* [PATCH] staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() @ 2021-03-05 8:58 ` Dan Carpenter 0 siblings, 0 replies; 23+ messages in thread From: Dan Carpenter @ 2021-03-05 8:58 UTC (permalink / raw) To: Larry Finger Cc: Greg Kroah-Hartman, Michael Straube, Ivan Safonov, Kumar Kartikeya Dwivedi, Takashi Iwai, devel, kernel-janitors This code has a check to prevent read overflow but it needs another check to prevent writing beyond the end of the ->ssid[] array. Fixes: a2c60d42d97c ("staging: r8188eu: Add files for new driver - part 16") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- drivers/staging/rtl8188eu/os_dep/ioctl_linux.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c index bf22f130d3e1..58954b88a817 100644 --- a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c +++ b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c @@ -1133,9 +1133,11 @@ static int rtw_wx_set_scan(struct net_device *dev, struct iw_request_info *a, break; } sec_len = *(pos++); len -= 1; - if (sec_len > 0 && sec_len <= len) { + if (sec_len > 0 && + sec_len <= len && + sec_len <= 32) { ssid[ssid_index].ssid_length = sec_len; - memcpy(ssid[ssid_index].ssid, pos, ssid[ssid_index].ssid_length); + memcpy(ssid[ssid_index].ssid, pos, sec_len); ssid_index++; } pos += sec_len; -- 2.30.1 ^ permalink raw reply related [flat|nested] 23+ messages in thread
* [PATCH] staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() @ 2021-03-05 8:58 ` Dan Carpenter 0 siblings, 0 replies; 23+ messages in thread From: Dan Carpenter @ 2021-03-05 8:58 UTC (permalink / raw) To: Larry Finger Cc: devel, Ivan Safonov, Takashi Iwai, Greg Kroah-Hartman, kernel-janitors, Kumar Kartikeya Dwivedi This code has a check to prevent read overflow but it needs another check to prevent writing beyond the end of the ->ssid[] array. Fixes: a2c60d42d97c ("staging: r8188eu: Add files for new driver - part 16") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- drivers/staging/rtl8188eu/os_dep/ioctl_linux.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c index bf22f130d3e1..58954b88a817 100644 --- a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c +++ b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c @@ -1133,9 +1133,11 @@ static int rtw_wx_set_scan(struct net_device *dev, struct iw_request_info *a, break; } sec_len = *(pos++); len -= 1; - if (sec_len > 0 && sec_len <= len) { + if (sec_len > 0 && + sec_len <= len && + sec_len <= 32) { ssid[ssid_index].ssid_length = sec_len; - memcpy(ssid[ssid_index].ssid, pos, ssid[ssid_index].ssid_length); + memcpy(ssid[ssid_index].ssid, pos, sec_len); ssid_index++; } pos += sec_len; -- 2.30.1 _______________________________________________ devel mailing list devel@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel ^ permalink raw reply related [flat|nested] 23+ messages in thread
* Re: [PATCH] staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() 2021-03-05 8:58 ` Dan Carpenter @ 2021-03-05 16:58 ` Edmundo Carmona Antoranz -1 siblings, 0 replies; 23+ messages in thread From: Edmundo Carmona Antoranz @ 2021-03-05 16:58 UTC (permalink / raw) To: Dan Carpenter Cc: Larry Finger, Greg Kroah-Hartman, Michael Straube, Ivan Safonov, Kumar Kartikeya Dwivedi, Takashi Iwai, devel, kernel-janitors On Fri, Mar 5, 2021 at 2:59 AM Dan Carpenter <dan.carpenter@oracle.com> wrote: > - if (sec_len > 0 && sec_len <= len) { > + if (sec_len > 0 && > + sec_len <= len && > + sec_len <= 32) { I wonder if this could be reduced to (sec_len > 0 && sec_len <= min(len, 32)) from a stylistic POV? First attempt at something kernel related so I know there's plenty of things to learn (including patterns for problems like this and etiquette). BR ^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH] staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() @ 