* re: [PATCH] Check ieee80211softmac_auth_resp kmalloc result
@ 2014-10-02 18:16 Dan Carpenter
2014-10-06 18:17 ` Stanislav Yakovlev
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2014-10-02 18:16 UTC (permalink / raw)
To: Stanislav Yakovlev; +Cc: linux-wireless
Hello,
I've written a new kind of Smatch check that generates this warning:
drivers/net/wireless/ipw2x00/libipw_rx.c:1303 libipw_parse_info_param()
warn: potentially allocating too little.
drivers/net/wireless/ipw2x00/libipw_rx.c
1300 case WLAN_EID_IBSS_DFS:
1301 if (network->ibss_dfs)
1302 break;
1303 network->ibss_dfs = kmemdup(info_element->data,
1304 info_element->len,
The problem is that smatch marks "info_element->len" as untrusted data
because it comes from skb->data. "network->ibss_dfs" is a 9 character
struct. We're not necessarily allocating enough space for that.
So far as I can see this is harmless because we never use ->ibss_dfs
and we should just delete it along with all the related code?
1305 GFP_ATOMIC);
1306 if (!network->ibss_dfs)
1307 return 1;
1308 network->flags |= NETWORK_HAS_IBSS_DFS;
1309 break;
regards,
dan carpenter
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-10-06 18:17 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-10-02 18:16 [PATCH] Check ieee80211softmac_auth_resp kmalloc result Dan Carpenter
2014-10-06 18:17 ` Stanislav Yakovlev
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).