Search Linux Wireless

Re: [RFC] wifi: mwifiex: Asking for some light on this, please :)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Make the mwifiex_dbg() into a warning though. This is an error
condition and shouldn't be hidden.

                  mwifiex_dbg(priv->adapter, INFO,
                              "%pM tid=%d seq_num=%d bitmap_len=%d\n",
                              tlv_rxba->mac, tlv_rxba->tid, tlv_seq_num,

I wanted to used `sizeof(*tlv_rxba) + tlv_bitmap_len` here instead of
`sizeof(tlv_rxba->header) + tlv_len` to avoid any issues in case there
is any (buggy) discrepancy between `tlv_len` and `tlv_bitmap_len`.
This is when for some (weird) reason
         `tlv_len - (sizeof(*tlv_rxba) - sizeof(tlv_rxba->header)) != tlv_bitmap_len`

tlv_len absolutely should also be checked. But you don't need that
condition, just do the same thing right after tlv_len is retrieved from
the header:

if (sizeof(tlv_rxba->header) + tlv_len > tlv_buf_left) {
     <warn>
     return;
}


Thanks for all the feedback, Dan:

https://lore.kernel.org/linux-hardening/cover.1692931954.git.gustavoars@xxxxxxxxxx/

--
Gustavo



[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux