diff options
| author | Kees Cook <keescook@chromium.org> | 2021-08-19 13:28:23 -0700 |
|---|---|---|
| committer | Kalle Valo <kvalo@codeaurora.org> | 2021-08-21 20:15:35 +0300 |
| commit | d6b6d1bb80beabab43aa5f4289721e6659790f3a (patch) | |
| tree | 7af2c7a6f9a945c262a8a4de57779a29303b7495 /tools/perf/scripts/python/export-to-sqlite.py | |
| parent | 6f78f4a41ee0c348af73ed054ccff2d9c9c17cdb (diff) | |
ipw2x00: Avoid field-overflowing memcpy()
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.
libipw_read_qos_param_element() copies a struct libipw_info_element
into a struct libipw_qos_information_element, but is actually wanting to
copy into the larger struct libipw_qos_parameter_info (the contents of
ac_params_record[] is later examined). Refactor the routine to perform
centralized checks, and copy the entire contents directly (since the id
and len members match the elementID and length members):
struct libipw_info_element {
u8 id;
u8 len;
u8 data[];
} __packed;
struct libipw_qos_information_element {
u8 elementID;
u8 length;
u8 qui[QOS_OUI_LEN];
u8 qui_type;
u8 qui_subtype;
u8 version;
u8 ac_info;
} __packed;
struct libipw_qos_parameter_info {
struct libipw_qos_information_element info_element;
u8 reserved;
struct libipw_qos_ac_parameter ac_params_record[QOS_QUEUE_NUM];
} __packed;
Cc: Stanislav Yakovlev <stas.yakovlev@gmail.com>
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: linux-wireless@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210819202825.3545692-2-keescook@chromium.org
Diffstat (limited to 'tools/perf/scripts/python/export-to-sqlite.py')
0 files changed, 0 insertions, 0 deletions