From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-vs1-f50.google.com (mail-vs1-f50.google.com [209.85.217.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AB4312E2663 for ; Sun, 5 Apr 2026 10:17:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.217.50 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775384247; cv=none; b=u82pkmm3s6597Hyn4pUABDAf+pqFFYeWsrrrYh80qzmIrMMr1EX+CeV+FDPBISUCFwHmqpbKdglchu9OgfAQi3031zmGPsZ9Ubw3THfiI/PbRbynxCbtmmeF2yemMGXwUj2sehQn90tbdMG22qg5asTFgrTr56TPpictrx+fTfU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775384247; c=relaxed/simple; bh=AQ+pJFMYbzgXk9iZEWD3QQpsUE1t1TUjc5+4cHZ9DBw=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=CzDK10Cy1VIdj6RER4lV5a4M57WhBZy8pOOUGC7J8dvnbg/o/YpyLYpVbvrVu0rrffHXgnaxIlbX886+/RdQSBM35IiN5zKrpviRRXHHHoxab4pGh9wYZ7p+cPtBSCcHgnZ5R3+Abzb/FR+LcWvG0RAFZVYVRfiKcXoJ/Ipj03g= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=PRMbgUDt; arc=none smtp.client-ip=209.85.217.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="PRMbgUDt" Received: by mail-vs1-f50.google.com with SMTP id ada2fe7eead31-6057723d553so2106173137.2 for ; Sun, 05 Apr 2026 03:17:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775384245; x=1775989045; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=aJj4mxR0xJo9+KgEcTyLfLO7BVuCEavMpxT0H8imf/E=; b=PRMbgUDtpgcAqpl8mwdGIDY21a58uwcPSei9cmNXU3rPmarzTkplbVQTxMT1ZAeAbv wSMcpiyqaJ9oFpdD0LNXPIoK+GTmE1d/dtm7uzW2iHuLWlfdD1Pv74Ztph3JS3R3af6H AAtJnVTaU5LJknCxcCgJdt0jqMyGrAiH2x81QnA/PCIuh6Dg4FVm0JIGup70fCgeESlq eIVYOYKXTlKc+l5ieQdNys78+SWk9kBmjQO6sTs8LKnTPUK9rl8AZAzm4wnJ29zo0Rz0 C5UGttJPWU0+X88QhFUjiZUcNqhjlNWvbO3HvpNJ0CB/BzazTcxkH5nr+9lltF7wNJlL 2LOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775384245; x=1775989045; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=aJj4mxR0xJo9+KgEcTyLfLO7BVuCEavMpxT0H8imf/E=; b=GCCHX+oWvONSYAIQaEfOraCnxIIXi2T/8MVi0AFPL1P+w7+sA80u+lnhNTIfQxeQHc E0PZWuwrvg4aRKgn3aORWVXX7HvFAEuGzdh8ykVxtdUSjoTSKS8cNZqvELjX7626gsYk WZpYwfhC8fEvXxnVnMqG8ZXFmBPoQbQFT1tXvczVGd7dsKyfl0WrrL/MxFe5h43Puiog WuBeiu516wpOskXBaTPPf/O/76qQpHACc4Vi6PzTaKxo85x8Ou7D5xRftykskpUs+ANO KTgsQDvJWFjJdCI/BwzHdNO5pupq3zBmJDHS/YN8+3GQd++cr0l2KFNMEXUZLTC8clxu fz7Q== X-Forwarded-Encrypted: i=1; AJvYcCXWPCkKCUjwlDKx2F0vMVallZAJle3coERlb/VqW6acRO0ZN4tpUOa+NAvQzbAChBkmYX/seiHncEl9AMc=@vger.kernel.org X-Gm-Message-State: AOJu0YzaNK2Vgj0AEQZMFGQyq7qHTd1nhSJVx4IXp4TdxR4XLfm70ksL Yh9c4UuZf0XwyNk4OnqObTmSmSnwQEsyRDiuAKo7kiTqxAK2p0AeAv9/ X-Gm-Gg: AeBDiesxU4vhkHPliiZY8IeGwvqdEq3a0TvLTCFi4Q/xbPNINuTpNjxpv+aric8gnng u6YHiWmf9+kkt2J6mtXeoQF8+idwSY1yAN1jije/cjxkp310BZOuOw30EzePHm82JfrgoGgwZyF tErdrJoV2kXM4H3WEH+bev+NprPrPTvwwn0TaWgf1MZ0r+rWx3s38J5NZKwY0Mt1pxNTiCwqYJ+ TBSIrykx52khR4YyoiUqygs/Yo2OlxOuBd4ZulYdJ8DJnDfbQqgDj6HTLUa2/pj1Cexgv2uzO5+ wUL2kCrW4BOPOYAq+cwP00UoN5xU1bmy2O83PDo28Uf/4PDjHeeMNDzMrWx6jr4TXhExzW3KqPe HCd4BTnEkun2UVl37fiMw33iaHDpFAamXExeztyUng6juu0vP2eMdSQH1TGJgCCrLbGWJCqgsWG Q01VQwsK8Qy91NTKd6PUvARCALmOYCkyv2oc4YjMEK X-Received: by 2002:a05:6102:4b87:b0:605:17b8:16dc with SMTP id ada2fe7eead31-605a5038e40mr3323448137.20.1775384245524; Sun, 05 Apr 2026 03:17:25 -0700 (PDT) Received: from localhost.localdomain ([102.244.98.15]) by smtp.gmail.com with ESMTPSA id a1e0cc1a2514c-953fb897b8dsm10473385241.7.2026.04.05.03.17.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 03:17:24 -0700 (PDT) From: Delene Tchio Romuald To: gregkh@linuxfoundation.org Cc: Ethan Tidmore , Sam Daly , linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org, Delene Tchio Romuald Subject: [PATCH v3 0/5] staging: rtl8723bs: fix multiple missing bounds checks Date: Sun, 5 Apr 2026 11:15:43 +0100 Message-ID: <20260405101548.124829-1-delenetchior1@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This series fixes five missing bounds checks in the rtl8723bs driver that can be triggered by malformed WiFi frames. Each patch addresses one function and is independent of the others, but they are sent as a series since they all modify the same driver. All patches are based on staging-next, pass checkpatch with no errors or warnings, and compile cleanly. Found by reviewing the 40 memcpy calls in rtw_recv.c and tracing buffer pointer manipulation through the inline helpers in rtw_recv.h. Not tested on hardware. Changes since v2: - Rebased on staging-next - Sent as a numbered series instead of individual patches - Added proper Cc list from get_maintainer.pl Delene Tchio Romuald (5): staging: rtl8723bs: fix heap buffer overflow in recvframe_defrag() staging: rtl8723bs: fix integer underflow in TKIP MIC verification staging: rtl8723bs: fix out-of-bounds read in portctrl() staging: rtl8723bs: fix out-of-bounds reads in IE parsing functions staging: rtl8723bs: fix negative length in WEP decryption .../staging/rtl8723bs/core/rtw_ieee80211.c | 15 +++++-- drivers/staging/rtl8723bs/core/rtw_recv.c | 43 ++++++++++++++----- drivers/staging/rtl8723bs/core/rtw_security.c | 6 +++ 3 files changed, 50 insertions(+), 14 deletions(-) -- 2.43.0