Search Linux Wireless

Re: [PATCH 3/3] staging: wilc1000: refactor p2p action frames handling API's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Dan,

On 11/02/20 12:21 pm, Dan Carpenter wrote:
> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
> 
> On Mon, Feb 10, 2020 at 06:36:01PM +0000, Ajay.Kathat@xxxxxxxxxxxxx wrote:
>> +     if (sta_ch == WILC_INVALID_CHANNEL)
>> +             return;
>>
>>       while (index < len) {
> 
> This range checking was there in the original code, but it's not
> correct.  index and len are in terms of bytes so we know that we can
> read one byte from &buf[index] but we are reading a wilc_attr_entry
> struct which is larger than a type.  The struct is actually flexibly
> sized so this should be something like:
> 
>         while (index + sizeof(struct wilc_attr_entry) <= len) {
>                 e = (struct wilc_attr_entry *)&buf[index];
>                 if (index + sizeof(struct wilc_attr_entry) +
>                     le16_to_cpu(e->attr_len) > len)
>                         break;
> 

Agree. I will correct the 'while' loop condition and submit the v2 patch
series.

Regards,
Ajay




[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux