Hi Dan,
On 11/02/20 12:21 pm, Dan Carpenter wrote:
> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
>
> On Mon, Feb 10, 2020 at 06:36:01PM +0000, Ajay.Kathat@xxxxxxxxxxxxx wrote:
>> + if (sta_ch == WILC_INVALID_CHANNEL)
>> + return;
>>
>> while (index < len) {
>
> This range checking was there in the original code, but it's not
> correct. index and len are in terms of bytes so we know that we can
> read one byte from &buf[index] but we are reading a wilc_attr_entry
> struct which is larger than a type. The struct is actually flexibly
> sized so this should be something like:
>
> while (index + sizeof(struct wilc_attr_entry) <= len) {
> e = (struct wilc_attr_entry *)&buf[index];
> if (index + sizeof(struct wilc_attr_entry) +
> le16_to_cpu(e->attr_len) > len)
> break;
>
Agree. I will correct the 'while' loop condition and submit the v2 patch
series.
Regards,
Ajay
