Hi, On 4/18/23 16:43, Johannes Berg wrote: > On Tue, 2023-04-18 at 15:25 +0200, Hans de Goede wrote: >> A received TKIP key may be up to 32 bytes because it may contain >> MIC rx/tx keys too. These are not used by iwl and copying these >> over overflows the iwl_keyinfo.key field. > > Thanks for doing (and more importantly testing) this :) > >> - memcpy(sta_cmd.key.key, keyconf->key, keyconf->keylen); >> + /* keyconf may contain MIC rx/tx keys which iwl does not use */ >> + to_copy = min_t(size_t, sizeof(sta_cmd.key.key), keyconf->keylen); >> + memcpy(sta_cmd.key.key, keyconf->key, to_copy); >> > > I'd kind of argue that just hardcoding 16 is fine here, keylen _looks_ > variable so the compiler can't optimize it away, but in reality keylen > always must be 32 and sizeof() must be always 16 :) It is not just the compiler to whom keylen _looks_ variable, so to be safe I went with the min_t() check. I think this also makes the code easier to understand for future readers of the code. > But it also really doesn't matter. > > Reviewed-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx> Thanks. > Should we Cc stable on this? Yes I think so. I did not add the tag because some subsystems want that to be left up to the maintainer. Regards, Hans