2021-03-05 16:58 ` Edmundo Carmona Antoranz 0 siblings, 0 replies; 23+ messages in thread From: Edmundo Carmona Antoranz @ 2021-03-05 16:58 UTC (permalink / raw) To: Dan Carpenter Cc: devel, Ivan Safonov, Takashi Iwai, Greg Kroah-Hartman, kernel-janitors, Kumar Kartikeya Dwivedi, Larry Finger On Fri, Mar 5, 2021 at 2:59 AM Dan Carpenter <dan.carpenter@oracle.com> wrote: > - if (sec_len > 0 && sec_len <= len) { > + if (sec_len > 0 && > + sec_len <= len && > + sec_len <= 32) { I wonder if this could be reduced to (sec_len > 0 && sec_len <= min(len, 32)) from a stylistic POV? First attempt at something kernel related so I know there's plenty of things to learn (including patterns for problems like this and etiquette). BR _______________________________________________ devel mailing list devel@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel ^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH] staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() 2021-03-05 16:58 ` Edmundo Carmona Antoranz @ 2021-03-05 18:32 ` Dan Carpenter -1 siblings, 0 replies; 23+ messages in thread From: Dan Carpenter @ 2021-03-05 18:32 UTC (permalink / raw) To: Edmundo Carmona Antoranz Cc: devel, Ivan Safonov, Takashi Iwai, Greg Kroah-Hartman, kernel-janitors, Kumar Kartikeya Dwivedi, Larry Finger On Fri, Mar 05, 2021 at 10:58:17AM -0600, Edmundo Carmona Antoranz wrote: > On Fri, Mar 5, 2021 at 2:59 AM Dan Carpenter <dan.carpenter@oracle.com> wrote: > > - if (sec_len > 0 && sec_len <= len) { > > + if (sec_len > 0 && > > + sec_len <= len && > > + sec_len <= 32) { > > I wonder if this could be reduced to (sec_len > 0 && sec_len <= > min(len, 32)) from a stylistic POV? I kind of prefer it the way I wrote it. I prefer conditions split apart and done ploddingly, one at a time... You'll notice how I could have written it like: if (sec_len > 0 && sec_len <= len && sec_len <= 32) { But I really like my conditions to be spelled out so the "sec_len" is perfectly aligned in each part of the condition. Your way would be to combine two conditions into one part of a line and seems sneaky. > > First attempt at something kernel related so I know there's plenty of > things to learn (including patterns for problems like this and > etiquette). It's good that you're reviewing code... We try to be predictable though and no one would have predicted your response. Ideally patch review should be like, "Ugh! Why didn't I think of that? Of course, we should propagate the error code." Or "Oh, I didn't know checkpatch warns about that." The truth is that I don't always agree with all of Greg's reviews. He is more strict than I am about breaking up patches into multiple things. (It's a tricky line to define for me). But I can always predict what Greg will say in a review so that saves time when I know which patches he will accept and which he won't. regards, dan carpenter ^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH] staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() @ 2021-03-05 18:32 ` Dan Carpenter 0 siblings, 0 replies; 23+ messages in thread From: Dan Carpenter @ 2021-03-05 18:32 UTC (permalink / raw) To: Edmundo Carmona Antoranz Cc: devel, Ivan Safonov, Takashi Iwai, Greg Kroah-Hartman, kernel-janitors, Kumar Kartikeya Dwivedi, Larry Finger On Fri, Mar 05, 2021 at 10:58:17AM -0600, Edmundo Carmona Antoranz wrote: > On Fri, Mar 5, 2021 at 2:59 AM Dan Carpenter <dan.carpenter@oracle.com> wrote: > > - if (sec_len > 0 && sec_len <= len) { > > + if (sec_len > 0 && > > + sec_len <= len && > > + sec_len <= 32) { > > I wonder if this could be reduced to (sec_len > 0 && sec_len <= > min(len, 32)) from a stylistic POV? I kind of prefer it the way I wrote it. I prefer conditions split apart and done ploddingly, one at a time... You'll notice how I could have