* signedness bug in lbs_auth_to_authtype()
@ 2012-03-28 7:24 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2012-03-28 7:24 UTC (permalink / raw)
To: Kiran Divekar; +Cc: linux-wireless
There is a signedness bug in lbs_auth_to_authtype() and it messes
up the error handling.
drivers/net/wireless/libertas/cfg.c
106 static u8 lbs_auth_to_authtype(enum nl80211_auth_type auth_type)
107 {
108 int ret = -ENOTSUPP;
109
We return -ENOTSUPP but it's casted to u8 making it 244.
351 auth->header.type = cpu_to_le16(TLV_TYPE_AUTH_TYPE);
352 auth->header.len = cpu_to_le16(sizeof(*auth)-sizeof(auth->header));
353 auth->auth = cpu_to_le16(lbs_auth_to_authtype(auth_type));
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
We don't check for errors here.
354 return sizeof(*auth);
355 }
1061 /* convert auth_type */
1062 ret = lbs_auth_to_authtype(sme->auth_type);
1063 if (ret < 0)
^^^^^^^
This doesn't work because 244 is larger than zero.
1064 goto done;
I would just change the u8 to an int, except that I felt that maybe
we should be checking for errors on the first time this function is
called. I wasn't sure how to handle that error.
regards,
dan carpenter
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2012-03-28 7:23 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-03-28 7:24 signedness bug in lbs_auth_to_authtype() Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).