From: Aleksei Vetrov <vvvvvv@google.com>
To: Johannes Berg <johannes@sipsolutions.net>,
Kees Cook <kees@kernel.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
Dmitry Antipov <dmantipov@yandex.ru>
Cc: linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-hardening@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH v2] wifi: nl80211: fix bounds checker error in nl80211_parse_sched_scan
Date: Mon, 4 Nov 2024 16:10:58 +0000 [thread overview]
Message-ID: <ZyjyEl4kzFXz7tTB@google.com> (raw)
In-Reply-To: <20241029-nl80211_parse_sched_scan-bounds-checker-fix-v2-1-c804b787341f@google.com>
Hello everyone,
On Tue, Oct 29, 2024 at 01:22:11PM +0000, Aleksei Vetrov wrote:
> The channels array in the cfg80211_scan_request has a __counted_by
> attribute attached to it, which points to the n_channels variable. This
> attribute is used in bounds checking, and if it is not set before the
> array is filled, then the bounds sanitizer will issue a warning or a
> kernel panic if CONFIG_UBSAN_TRAP is set.
>
> This patch sets the size of allocated memory as the initial value for
> n_channels. It is updated with the actual number of added elements after
> the array is filled.
>
> Fixes: aa4ec06c455d ("wifi: cfg80211: use __counted_by where appropriate")
> Cc: stable@vger.kernel.org
> Signed-off-by: Aleksei Vetrov <vvvvvv@google.com>
> ---
> Changes in v2:
> - Added Fixes tag and added stable to CC
> - Link to v1: https://lore.kernel.org/r/20241028-nl80211_parse_sched_scan-bounds-checker-fix-v1-1-bb640be0ebb7@google.com
I would really appreciate it if someone take a look at this single line
patch. It looks like v2 of this patch has slipped through the cracks...
Best regards,
---
Aleksei Vetrov
next prev parent reply other threads:[~2024-11-04 16:11 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-29 13:22 [PATCH v2] wifi: nl80211: fix bounds checker error in nl80211_parse_sched_scan Aleksei Vetrov
2024-11-04 16:10 ` Aleksei Vetrov [this message]
2024-11-04 17:10 ` Jeff Johnson
2024-11-04 18:06 ` Aleksei Vetrov
2024-11-04 17:12 ` Jeff Johnson
2024-11-04 18:20 ` Aleksei Vetrov
2024-11-05 10:46 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZyjyEl4kzFXz7tTB@google.com \
--to=vvvvvv@google.com \
--cc=dmantipov@yandex.ru \
--cc=gustavoars@kernel.org \
--cc=johannes@sipsolutions.net \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.