written it like: if (sec_len > 0 && sec_len <= len && sec_len <= 32) { But I really like my conditions to be spelled out so the "sec_len" is perfectly aligned in each part of the condition. Your way would be to combine two conditions into one part of a line and seems sneaky. > > First attempt at something kernel related so I know there's plenty of > things to learn (including patterns for problems like this and > etiquette). It's good that you're reviewing code... We try to be predictable though and no one would have predicted your response. Ideally patch review should be like, "Ugh! Why didn't I think of that? Of course, we should propagate the error code." Or "Oh, I didn't know checkpatch warns about that." The truth is that I don't always agree with all of Greg's reviews. He is more strict than I am about breaking up patches into multiple things. (It's a tricky line to define for me). But I can always predict what Greg will say in a review so that saves time when I know which patches he will accept and which he won't. regards, dan carpenter _______________________________________________ devel mailing list devel@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel ^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH] staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() 2021-03-05 18:32 ` Dan Carpenter @ 2021-03-05 18:55 ` Edmundo Carmona Antoranz -1 siblings, 0 replies; 23+ messages in thread From: Edmundo Carmona Antoranz @ 2021-03-05 18:55 UTC (permalink / raw) To: Dan Carpenter Cc: devel, Ivan Safonov, Takashi Iwai, Greg Kroah-Hartman, kernel-janitors, Kumar Kartikeya Dwivedi, Larry Finger On Fri, Mar 5, 2021 at 12:33 PM Dan Carpenter <dan.carpenter@oracle.com> wrote: > > It's good that you're reviewing code... Right now watching the patches flow feels like I'm just shadowing. Later, when I get the hang of it, I might try providing something on my own. I'll just watch things from a distance for the time being perhaps making questions here or there (like I just did). Just in case, my main point was to use a min() (or MIN? whatever way it's provided in the standard) to have only two conditions instead of three... .to keep them on separate lines, it could be done like this: if (sec_len > 0 && sec_len <= min(len, 32)) { _but_ I understand if you would rather keep the 3 conditions. Thanks for your comment. ^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH] staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() @ 2021-03-05 18:55 ` Edmundo Carmona Antoranz 0 siblings, 0 replies; 23+ messages in thread From: Edmundo Carmona Antoranz @ 2021-03-05 18:55 UTC (permalink / raw) To: Dan Carpenter Cc: devel, Ivan Safonov, Takashi Iwai, Greg Kroah-Hartman, kernel-janitors, Kumar Kartikeya Dwivedi, Larry Finger On Fri, Mar 5, 2021 at 12:33 PM Dan Carpenter <dan.carpenter@oracle.com> wrote: > > It's good that you're reviewing code... Right now watching the patches flow feels like I'm just shadowing. Later, when I get the hang of it, I might try providing something on my own. I'll just watch things from a distance for the time being perhaps making questions here or there (like I just did). Just in case, my main point was to use a min() (or MIN? whatever way it's provided in the standard) to have only two conditions instead of three... .to keep them on separate lines, it could be done like this: if (sec_len > 0 && sec_len <= min(len, 32)) { _but_ I understand if you would rather keep the 3 conditions. Thanks for your comment. _______________________________________________ devel mailing list devel@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel ^ permalink raw reply [flat|nested] 23+ messages in thread
