All of lore.kernel.org
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Dan Carpenter <error27@gmail.com>
Cc: Phillip Potter <phil@philpotter.co.uk>,
	Pavel Skripkin <paskripkin@gmail.com>,
	Deepak R Varma <drv@mailo.com>,
	Charlie Sands <sandsch@northvilleschools.net>,
	Mahak Gupta <mahak_g@cs.iitr.ac.in>,
	Alaa Mohamed <eng.alaamohamedsoliman.am@gmail.com>,
	linux-staging@lists.linux.dev, kernel-janitors@vger.kernel.org
Subject: Re: [PATCH] staging: r8188eu: fix a potential integer underflow bug
Date: Thu, 9 Mar 2023 10:09:38 +0100	[thread overview]
Message-ID: <ZAmiUmR2qRJhitds@kroah.com> (raw)
In-Reply-To: <Y/YfzZeFCAPiZ6RV@kili>

On Wed, Feb 22, 2023 at 04:59:41PM +0300, Dan Carpenter wrote:
> Here the code is testing to see if skb->len meets a minimum size
> requirement.  However if skb->len is very small then the ETH_HLEN
> subtraction will result in a negative which is then type promoted
> to an unsigned int and the condition will be true.
> 
> Generally, when you have an untrusted variable like skb->len, you
> should move all the math to the other side of the comparison.
> 
> Fixes: 15865124feed ("staging: r8188eu: introduce new core dir for RTL8188eu driver")
> Signed-off-by: Dan Carpenter <error27@gmail.com>
> ---
> Compile tested only.  This is basic algebra of moving parts of the
> equation from one side to the other and I am surprisingly bad at
> something that I was supposed to have learned in 9th grade.
> 
>  drivers/staging/r8188eu/core/rtw_br_ext.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

This driver is now deleted, so no need to worry about this anymore.

thanks,

greg k-h

      parent reply	other threads:[~2023-03-09  9:10 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-22 13:59 [PATCH] staging: r8188eu: fix a potential integer underflow bug Dan Carpenter
2023-02-23  7:00 ` Philipp Hortmann
2023-02-23 11:00 ` Pavel Skripkin
2023-02-23 13:58   ` Dan Carpenter
2023-02-23 11:26 ` Dan Carpenter
2023-03-09  9:09 ` Greg Kroah-Hartman [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZAmiUmR2qRJhitds@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=drv@mailo.com \
    --cc=eng.alaamohamedsoliman.am@gmail.com \
    --cc=error27@gmail.com \
    --cc=kernel-janitors@vger.kernel.org \
    --cc=linux-staging@lists.linux.dev \
    --cc=mahak_g@cs.iitr.ac.in \
    --cc=paskripkin@gmail.com \
    --cc=phil@philpotter.co.uk \
    --cc=sandsch@northvilleschools.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.