* [PATCH] staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
@ 2023-07-09 5:50 Zhang Shurong
2023-07-09 19:21 ` Markus Elfring
2023-07-10 6:08 ` [PATCH] " Dan Carpenter
0 siblings, 2 replies; 9+ messages in thread
From: Zhang Shurong @ 2023-07-09 5:50 UTC (permalink / raw)
To: gregkh; +Cc: error27, xu.panda, linux-staging, linux-kernel, Zhang Shurong
The "exc->key_len" is a u16 that comes from the user. If it's over
IW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.
Fixes: b121d84882b9 ("staging: ks7010: simplify calls to memcpy()")
Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
---
drivers/staging/ks7010/ks_wlan_net.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/ks7010/ks_wlan_net.c b/drivers/staging/ks7010/ks_wlan_net.c
index e03c87f0bfe7..0fb97a79ad0b 100644
--- a/drivers/staging/ks7010/ks_wlan_net.c
+++ b/drivers/staging/ks7010/ks_wlan_net.c
@@ -1583,8 +1583,10 @@ static int ks_wlan_set_encode_ext(struct net_device *dev,
commit |= SME_WEP_FLAG;
}
if (enc->key_len) {
- memcpy(&key->key_val[0], &enc->key[0], enc->key_len);
- key->key_len = enc->key_len;
+ int key_len = clamp_val(enc->key_len, 0, IW_ENCODING_TOKEN_MAX);
+
+ memcpy(&key->key_val[0], &enc->key[0], key_len);
+ key->key_len = key_len;
commit |= (SME_WEP_VAL1 << index);
}
break;
--
2.30.2
^ permalink raw reply related [flat|nested] 9+ messages in thread* Re: [PATCH] staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
2023-07-09 5:50 [PATCH] staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() Zhang Shurong
@ 2023-07-09 19:21 ` Markus Elfring
2023-07-09 19:42 ` Greg Kroah-Hartman
2023-07-10 6:08 ` [PATCH] " Dan Carpenter
1 sibling, 1 reply; 9+ messages in thread
From: Markus Elfring @ 2023-07-09 19:21 UTC (permalink / raw)
To: Zhang Shurong, linux-staging, kernel-janitors, Greg Kroah-Hartman
Cc: LKML, Dan Carpenter, Xu Panda
> The "exc->key_len" is a u16 that comes from the user. If it's over
> IW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.
Please choose an imperative change suggestion.
See also:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.4#n94
Regards,
Markus
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
2023-07-09 19:21 ` Markus Elfring
@ 2023-07-09 19:42 ` Greg Kroah-Hartman
2023-07-09 19:56 ` Markus Elfring
0 siblings, 1 reply; 9+ messages in thread
From: Greg Kroah-Hartman @ 2023-07-09 19:42 UTC (permalink / raw)
To: Markus Elfring
Cc: Zhang Shurong, linux-staging, kernel-janitors, LKML,
Dan Carpenter, Xu Panda
On Sun, Jul 09, 2023 at 09:21:45PM +0200, Markus Elfring wrote:
> > The "exc->key_len" is a u16 that comes from the user. If it's over
> > IW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.
>
> Please choose an imperative change suggestion.
Please stop reviewing staging patches, it is not helpful for anyone.
greg k-h
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
2023-07-09 19:42 ` Greg Kroah-Hartman
@ 2023-07-09 19:56 ` Markus Elfring
2023-07-10 5:41 ` Zhang Shurong
0 siblings, 1 reply; 9+ messages in thread
From: Markus Elfring @ 2023-07-09 19:56 UTC (permalink / raw)
To: Greg Kroah-Hartman, Zhang Shurong, linux-staging, kernel-janitors
Cc: LKML, Dan Carpenter, Xu Panda
>>> The "exc->key_len" is a u16 that comes from the user. If it's over
>>> IW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.
>>
>> Please choose an imperative change suggestion.
>
> Please stop reviewing staging patches, it is not helpful for anyone.
It seems that further contributors need to become more aware about
(and finally adhere to) requirements from the Linux development documentation.
Regards,
Markus
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
2023-07-09 19:56 ` Markus Elfring
@ 2023-07-10 5:41 ` Zhang Shurong
2023-07-10 5:47 ` Greg Kroah-Hartman
2023-07-10 6:21 ` Markus Elfring
0 siblings, 2 replies; 9+ messages in thread
From: Zhang Shurong @ 2023-07-10 5:41 UTC (permalink / raw)
To: Markus Elfring
Cc: Greg Kroah-Hartman, linux-staging, kernel-janitors, LKML,
Dan Carpenter, Xu Panda
Hi Markus,
> 2023年7月10日 03:56,Markus Elfring <Markus.Elfring@web.de> 写道:
>
>>>> The "exc->key_len" is a u16 that comes from the user. If it's over
>>>> IW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.
>>>
>>> Please choose an imperative change suggestion.
>>
>> Please stop reviewing staging patches, it is not helpful for anyone.