* [PATCH] staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() 2021-03-05 8:58 ` Dan Carpenter (?) (?) @ 2022-05-18 7:00 ` Denis Efremov 2022-05-18 7:49 ` Denis Efremov 2022-05-19 15:45 ` [PATCH] staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() Greg KH -1 siblings, 2 replies; 23+ messages in thread From: Denis Efremov @ 2022-05-18 7:00 UTC (permalink / raw) To: Larry.Finger Cc: Denis Efremov, phil, gregkh, dan.carpenter, straube.linux, linux-staging, linux-kernel, kernel-janitors, stable This code has a check to prevent read overflow but it needs another check to prevent writing beyond the end of the ->Ssid[] array. Fixes: 2b42bd58b321 ("staging: r8188eu: introduce new os_dep dir for RTL8188eu driver") Cc: stable <stable@vger.kernel.org> Signed-off-by: Denis Efremov <denis.e.efremov@oracle.com> --- This patch is a copy of Dan's 74b6b20df8cf (CVE-2021-28660). Drivers r8188eu and rtl8188eu share the same code. drivers/staging/r8188eu/os_dep/ioctl_linux.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/staging/r8188eu/os_dep/ioctl_linux.c b/drivers/staging/r8188eu/os_dep/ioctl_linux.c index eb9375b0c660..a2692ce02bc2 100644 --- a/drivers/staging/r8188eu/os_dep/ioctl_linux.c +++ b/drivers/staging/r8188eu/os_dep/ioctl_linux.c @@ -1131,9 +1131,11 @@ static int rtw_wx_set_scan(struct net_device *dev, struct iw_request_info *a, break; } sec_len = *(pos++); len -= 1; - if (sec_len > 0 && sec_len <= len) { + if (sec_len > 0 && + sec_len <= len && + sec_len <= 32) { ssid[ssid_index].SsidLength = sec_len; - memcpy(ssid[ssid_index].Ssid, pos, ssid[ssid_index].SsidLength); + memcpy(ssid[ssid_index].Ssid, pos, sec_len); ssid_index++; } pos += sec_len; -- 2.35.3 ^ permalink raw reply related [flat|nested] 23+ messages in thread
* Re: [PATCH] staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() 2022-05-18 7:00 ` [PATCH] staging: r8188eu: prevent ->Ssid " Denis Efremov @ 2022-05-18 7:49 ` Denis Efremov 2022-05-19 15:40 ` Greg KH 2022-05-19 15:45 ` [PATCH] staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() Greg KH 1 sibling, 1 reply; 23+ messages in thread From: Denis Efremov @ 2022-05-18 7:49 UTC (permalink / raw) To: Larry.Finger Cc: phil, gregkh, dan.carpenter, straube.linux, linux-staging, linux-kernel, kernel-janitors, stable On 5/18/22 11:00, Denis Efremov wrote: > This code has a check to prevent read overflow but it needs another > check to prevent writing beyond the end of the ->Ssid[] array. > > Fixes: 2b42bd58b321 ("staging: r8188eu: introduce new os_dep dir for RTL8188eu driver") > Cc: stable <stable@vger.kernel.org> > Signed-off-by: Denis Efremov <denis.e.efremov@oracle.com> > --- > > This patch is a copy of Dan's 74b6b20df8cf (CVE-2021-28660). > Drivers r8188eu and rtl8188eu share the same code. I also found same code pattern in rtl8723bs driver in stable kernels 5.10, 5.4, 4.19, 4.14. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c?h=linux-5.10.y#n1354 I can send the same fix to stable trees if appropriate. > > drivers/staging/r8188eu/os_dep/ioctl_linux.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/staging/r8188eu/os_dep/ioctl_linux.c b/drivers/staging/r8188eu/os_dep/ioctl_linux.c > index eb9375b0c660..a2692ce02bc2 100644 > --- a/drivers/staging/r8188eu/os_dep/ioctl_linux.c > +++ b/drivers/staging/r8188eu/os_dep/ioctl_linux.c > @@ -1131,9 +1131,11 @@ static int rtw_wx_set_scan(struct net_device *dev, struct iw_request_info *a, > break; > } > sec_len = *(pos++); len -= 1; > - if (sec_len > 0 && sec_len <= len) { > + if (sec_len > 0 && > + sec_len <= len && > + sec_len <= 32) { > ssid[ssid_index].SsidLength = sec_len; > - memcpy(ssid[ssid_index].Ssid, pos, ssid[ssid_index].SsidLength); > + memcpy(ssid[ssid_index].Ssid, pos, sec_len); > ssid_index++; > } > pos += sec_len; ^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH] staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() 2022-05-18 7:49 ` Denis Efremov @ 