From: Johannes Berg <johannes@sipsolutions.net>
To: linux-wireless@vger.kernel.org
Subject: Re: [PATCH 01/24] regulatory: don't write past array when intersecting rules
Date: Mon, 10 Dec 2012 22:55:25 +0100 [thread overview]
Message-ID: <1355176525.8083.19.camel@jlt4.sipsolutions.net> (raw)
In-Reply-To: <1354812468-15709-2-git-send-email-johannes@sipsolutions.net> (sfid-20121206_174803_199203_E3EBF5F7)
On Thu, 2012-12-06 at 17:47 +0100, Johannes Berg wrote:
> From: Johannes Berg <johannes.berg@intel.com>
>
> When intersecting rules, we count first to know how many
> rules need to be allocated, and then do the intersection
> into the allocated array. However, the code doing this
> writes past the end of the array because it attempts to
> do all intersections. Make it stop when the right number
> of rules has been reached.
>
> Cc: stable@vger.kernel.org
> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
FWIW, since we currently allocate enough memory here to actually write
past the end of the intended array, I've decided to remove the stable
tag. It doesn't really fix anything -- with the next patch it fixes the
allocation to not be too large, but that doesn't really need to go to
stable.
johannes
next prev parent reply other threads:[~2012-12-10 21:55 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-06 16:47 [PATCH 00/24] regulatory fixes, cleanups & improvements Johannes Berg
2012-12-06 16:47 ` [PATCH 01/24] regulatory: don't write past array when intersecting rules Johannes Berg
2012-12-06 23:43 ` Luis R. Rodriguez
2012-12-07 7:53 ` Johannes Berg
2012-12-10 21:55 ` Johannes Berg [this message]
2012-12-12 1:08 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 02/24] regulatory: don't allocate too much memory Johannes Berg
2012-12-06 23:47 ` Luis R. Rodriguez
2012-12-07 7:54 ` Johannes Berg
2012-12-06 16:47 ` [PATCH 03/24] regulatory: clean up regdom_intersect Johannes Berg
2012-12-06 23:55 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 04/24] regulatory: clean up reg_copy_regd() Johannes Berg
2012-12-06 23:59 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 05/24] regulatory: don't test list before iterating Johannes Berg
2012-12-07 0:02 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 06/24] regulatory: simplify regulatory_hint_11d Johannes Berg
2012-12-07 0:10 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 07/24] regulatory: code cleanup Johannes Berg
2012-12-07 0:11 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 08/24] regulatory: remove useless locking on exit Johannes Berg
2012-12-07 0:16 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 09/24] regulatory: use proper enum for return values Johannes Berg
2012-12-07 0:20 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 10/24] cfg80211: remove wiphy_idx_valid Johannes Berg
2012-12-07 0:34 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 11/24] regulatory: remove BUG_ON Johannes Berg
2012-12-07 0:39 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 12/24] regulatory: simplify restore_regulatory_settings Johannes Berg
2012-12-07 0:53 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 13/24] regulatory: remove redundant isalpha() check Johannes Berg
2012-12-07 0:54 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 14/24] regulatory: remove useless warning Johannes Berg
2012-12-07 0:55 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 15/24] regulatory: simplify freq_reg_info_regd Johannes Berg
2012-12-07 1:02 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 16/24] regulatory: clarify locking rules and assertions Johannes Berg
2012-12-07 23:11 ` Luis R. Rodriguez
2012-12-07 23:16 ` Johannes Berg
2012-12-13 20:57 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 17/24] regulatory: remove locking from wiphy_apply_custom_regulatory Johannes Berg
2012-12-13 21:56 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 18/24] regulatory: fix reg_is_valid_request handling Johannes Berg
2012-12-13 21:27 ` Luis R. Rodriguez
2012-12-13 21:35 ` Johannes Berg
2012-12-13 22:00 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 19/24] regulatory: remove handling of channel bandwidth Johannes Berg
2012-12-13 22:11 ` Luis R. Rodriguez
2012-12-14 10:35 ` Johannes Berg
2012-12-14 10:36 ` Johannes Berg
2012-12-06 16:47 ` [PATCH 20/24] regulatory: fix memory leak Johannes Berg
2012-12-13 21:35 ` Luis R. Rodriguez
2012-12-13 21:37 ` Johannes Berg
2012-12-06 16:47 ` [PATCH 21/24] regulatory: pass new regdomain to reset function Johannes Berg
2012-12-13 21:42 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 22/24] regulatory: use RCU to protect global and wiphy regdomains Johannes Berg
2012-12-10 17:05 ` Johannes Berg
2012-12-13 21:54 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 23/24] regulatory: use RCU to protect last_request Johannes Berg
2012-12-13 22:07 ` Luis R. Rodriguez
2012-12-06 16:47 ` [PATCH 24/24] regulatory: use IS_ERR macro family for freq_reg_info Johannes Berg
2012-12-13 22:10 ` Luis R. Rodriguez
2012-12-20 11:15 ` [PATCH 00/24] regulatory fixes, cleanups & improvements Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1355176525.8083.19.camel@jlt4.sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.