On Tue, 2023-04-18 at 15:25 +0200, Hans de Goede wrote: > A received TKIP key may be up to 32 bytes because it may contain > MIC rx/tx keys too. These are not used by iwl and copying these > over overflows the iwl_keyinfo.key field. Thanks for doing (and more importantly testing) this :) > - memcpy(sta_cmd.key.key, keyconf->key, keyconf->keylen); > + /* keyconf may contain MIC rx/tx keys which iwl does not use */ > + to_copy = min_t(size_t, sizeof(sta_cmd.key.key), keyconf->keylen); > + memcpy(sta_cmd.key.key, keyconf->key, to_copy); > I'd kind of argue that just hardcoding 16 is fine here, keylen _looks_ variable so the compiler can't optimize it away, but in reality keylen always must be 32 and sizeof() must be always 16 :) But it also really doesn't matter. Reviewed-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx> Should we Cc stable on this? johannes