2022-05-19 15:40 ` Greg KH 2022-05-20 3:57 ` [PATCH v5.10] staging: rtl8723bs: " Denis Efremov (Oracle) 2022-05-23 17:39 ` [PATCH v5.4-v4.14] staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() Denis Efremov (Oracle) 0 siblings, 2 replies; 23+ messages in thread From: Greg KH @ 2022-05-19 15:40 UTC (permalink / raw) To: Denis Efremov Cc: Larry.Finger, phil, dan.carpenter, straube.linux, linux-staging, linux-kernel, kernel-janitors, stable On Wed, May 18, 2022 at 11:49:27AM +0400, Denis Efremov wrote: > > > On 5/18/22 11:00, Denis Efremov wrote: > > This code has a check to prevent read overflow but it needs another > > check to prevent writing beyond the end of the ->Ssid[] array. > > > > Fixes: 2b42bd58b321 ("staging: r8188eu: introduce new os_dep dir for RTL8188eu driver") > > Cc: stable <stable@vger.kernel.org> > > Signed-off-by: Denis Efremov <denis.e.efremov@oracle.com> > > --- > > > > This patch is a copy of Dan's 74b6b20df8cf (CVE-2021-28660). > > Drivers r8188eu and rtl8188eu share the same code. > > I also found same code pattern in rtl8723bs driver in > stable kernels 5.10, 5.4, 4.19, 4.14. > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c?h=linux-5.10.y#n1354 > I can send the same fix to stable trees if appropriate. Please do! thanks, greg k-h ^ permalink raw reply [flat|nested] 23+ messages in thread
* [PATCH v5.10] staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() 2022-05-19 15:40 ` Greg KH @ 2022-05-20 3:57 ` Denis Efremov (Oracle) 2022-05-23 15:26 ` Greg KH 2022-05-26 12:05 ` Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 5.10-stable tree gregkh 2022-05-23 17:39 ` [PATCH v5.4-v4.14] staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() Denis Efremov (Oracle) 1 sibling, 2 replies; 23+ messages in thread From: Denis Efremov (Oracle) @ 2022-05-20 3:57 UTC (permalink / raw) To: gregkh Cc: Denis Efremov (Oracle), Larry.Finger, phil, dan.carpenter, straube.linux, linux-staging, linux-kernel, kernel-janitors, stable This code has a check to prevent read overflow but it needs another check to prevent writing beyond the end of the ->Ssid[] array. Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Cc: stable <stable@vger.kernel.org> Signed-off-by: Denis Efremov (Oracle) <efremov@linux.com> --- drivers/staging/rtl8723bs/os_dep/ioctl_linux.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c index 902ac8169948..083ff72976cf 100644 --- a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c +++ b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c @@ -1351,9 +1351,11 @@ static int rtw_wx_set_scan(struct net_device *dev, struct iw_request_info *a, sec_len = *(pos++); len -= 1; - if (sec_len > 0 && sec_len <= len) { + if (sec_len > 0 && + sec_len <= len && + sec_len <= 32) { ssid[ssid_index].SsidLength = sec_len; - memcpy(ssid[ssid_index].Ssid, pos, ssid[ssid_index].SsidLength); + memcpy(ssid[ssid_index].Ssid, pos, sec_len); /* DBG_871X("%s COMBO_SCAN with specific ssid:%s, %d\n", __func__ */ /* , ssid[ssid_index].Ssid, ssid[ssid_index].SsidLength); */ ssid_index++; -- 2.35.3 ^ permalink raw reply related [flat|nested] 23+ messages in thread
* Re: [PATCH v5.10] staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() 2022-05-20 3:57 ` [PATCH v5.10] staging: rtl8723bs: " Denis Efremov (Oracle) @ 2022-05-23 15:26 ` Greg KH 2022-05-23 17:41 ` Denis Efremov 2022-05-26 12:05 ` Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 5.10-stable tree gregkh 1 sibling, 1 reply; 23+ messages in thread From: Greg KH @ 2022-05-23 15:26 UTC (permalink / raw) To: Denis Efremov (Oracle) Cc: Larry.Finger, phil, dan.carpenter, straube.linux, linux-staging, linux-kernel, kernel-janitors, stable On Fri, May 20, 2022 at 07:57:30AM +0400, Denis Efremov (Oracle) wrote: > This code has a check to prevent read overflow but it needs another > check to prevent writing beyond the end of the ->Ssid[] array. > > Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") > Cc: stable <stable@vger.kernel.org> > Signed-off-by: Denis Efremov (Oracle) <efremov@linux.com> > --- > drivers/staging/rtl8723bs/os_dep/ioctl_linux.