From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 33DCA2D7BF for ; Fri, 17 Apr 2026 05:31:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.46 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776403888; cv=none; b=LAFPoTYDlk65Z96bL5clQ82yoqKrC0ZUuSfioDxHL0thHRDNuwmGtlyFStSIVqvyLoU2glpSCKoFASG1wZEMD22N6B0w3wU2PYEvfw//eWuhhB+OduLMb/b/6TYKrOAihiCzEsoKKVjULAQ3gn7TT20TNTL6ZLhTWnv6f2jPBG8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776403888; c=relaxed/simple; bh=VBthgw/rXhzMzxt0DW8aGzOx9zKnhpte4eoRC/Xt5BY=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=G9v/H9e8INpmYzdUZFdHYIjtp7KMQXS7ytw+v2EPnH6SCt1OfD9+ldDd2zGr3KEGlyffF0/7mvgYJ7KMqAC20MeVFBcVGbrni+lVV8P8yraD4PU/LOP3meE4XRJAgON4W6IkT7FjwTYswtVDmT3FjtM12b+i5cDI8TpeqMdA8NY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=iHYgLsuC; arc=none smtp.client-ip=209.85.128.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="iHYgLsuC" Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-488b3f8fa2bso12085435e9.1 for ; Thu, 16 Apr 2026 22:31:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776403885; x=1777008685; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=P8zdt2mI8kuppL/SwhLD4Wp0h0xn8IbXpXHR5LOgv/0=; b=iHYgLsuC9hrkFgg1IZ+Pakrguh2JIM5KGr1H5N4qPEH0xVReiW3HubghqTjsWP0Fzf B/BXQI/MmKk/vSh7JzgwVkfJZSGky7mm3Ihf4nd6PQzCoX4bOKY9JiJloJIQDTbCC+gC Y5H80x1tsVgtPY6Muz4cePcMv0ghkKW7c0npgOLTl4msVCDLPrhadN3/H5kqeQDRmhB3 ci7aB4I7do/FGLNqoXq9ZOl8QdX93t6x4/Lm1360xzWQL9xGfIAGX/LPGQStHjdJ+/Fw R+ycLU+uQu/b56PG2mH03ttVzefZrE9hayBwE6pd7fd3PVgqC1t4exqfuMN5yla5OUa7 27Fw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776403885; x=1777008685; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=P8zdt2mI8kuppL/SwhLD4Wp0h0xn8IbXpXHR5LOgv/0=; b=GHe8AqJwYK+U8boTq4G9SuhzFtM5VC0hYoebCBz+q8JSuIurpOtwuHOZVcMVcTwBO0 NDa0L8RHutGda8e26/BmYqs/j1J+b1Jy8lqFeJfDVeYBZeeJWc2T0A7QWKrupNRgLFmS ORNmTJvQUtw2DCYrhvsuCUWIKHq8pcQkkK1m+1QT8qNgqjRWuA+w9Doyh7jSKJLRvs7r CrW+zIYk6fBUTb7LfSfZRAgIJXRBflBRjCHnL0+rhYmWZdqRMABHSekiwH2gFcYddTYp dzzMpqb6KscutzHhoVjt/clN3kiUaQx/h40oQWIZxOKDj+0+4Y7cK79qv/EWN4c6Kr2F S1MA== X-Forwarded-Encrypted: i=1; AFNElJ9jFvZkTV8Zk2gnE52FhzZ0uBEZaAmOWuXrXCmSAfFOKBjXhiE2iTGVe7DxdTLDtPcPuhdIUhhVx7JzZCQ=@vger.kernel.org X-Gm-Message-State: AOJu0YymlgUTjwuldsU3q3ZKwbFh9FqG20bPNiGUwxhy/QsPZSIjQma/ M0UZfXUU2LwleMh5S0U/cdPNO++3e3P+Nkzrm5qIyXHPSIdgszo0Fv5huob09A== X-Gm-Gg: AeBDietROMhc6mq7qOwn6g8t4ZnUrcIA+vMYQJZ/VS2CdrjK9x+klxHiLg5egWIjpxO w/zVuWBlPQkMAm//t9LpRYrRTD/clu8iIvYAW0RQnUrK7YvtL5Ksj2ybwp0YHTDx2vD663OtRM0 XdnUxX4mlo4oP72HHLxl5vrUgsdcEuEgOseC0WlwFEZVhT5U4wi2cZm+KlBObMowxNdXHzGEnpt iUeBSzP2pG9M1vO9BGj7xKE0m1QetvSqug7UVJgKvgJkyfXPzbon1ucSa8YJZQaNhGit1FBSJiP d3lTZM1DsmM1UTrDokHEbpCWkY1CkINMF+l05tQY8YYMsENLXZNTcmma8/+il3Mvpv5CaUiq0Rr eVznx4D+RZtJ+274MWgjcDf7qEd8tkGrUm9O2guMI/vWTCCBmZEKkmMyGYtmHQyfwzYpJyKaBcD oYeRkjwgMXvY1yQTcrlbLDeOQEu78SvL8DzJmHOgeA X-Received: by 2002:a05:600c:4749:b0:488:c6e9:1e0c with SMTP id 5b1f17b1804b1-488fb889385mr13785665e9.5.1776403885540; Thu, 16 Apr 2026 22:31:25 -0700 (PDT) Received: from localhost ([196.207.164.177]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43fe4e4d525sm1499375f8f.31.2026.04.16.22.31.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Apr 2026 22:31:24 -0700 (PDT) Date: Fri, 17 Apr 2026 08:31:21 +0300 From: Dan Carpenter To: Delene Tchio Romuald Cc: gregkh@linuxfoundation.org, luka.gejak@linux.dev, hansg@kernel.org, linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH v5 1/5] staging: rtl8723bs: fix heap buffer overflow in recvframe_defrag() Message-ID: References: <20260417030110.42991-1-delenetchior1@gmail.com> <20260417030110.42991-2-delenetchior1@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260417030110.42991-2-delenetchior1@gmail.com> On Fri, Apr 17, 2026 at 04:01:06AM +0100, Delene Tchio Romuald wrote: > + /* Verify the receiving buffer has enough space for the fragment */ > + if (pnfhdr->len > pfhdr->rx_end - pfhdr->rx_tail) > + goto out_err; > > - /* memcpy */ I wasn't going to mention this, but since you're going to need to resend anyway... Yes, this comment is useless but don't delete it as part of a security fix. It's unrelated. regards, dan carpenter > memcpy(pfhdr->rx_tail, pnfhdr->rx_data, pnfhdr->len); > > recvframe_put(prframe, pnfhdr->len);