From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Colin Ian King <colin.king@canonical.com>,
Dan Carpenter <dan.carpenter@oracle.com>,
"Sasha Levin (Microsoft)" <sashal@kernel.org>
Subject: [PATCH 4.9 19/32] staging: rtl8712: uninitialized memory in read_bbreg_hdl()
Date: Thu, 2 May 2019 17:21:05 +0200 [thread overview]
Message-ID: <20190502143320.447183085@linuxfoundation.org> (raw)
In-Reply-To: <20190502143314.649935114@linuxfoundation.org>
[ Upstream commit 22c971db7dd4b0ad8dd88e99c407f7a1f4231a2e ]
Colin King reported a bug in read_bbreg_hdl():
memcpy(pcmd->rsp, (u8 *)&val, pcmd->rspsz);
The problem is that "val" is uninitialized.
This code is obviously not useful, but so far as I can tell
"pcmd->cmdcode" is never GEN_CMD_CODE(_Read_BBREG) so it's not harmful
either. For now the easiest fix is to just call r8712_free_cmd_obj()
and return.
Fixes: 2865d42c78a9 ("staging: r8712u: Add the new driver to the mainline kernel")
Reported-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin (Microsoft) <sashal@kernel.org>
---
drivers/staging/rtl8712/rtl8712_cmd.c | 10 +---------
drivers/staging/rtl8712/rtl8712_cmd.h | 2 +-
2 files changed, 2 insertions(+), 10 deletions(-)
diff --git a/drivers/staging/rtl8712/rtl8712_cmd.c b/drivers/staging/rtl8712/rtl8712_cmd.c
index 9f61583af150..41b667c8385c 100644
--- a/drivers/staging/rtl8712/rtl8712_cmd.c
+++ b/drivers/staging/rtl8712/rtl8712_cmd.c
@@ -158,17 +158,9 @@ static u8 write_macreg_hdl(struct _adapter *padapter, u8 *pbuf)
static u8 read_bbreg_hdl(struct _adapter *padapter, u8 *pbuf)
{
- u32 val;
- void (*pcmd_callback)(struct _adapter *dev, struct cmd_obj *pcmd);
struct cmd_obj *pcmd = (struct cmd_obj *)pbuf;
- if (pcmd->rsp && pcmd->rspsz > 0)
- memcpy(pcmd->rsp, (u8 *)&val, pcmd->rspsz);
- pcmd_callback = cmd_callback[pcmd->cmdcode].callback;
- if (!pcmd_callback)
- r8712_free_cmd_obj(pcmd);
- else
- pcmd_callback(padapter, pcmd);
+ r8712_free_cmd_obj(pcmd);
return H2C_SUCCESS;
}
diff --git a/drivers/staging/rtl8712/rtl8712_cmd.h b/drivers/staging/rtl8712/rtl8712_cmd.h
index 67e9e910aef9..d10a59d4a550 100644
--- a/drivers/staging/rtl8712/rtl8712_cmd.h
+++ b/drivers/staging/rtl8712/rtl8712_cmd.h
@@ -152,7 +152,7 @@ enum rtl8712_h2c_cmd {
static struct _cmd_callback cmd_callback[] = {
{GEN_CMD_CODE(_Read_MACREG), NULL}, /*0*/
{GEN_CMD_CODE(_Write_MACREG), NULL},
- {GEN_CMD_CODE(_Read_BBREG), &r8712_getbbrfreg_cmdrsp_callback},
+ {GEN_CMD_CODE(_Read_BBREG), NULL},
{GEN_CMD_CODE(_Write_BBREG), NULL},
{GEN_CMD_CODE(_Read_RFREG), &r8712_getbbrfreg_cmdrsp_callback},
{GEN_CMD_CODE(_Write_RFREG), NULL}, /*5*/
--
2.19.1
next prev parent reply other threads:[~2019-05-02 15:23 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-02 15:20 [PATCH 4.9 00/32] 4.9.173-stable review Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 01/32] usbnet: ipheth: prevent TX queue timeouts when device not ready Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 02/32] usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 03/32] media: vivid: check if the cec_adapter is valid Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 04/32] ARM: dts: bcm283x: Fix hdmi hpd gpio pull Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 05/32] s390: limit brk randomization to 32MB Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 06/32] qlcnic: Avoid potential NULL pointer dereference Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 07/32] netfilter: nft_set_rbtree: check for inactive element after flag mismatch Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 08/32] netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 09/32] sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 10/32] serial: ar933x_uart: Fix build failure with disabled console Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 11/32] usb: gadget: net2280: Fix overrun of OUT messages Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 12/32] usb: gadget: net2280: Fix net2280_dequeue() Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 13/32] usb: gadget: net2272: Fix net2272_dequeue() Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 14/32] ARM: dts: pfla02: increase phy reset duration Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 15/32] net: ks8851: Dequeue RX packets explicitly Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 16/32] net: ks8851: Reassert reset pin if chip ID check fails Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 17/32] net: ks8851: Delay requesting IRQ until opened Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 18/32] net: ks8851: Set initial carrier state to down Greg Kroah-Hartman
2019-05-02 15:21 ` Greg Kroah-Hartman [this message]
2019-05-02 15:21 ` [PATCH 4.9 20/32] NFS: Fix a typo in nfs_init_timeout_values() Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 21/32] net: xilinx: fix possible object reference leak Greg Kroah-Hartman
2019-05-02 15:21 ` Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 22/32] net: ibm: " Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 23/32] net: ethernet: ti: " Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 24/32] scsi: qla4xxx: fix a potential NULL pointer dereference Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 25/32] usb: u132-hcd: fix resource leak Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 26/32] ceph: fix use-after-free on symlink traversal Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 27/32] scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 28/32] libata: fix using DMA buffers on stack Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 29/32] gpio: of: Fix of_gpiochip_add() error path Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 30/32] kconfig/[mn]conf: handle backspace (^H) key Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 31/32] leds: pca9532: fix a potential NULL pointer dereference Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 32/32] vfio/type1: Limit DMA mappings per container Greg Kroah-Hartman
2019-05-02 23:06 ` [PATCH 4.9 00/32] 4.9.173-stable review kernelci.org bot
2019-05-03 7:04 ` Naresh Kamboju
2019-05-03 9:27 ` Jon Hunter
2019-05-03 9:27 ` Jon Hunter
2019-05-03 17:15 ` Guenter Roeck
2019-05-03 21:21 ` shuah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190502143320.447183085@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=colin.king@canonical.com \
--cc=dan.carpenter@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.