* [PATCH] mac80211: fix VHT MCS mask array overrun
@ 2015-08-21 12:08 Johannes Berg
2015-08-21 13:24 ` Lorenzo Bianconi
0 siblings, 1 reply; 2+ messages in thread
From: Johannes Berg @ 2015-08-21 12:08 UTC (permalink / raw)
To: linux-wireless; +Cc: Dan Carpenter, lorenzo.bianconi83, Johannes Berg
From: Johannes Berg <johannes.berg@intel.com>
The HT MCS mask has 9 bytes, the VHT one only has 8 streams.
Split the loops to handle this correctly.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
net/mac80211/cfg.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 685ec13ed7c2..f4ed256c2d8e 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -2514,15 +2514,17 @@ static int ieee80211_set_bitrate_mask(struct wiphy *wiphy,
continue;
for (j = 0; j < IEEE80211_HT_MCS_MASK_LEN; j++) {
- if (~sdata->rc_rateidx_mcs_mask[i][j])
+ if (~sdata->rc_rateidx_mcs_mask[i][j]) {
sdata->rc_has_mcs_mask[i] = true;
+ break;
+ }
+ }
- if (~sdata->rc_rateidx_vht_mcs_mask[i][j])
+ for (j = 0; j < NL80211_VHT_NSS_MAX; j++) {
+ if (~sdata->rc_rateidx_vht_mcs_mask[i][j]) {
sdata->rc_has_vht_mcs_mask[i] = true;
-
- if (sdata->rc_has_mcs_mask[i] &&
- sdata->rc_has_vht_mcs_mask[i])
break;
+ }
}
}
--
2.1.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] mac80211: fix VHT MCS mask array overrun
2015-08-21 12:08 [PATCH] mac80211: fix VHT MCS mask array overrun Johannes Berg
@ 2015-08-21 13:24 ` Lorenzo Bianconi
0 siblings, 0 replies; 2+ messages in thread
From: Lorenzo Bianconi @ 2015-08-21 13:24 UTC (permalink / raw)
To: Johannes Berg; +Cc: linux-wireless, Dan Carpenter, Johannes Berg
> From: Johannes Berg <johannes.berg@intel.com>
>
> The HT MCS mask has 9 bytes, the VHT one only has 8 streams.
> Split the loops to handle this correctly.
>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
> ---
> net/mac80211/cfg.c | 12 +++++++-----
> 1 file changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
> index 685ec13ed7c2..f4ed256c2d8e 100644
> --- a/net/mac80211/cfg.c
> +++ b/net/mac80211/cfg.c
> @@ -2514,15 +2514,17 @@ static int ieee80211_set_bitrate_mask(struct wiphy *wiphy,
> continue;
>
> for (j = 0; j < IEEE80211_HT_MCS_MASK_LEN; j++) {
> - if (~sdata->rc_rateidx_mcs_mask[i][j])
> + if (~sdata->rc_rateidx_mcs_mask[i][j]) {
> sdata->rc_has_mcs_mask[i] = true;
> + break;
> + }
> + }
>
> - if (~sdata->rc_rateidx_vht_mcs_mask[i][j])
> + for (j = 0; j < NL80211_VHT_NSS_MAX; j++) {
> + if (~sdata->rc_rateidx_vht_mcs_mask[i][j]) {
> sdata->rc_has_vht_mcs_mask[i] = true;
> -
> - if (sdata->rc_has_mcs_mask[i] &&
> - sdata->rc_has_vht_mcs_mask[i])
> break;
> + }
> }
> }
>
> --
> 2.1.4
>
Acked-by: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com>
Thanks,
Lorenzo
--
UNIX is Sexy: who | grep -i blonde | talk; cd ~; wine; talk; touch;
unzip; touch; strip; gasp; finger; gasp; mount; fsck; more; yes; gasp;
umount; make clean; sleep
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-08-21 13:25 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-08-21 12:08 [PATCH] mac80211: fix VHT MCS mask array overrun Johannes Berg
2015-08-21 13:24 ` Lorenzo Bianconi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.