelho <luciano.coelho@xxxxxxxxx> > > It is generally safer to copy the length of the destination instead of > the length of the source, because if the sizes don't match, it's > usually better to leak some data from the source than to write data > out of bounds in the destination. > > Signed-off-by: Luca Coelho <luciano.coelho@xxxxxxxxx> > --- > net/wireless/nl80211.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c > index 25a9e3b5c154..239be0e2f9e1 100644 > --- a/net/wireless/nl80211.c > +++ b/net/wireless/nl80211.c > @@ -8061,7 +8061,7 @@ static int nl80211_notify_radar_detection(struct sk_buff *skb, > > cfg80211_sched_dfs_chan_update(rdev); > > - memcpy(&rdev->radar_chandef, &chandef, sizeof(chandef)); > + memcpy(&rdev->radar_chandef, &chandef, sizeof(rdev->radar_chandef)); I think we're better off doing a struct assignment here. johannes
