Search Linux Wireless

Re: [PATCH] mwifiex: Fix divide error in mwifiex_usb_dnld_fw

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 18, 2021 at 9:04 PM Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote:
> On 10/18/21 8:31 PM, Wan Jiabing wrote:
> > --- a/drivers/net/wireless/marvell/mwifiex/usb.c
> > +++ b/drivers/net/wireless/marvell/mwifiex/usb.c
> > @@ -693,7 +693,7 @@ static int mwifiex_write_data_sync(struct mwifiex_adapter *adapter, u8 *pbuf,
> >       struct usb_card_rec *card = adapter->card;
> >       int actual_length, ret;
> >
> > -     if (!(*len % card->bulk_out_maxpktsize))
> > +     if (card->bulk_out_maxpktsize && !(*len % card->bulk_out_maxpktsize))
>
>
> Are you sure this fix is not working around the real bug ?
>
> In which cases bulk_out_maxpktsize would be zero ?
>
> If this is a valid case, this needs to be explained in the changelog.

I'm with Eric here. This was a bug reported by a fuzzer, which throws
invalid input at the driver. The right answer is likely that we should
reject such invalid input when we receive it -- i.e., we should fail
to probe() the device if it has invalid capabilities. In particular,
we should fail to probe if wMaxPacketSize==0.

I was thinking of sending such a patch myself, but I don't have any
USB mwifiex hardware to test, so I deferred. It's probably pretty low
risk anyway, though.

Brian



[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux