On Thu, Nov 29, 2018 at 05:38:37PM -0500, Alexander Aring wrote: > This patch fixes a off-by-one mistake in nla_parse_nested() functions of > mac802154_hwsim driver. I had to enabled stack protector so I was able > to reproduce it. > > Reference: https://github.com/linux-wpan/wpan-tools/issues/17 > > Signed-off-by: Alexander Aring <aring@xxxxxxxxxxxx> > --- > drivers/net/ieee802154/mac802154_hwsim.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/ieee802154/mac802154_hwsim.c b/drivers/net/ieee802154/mac802154_hwsim.c > index bf70ab892e69..fbcbf55ce744 100644 > --- a/drivers/net/ieee802154/mac802154_hwsim.c > +++ b/drivers/net/ieee802154/mac802154_hwsim.c > @@ -500,7 +500,7 @@ static int hwsim_del_edge_nl(struct sk_buff *msg, struct genl_info *info) > !info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE]) > return -EINVAL; > > - if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX + 1, > + if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX, > info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE], > hwsim_edge_policy, NULL)) > return -EINVAL; > @@ -543,6 +543,7 @@ static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info) > struct hwsim_edge_info *einfo; > struct hwsim_phy *phy_v0; > struct hwsim_edge *e; > + grml, I will fix that... - Alex
