From: Kalle Valo <kvalo@codeaurora.org>
To: Kevin Cernekee <cernekee@chromium.org>
Cc: arend.vanspriel@broadcom.com, franky.lin@broadcom.com,
brcm80211-dev-list.pdl@broadcom.com,
linux-wireless@vger.kernel.org, mnissler@chromium.org
Subject: Re: [V3,1/3] brcmfmac: Avoid possible out-of-bounds read
Date: Mon, 2 Oct 2017 14:07:56 +0000 (UTC) [thread overview]
Message-ID: <20171002140756.7086460B72@smtp.codeaurora.org> (raw)
In-Reply-To: <20170917040824.22237-1-cernekee@chromium.org>
Kevin Cernekee <cernekee@chromium.org> wrote:
> In brcmf_p2p_notify_rx_mgmt_p2p_probereq(), chanspec is assigned before
> the length of rxframe is validated. This could lead to uninitialized
> data being accessed (but not printed). Since we already have a
> perfectly good endian-swapped copy of rxframe->chanspec in ch.chspec,
> and ch.chspec is not modified by decchspec(), avoid the extra
> assignment and use ch.chspec in the debug print.
>
> Suggested-by: Mattias Nissler <mnissler@chromium.org>
> Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
> Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2 patches applied to wireless-drivers-next.git, thanks.
73f2c8e933b1 brcmfmac: Avoid possible out-of-bounds read
a7c9acc452b2 brcmfmac: Delete redundant length check
--
https://patchwork.kernel.org/patch/9954603/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
prev parent reply other threads:[~2017-10-02 14:07 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-17 4:08 [PATCH V3 1/3] brcmfmac: Avoid possible out-of-bounds read Kevin Cernekee
2017-09-17 4:08 ` [PATCH V3 2/3] brcmfmac: Delete redundant length check Kevin Cernekee
2017-09-17 4:08 ` [PATCH V3 3/3] brcmfmac: Add check for short event packets Kevin Cernekee
2017-10-02 12:46 ` [V3,3/3] " Kalle Valo
2017-10-02 13:51 ` Kalle Valo
2017-10-02 14:07 ` Kalle Valo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171002140756.7086460B72@smtp.codeaurora.org \
--to=kvalo@codeaurora.org \
--cc=arend.vanspriel@broadcom.com \
--cc=brcm80211-dev-list.pdl@broadcom.com \
--cc=cernekee@chromium.org \
--cc=franky.lin@broadcom.com \
--cc=linux-wireless@vger.kernel.org \
--cc=mnissler@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.