* [PATCH] mac80211: fix kzalloc memory corruption introduced in minstrel_ht
@ 2012-07-02 12:39 Thomas Huehn
2012-07-02 18:25 ` John W. Linville
0 siblings, 1 reply; 2+ messages in thread
From: Thomas Huehn @ 2012-07-02 12:39 UTC (permalink / raw)
To: linville
Cc: dan.carpenter, wfg, linux-wireless, franzschrober, julian.calaby,
johannes, thomas, nbd
The patch: "mac80211: correct size the argument to
kzalloc in minstrel_ht" (from Jun 29, 2012), leads to memory corruption.
"msp->ratelist" is a void pointer - therfore going back to the
expicit form: sizeof(struct minstrel_rate) which brings back correct
memory allocation.
Reported-by: Fengguang Wu <wfg@linux.intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de>
---
net/mac80211/rc80211_minstrel_ht.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c
index 1ca8f2b..f9e51ef 100644
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
@@ -813,7 +813,7 @@ minstrel_ht_alloc_sta(void *priv, struct ieee80211_sta *sta, gfp_t gfp)
if (!msp)
return NULL;
- msp->ratelist = kzalloc(sizeof(*msp->ratelist) * max_rates, gfp);
+ msp->ratelist = kzalloc(sizeof(struct minstrel_rate) * max_rates, gfp);
if (!msp->ratelist)
goto error;
--
1.7.10.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] mac80211: fix kzalloc memory corruption introduced in minstrel_ht
2012-07-02 12:39 [PATCH] mac80211: fix kzalloc memory corruption introduced in minstrel_ht Thomas Huehn
@ 2012-07-02 18:25 ` John W. Linville
0 siblings, 0 replies; 2+ messages in thread
From: John W. Linville @ 2012-07-02 18:25 UTC (permalink / raw)
To: Thomas Huehn
Cc: dan.carpenter, wfg, linux-wireless, franzschrober, julian.calaby,
johannes, nbd
On Mon, Jul 02, 2012 at 02:39:52PM +0200, Thomas Huehn wrote:
> The patch: "mac80211: correct size the argument to
> kzalloc in minstrel_ht" (from Jun 29, 2012), leads to memory corruption.
> "msp->ratelist" is a void pointer - therfore going back to the
> expicit form: sizeof(struct minstrel_rate) which brings back correct
> memory allocation.
>
> Reported-by: Fengguang Wu <wfg@linux.intel.com>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de>
> ---
> net/mac80211/rc80211_minstrel_ht.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c
> index 1ca8f2b..f9e51ef 100644
> --- a/net/mac80211/rc80211_minstrel_ht.c
> +++ b/net/mac80211/rc80211_minstrel_ht.c
> @@ -813,7 +813,7 @@ minstrel_ht_alloc_sta(void *priv, struct ieee80211_sta *sta, gfp_t gfp)
> if (!msp)
> return NULL;
>
> - msp->ratelist = kzalloc(sizeof(*msp->ratelist) * max_rates, gfp);
> + msp->ratelist = kzalloc(sizeof(struct minstrel_rate) * max_rates, gfp);
> if (!msp->ratelist)
> goto error;
>
Johannes, I'm grabbing this one now.
--
John W. Linville Someday the world will need a hero, and you
linville@tuxdriver.com might be all we have. Be ready.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-07-05 14:52 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-07-02 12:39 [PATCH] mac80211: fix kzalloc memory corruption introduced in minstrel_ht Thomas Huehn
2012-07-02 18:25 ` John W. Linville
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.