Re: [PATCH 4/6][next] hostap: Avoid clashing function prototypes

Kees Cook <keescook@xxxxxxxxxxxx> · Mon, 17 Oct 2022 19:48:17 -0700

On Mon, Oct 17, 2022 at 03:35:33PM -0500, Gustavo A. R. Silva wrote:
> [...]
> @@ -2885,7 +2915,7 @@ static int prism2_ioctl_priv_monitor(struct net_device *dev, int *i)
>  	struct hostap_interface *iface;
>  	local_info_t *local;
>  	int ret = 0;
> -	u32 mode;
> +	union iwreq_data wrqu;
>  
>  	iface = netdev_priv(dev);
>  	local = iface->local;
> @@ -2899,8 +2929,8 @@ static int prism2_ioctl_priv_monitor(struct net_device *dev, int *i)
>  	if (*i == 0) {
>  		/* Disable monitor mode - old mode was not saved, so go to
>  		 * Master mode */
> -		mode = IW_MODE_MASTER;
> -		ret = prism2_ioctl_siwmode(dev, NULL, &mode, NULL);
> +		wrqu.mode = IW_MODE_MASTER;
> +		ret = prism2_ioctl_siwmode(dev, NULL, &wrqu, NULL);
>  	} else if (*i == 1) {
>  		/* netlink socket mode is not supported anymore since it did
>  		 * not separate different devices from each other and was not
> @@ -2916,8 +2946,8 @@ static int prism2_ioctl_priv_monitor(struct net_device *dev, int *i)
>  			local->monitor_type = PRISM2_MONITOR_PRISM;
>  			break;
>  		}
> -		mode = IW_MODE_MONITOR;
> -		ret = prism2_ioctl_siwmode(dev, NULL, &mode, NULL);
> +		wrqu.mode = IW_MODE_MONITOR;
> +		ret = prism2_ioctl_siwmode(dev, NULL, &wrqu, NULL);
>  		hostap_monitor_mode_enable(local);
>  	} else
>  		ret = -EINVAL;

Ah, nice! Casts in the callers! :)

> [...]
> -static const iw_handler prism2_private_handler[] =
> -{							/* SIOCIWFIRSTPRIV + */
> -	(iw_handler) prism2_ioctl_priv_prism2_param,	/* 0 */
> -	(iw_handler) prism2_ioctl_priv_get_prism2_param, /* 1 */
> -	(iw_handler) prism2_ioctl_priv_writemif,	/* 2 */
> -	(iw_handler) prism2_ioctl_priv_readmif,		/* 3 */
> +static const iw_handler prism2_private_handler[] = {
> +	IW_HANDLER(SIOCIWFIRSTPRIV + 0, prism2_ioctl_priv_prism2_param),
> +	IW_HANDLER(SIOCIWFIRSTPRIV + 1, prism2_ioctl_priv_get_prism2_param),
> +	IW_HANDLER(SIOCIWFIRSTPRIV + 2, prism2_ioctl_priv_writemif),
> +	IW_HANDLER(SIOCIWFIRSTPRIV + 3, prism2_ioctl_priv_readmif),
>  };

These should stay as they were. Check the size of the data segment. :)

(It'd be nice if IW_HANDLER() actually checked for >=SIOCIWFIRSTPRIV,
and dropped it back to zero-index, but there's only a handful of
these...)

I think we're so used to examining only the .text segment we didn't
double-check the arrays we touched in the .data segment.

-- 
Kees Cook