>
> It seems that further contributors need to become more aware about
> (and finally adhere to) requirements from the Linux development documentation.
>
> Regards,
> Markus
I'm guilty of my incorrect patch format. And do I need to write another
patch to fix this format issue?
Best regards
Shurong
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
2023-07-10 5:41 ` Zhang Shurong
@ 2023-07-10 5:47 ` Greg Kroah-Hartman
2023-07-10 6:32 ` Markus Elfring
2023-07-10 6:21 ` Markus Elfring
1 sibling, 1 reply; 9+ messages in thread
From: Greg Kroah-Hartman @ 2023-07-10 5:47 UTC (permalink / raw)
To: Zhang Shurong
Cc: Markus Elfring, linux-staging, kernel-janitors, LKML,
Dan Carpenter, Xu Panda
On Mon, Jul 10, 2023 at 01:41:07PM +0800, Zhang Shurong wrote:
> Hi Markus,
>
> > 2023年7月10日 03:56,Markus Elfring <Markus.Elfring@web.de> 写道:
> >
> >>>> The "exc->key_len" is a u16 that comes from the user. If it's over
> >>>> IW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.
> >>>
> >>> Please choose an imperative change suggestion.
> >>
> >> Please stop reviewing staging patches, it is not helpful for anyone.
> >
> > It seems that further contributors need to become more aware about
> > (and finally adhere to) requirements from the Linux development documentation.
> >
> > Regards,
> > Markus
>
> I'm guilty of my incorrect patch format. And do I need to write another
> patch to fix this format issue?
One of the hardest things in kernel development is learning what
reviews, and what reviewers, should be ignored. This is one of them :)
No need to change the patch yet, let me get to this change this week and
I'll let you know.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
2023-07-10 5:47 ` Greg Kroah-Hartman
@ 2023-07-10 6:32 ` Markus Elfring
0 siblings, 0 replies; 9+ messages in thread
From: Markus Elfring @ 2023-07-10 6:32 UTC (permalink / raw)
To: Greg Kroah-Hartman, Zhang Shurong, linux-staging, kernel-janitors
Cc: LKML, Dan Carpenter, Xu Panda
…
>>> It seems that further contributors need to become more aware about
>>> (and finally adhere to) requirements from the Linux development documentation.
…
>> I'm guilty of my incorrect patch format. And do I need to write another
>> patch to fix this format issue?
>
> One of the hardest things in kernel development is learning what
> reviews, and what reviewers, should be ignored. This is one of them :)
Recurring communication difficulties triggered such a response.
Please reconsider it more!
> No need to change the patch yet, let me get to this change this week
The desired patch review may take more time.
> and I'll let you know.
Some contributors will be curious how corresponding messages will evolve.
Regards,
Markus
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
2023-07-10 5:41 ` Zhang Shurong
2023-07-10 5:47 ` Greg Kroah-Hartman
@ 2023-07-10 6:21 ` Markus Elfring
1 sibling, 0 replies; 9+ messages in thread
From: Markus Elfring @ 2023-07-10 6:21 UTC (permalink / raw)
To: Zhang Shurong, linux-staging, kernel-janitors
Cc: Greg Kroah-Hartman, LKML, Dan Carpenter, Xu Panda
…
>> It seems that further contributors need to become more aware about
>> (and finally adhere to) requirements from the Linux development documentation.
…
> I'm guilty of my incorrect patch format. And do I need to write another
> patch to fix this format issue?
This can be an usual consequence for the current change review
if you would really like to take provided information and advices
better into account.
Some communication parameters influence if further development ideas
will actually be picked up for desirable improvements
(also for your change suggestions).
Regards,
Markus
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
2023-07-09 5:50 [PATCH] staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() Zhang Shurong
2023-07-09 19:21 ` Markus Elfring
@ 2023-07-10 6:08 ` Dan Carpenter
1 sibling, 0 replies; 9+ messages in thread
From: Dan Carpenter @ 2023-07-10 6:08 UTC (permalink / raw)
To: Zhang Shurong; +Cc: gregkh, error27, xu.panda, linux-staging, linux-kernel
On Sun, Jul 09, 2023 at 01:50:07PM +0800, Zhang Shurong wrote:
> The "exc->key_len" is a u16 that comes from the user. If it's over
> IW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.
>
> Fixes: b121d84882b9 ("staging: ks7010: simplify calls to memcpy()")
>
> Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
regards,
dan carpenter
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2023-07-10 6:32 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-07-09 5:50 [PATCH] staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() Zhang Shurong
2023-07-09 19:21 ` Markus Elfring
2023-07-09 19:42 ` Greg Kroah-Hartman
2023-07-09 19:56 ` Markus Elfring
2023-07-10 5:41 ` Zhang Shurong
2023-07-10 5:47 ` Greg Kroah-Hartman
2023-07-10 6:32 ` Markus Elfring
2023-07-10 6:21 ` Markus Elfring
2023-07-10 6:08 ` [PATCH] " Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox