All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Stanislav Yakovlev <stas.yakovlev@gmail.com>
Cc: linux-wireless@vger.kernel.org
Subject: re: [PATCH] Check ieee80211softmac_auth_resp kmalloc result
Date: Thu, 2 Oct 2014 21:16:08 +0300	[thread overview]
Message-ID: <20141002181608.GA24110@mwanda> (raw)

Hello,

I've written a new kind of Smatch check that generates this warning:

	drivers/net/wireless/ipw2x00/libipw_rx.c:1303 libipw_parse_info_param()
	warn: potentially allocating too little.

drivers/net/wireless/ipw2x00/libipw_rx.c
  1300                  case WLAN_EID_IBSS_DFS:
  1301                          if (network->ibss_dfs)
  1302                                  break;
  1303                          network->ibss_dfs = kmemdup(info_element->data,
  1304                                                      info_element->len,

The problem is that smatch marks "info_element->len" as untrusted data
because it comes from skb->data.  "network->ibss_dfs" is a 9 character
struct.  We're not necessarily allocating enough space for that.

So far as I can see this is harmless because we never use ->ibss_dfs
and we should just delete it along with all the related code?

  1305                                                      GFP_ATOMIC);
  1306                          if (!network->ibss_dfs)
  1307                                  return 1;
  1308                          network->flags |= NETWORK_HAS_IBSS_DFS;
  1309                          break;

regards,
dan carpenter

             reply	other threads:[~2014-10-02 18:16 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-02 18:16 Dan Carpenter [this message]
2014-10-06 18:17 ` [PATCH] Check ieee80211softmac_auth_resp kmalloc result Stanislav Yakovlev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20141002181608.GA24110@mwanda \
    --to=dan.carpenter@oracle.com \
    --cc=linux-wireless@vger.kernel.org \
    --cc=stas.yakovlev@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.