Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6557ddfe authored by Larry Finger's avatar Larry Finger Committed by Greg Kroah-Hartman
Browse files

staging: rtl8723bs: Fix various errors in os_dep/ioctl_cfg80211.c 



Smatch lists the following:

  CHECK   drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c
drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c:470 rtw_cfg80211_ibss_indicate_connect() error: we previously assumed 'scanned' could be null (see line 466)
drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c:942 rtw_cfg80211_set_encryption() warn: inconsistent indenting
drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c:955 rtw_cfg80211_set_encryption() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4
drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c:1017 rtw_cfg80211_set_encryption() error: buffer overflow 'padapter->securitypriv.dot118021XGrpKey' 5 <= 5
drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c:1216 cfg80211_rtw_set_default_key() warn: inconsistent indenting
drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c:2498 rtw_cfg80211_monitor_if_xmit_entry() error: we previously assumed 'skb' could be null (see line 2495)
drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c:2850 cfg80211_rtw_start_ap() warn: if statement not indented
drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c:2860 cfg80211_rtw_start_ap() warn: if statement not indented
drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c:3417 rtw_cfg80211_preinit_wiphy() warn: inconsistent indenting
drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c:3547 rtw_wdev_alloc() info: ignoring unreachable code.

The indenting warnings were fixed by simple white space changes.

The section where 'scanned' could be null required an immediate exit from
the routine at that point. A similar fix was required where 'skb' could be null.

The two buffer overflow errors were caused by off-by-one errors. While
locating these problems, another one was found in os_dep/ioctl_linux.c.

Signed-off-by: default avatarLarry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent e62bb925

drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c

+14 −24
Original line number Diff line number Diff line
@@ -463,9 +463,10 @@ void rtw_cfg80211_ibss_indicate_connect(struct adapter *padapter) 
		}

		else

		{

			if (scanned == NULL)

			if (scanned == NULL) {

				rtw_warn_on(1);



				return;

			}

			if (!memcmp(&(scanned->network.Ssid), &(pnetwork->Ssid), sizeof(struct ndis_802_11_ssid))

				&& !memcmp(scanned->network.MacAddress, pnetwork->MacAddress, sizeof(NDIS_802_11_MAC_ADDRESS))

			) {
@@ -906,7 +907,7 @@ static int rtw_cfg80211_set_encryption(struct net_device *dev, struct ieee_param 
	    param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff)

	{

		if (param->u.crypt.idx >= WEP_KEYS

			&& param->u.crypt.idx > BIP_MAX_KEYID

			|| param->u.crypt.idx >= BIP_MAX_KEYID

		)

		{

			ret = -EINVAL;
@@ -927,7 +928,7 @@ static int rtw_cfg80211_set_encryption(struct net_device *dev, struct ieee_param 
		wep_key_idx = param->u.crypt.idx;

		wep_key_len = param->u.crypt.key_len;



		if ((wep_key_idx > WEP_KEYS) || (wep_key_len <= 0))

		if ((wep_key_idx >= WEP_KEYS) || (wep_key_len <= 0))

		{

			ret = -EINVAL;

			goto exit;
@@ -1213,11 +1214,8 @@ static int cfg80211_rtw_set_default_key(struct wiphy *wiphy, 
	struct adapter *padapter = (struct adapter *)rtw_netdev_priv(ndev);

	struct security_priv *psecuritypriv = &padapter->securitypriv;



		DBG_871X(FUNC_NDEV_FMT" key_index =%d"

		", unicast =%d, multicast =%d"

		".\n", FUNC_NDEV_ARG(ndev), key_index

		, unicast, multicast

		);

	DBG_871X(FUNC_NDEV_FMT" key_index =%d, unicast =%d, multicast =%d\n",

		 FUNC_NDEV_ARG(ndev), key_index, unicast, multicast);



	if ((key_index < WEP_KEYS) && ((psecuritypriv->dot11PrivacyAlgrthm == _WEP40_) || (psecuritypriv->dot11PrivacyAlgrthm == _WEP104_))) /* set wep default key */

	{
@@ -2492,7 +2490,9 @@ static int rtw_cfg80211_monitor_if_xmit_entry(struct sk_buff *skb, struct net_de 


	DBG_871X(FUNC_NDEV_FMT"\n", FUNC_NDEV_ARG(ndev));



	if (skb)

	if (!skb)

		goto fail;



	rtw_mstat_update(MSTAT_TYPE_SKB, MSTAT_ALLOC_SUCCESS, skb->truesize);



	if (unlikely(skb->len < sizeof(struct ieee80211_radiotap_header)))
@@ -2847,20 +2847,10 @@ static int cfg80211_rtw_start_ap(struct wiphy *wiphy, struct net_device *ndev, 
		struct wlan_bssid_ex *pbss_network = &adapter->mlmepriv.cur_network.network;

		struct wlan_bssid_ex *pbss_network_ext = &adapter->mlmeextpriv.mlmext_info.network;



		if (0)

		DBG_871X(FUNC_ADPT_FMT" ssid:(%s,%zu), from ie:(%s,%d)\n", FUNC_ADPT_ARG(adapter),

			settings->ssid, settings->ssid_len,

			pbss_network->Ssid.Ssid, pbss_network->Ssid.SsidLength);



		memcpy(pbss_network->Ssid.Ssid, (void *)settings->ssid, settings->ssid_len);

		pbss_network->Ssid.SsidLength = settings->ssid_len;

		memcpy(pbss_network_ext->Ssid.Ssid, (void *)settings->ssid, settings->ssid_len);

		pbss_network_ext->Ssid.SsidLength = settings->ssid_len;



		if (0)

		DBG_871X(FUNC_ADPT_FMT" after ssid:(%s,%d), (%s,%d)\n", FUNC_ADPT_ARG(adapter),

			pbss_network->Ssid.Ssid, pbss_network->Ssid.SsidLength,

			pbss_network_ext->Ssid.Ssid, pbss_network_ext->Ssid.SsidLength);

	}



	return ret;
@@ -3541,10 +3531,10 @@ int rtw_wdev_alloc(struct adapter *padapter, struct device *dev) 
		pwdev_priv->power_mgmt = true;

	else

		pwdev_priv->power_mgmt = false;

	kfree((u8 *)wdev);



	return ret;



	kfree((u8 *)wdev);

unregister_wiphy:

	wiphy_unregister(wiphy);

 free_wiphy:

drivers/staging/rtl8723bs/os_dep/ioctl_linux.c

+1 −1
Original line number Diff line number Diff line
@@ -570,7 +570,7 @@ static int wpa_set_encryption(struct net_device *dev, struct ieee_param *param, 
	    param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff)

	{



		if (param->u.crypt.idx >= WEP_KEYS &&

		if (param->u.crypt.idx >= WEP_KEYS ||

		    param->u.crypt.idx >= BIP_MAX_KEYID) {

			ret = -EINVAL;

			goto exit;