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) And only 5.10 needs this? What about all other kernel branches? thanks, greg k-h ^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v5.10] staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() 2022-05-23 15:26 ` Greg KH @ 2022-05-23 17:41 ` Denis Efremov 2022-05-26 12:05 ` Greg KH 0 siblings, 1 reply; 23+ messages in thread From: Denis Efremov @ 2022-05-23 17:41 UTC (permalink / raw) To: Greg KH Cc: Larry.Finger, phil, dan.carpenter, straube.linux, linux-staging, linux-kernel, kernel-janitors, stable Hi, On 5/23/22 19:26, Greg KH wrote: > On Fri, May 20, 2022 at 07:57:30AM +0400, Denis Efremov (Oracle) wrote: >> This code has a check to prevent read overflow but it needs another >> check to prevent writing beyond the end of the ->Ssid[] array. >> >> Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") >> Cc: stable <stable@vger.kernel.org> >> Signed-off-by: Denis Efremov (Oracle) <efremov@linux.com> >> --- >> drivers/staging/rtl8723bs/os_dep/ioctl_linux.c | 6 ++++-- >> 1 file changed, 4 insertions(+), 2 deletions(-) > > And only 5.10 needs this? What about all other kernel branches? > From 5.10, 5.4, 4.19, to 4.14. There is a small spaces conflict in 5.4-4.14 kernels because of c77761d660a6 staging: rtl8723bs: Fix spacing issues I sent another patch to handle it. Thanks, Denis ^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v5.10] staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() 2022-05-23 17:41 ` Denis Efremov @ 2022-05-26 12:05 ` Greg KH 0 siblings, 0 replies; 23+ messages in thread From: Greg KH @ 2022-05-26 12:05 UTC (permalink / raw) To: Denis Efremov Cc: Larry.Finger, phil, dan.carpenter, straube.linux, linux-staging, linux-kernel, kernel-janitors, stable On Mon, May 23, 2022 at 09:41:09PM +0400, Denis Efremov wrote: > Hi, > > On 5/23/22 19:26, Greg KH wrote: > > On Fri, May 20, 2022 at 07:57:30AM +0400, Denis Efremov (Oracle) wrote: > >> This code has a check to prevent read overflow but it needs another > >> check to prevent writing beyond the end of the ->Ssid[] array. > >> > >> Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") > >> Cc: stable <stable@vger.kernel.org> > >> Signed-off-by: Denis Efremov (Oracle) <efremov@linux.com> > >> --- > >> drivers/staging/rtl8723bs/os_dep/ioctl_linux.c | 6 ++++-- > >> 1 file changed, 4 insertions(+), 2 deletions(-) > > > > And only 5.10 needs this? What about all other kernel branches? > > > > >From 5.10, 5.4, 4.19, to 4.14. > > There is a small spaces conflict in 5.4-4.14 kernels because of > c77761d660a6 staging: rtl8723bs: Fix spacing issues > > I sent another patch to handle it. Thanks, all now queued up. greg k-h ^ permalink raw reply [flat|nested] 23+ messages in thread
* Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 5.10-stable tree 2022-05-20 3:57 ` [PATCH v5.10] staging: rtl8723bs: " Denis Efremov (Oracle) 2022-05-23 15:26 ` Greg KH @ 2022-05-26 12:05 ` gregkh 1 sibling, 0 replies; 23+ messages in thread From: gregkh @ 2022-05-26 12:05 UTC (permalink / raw) To: Larry.Finger, dan.carpenter, efremov, gregkh, linux-staging, phil, straube.linux Cc: stable-commits This is a note to let you know that I've just added the patch titled staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() to the 5.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: staging-rtl8723bs-prevent-ssid-overflow-in-rtw_wx_set_scan.patch and it can be found in the queue-5.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@vger.kernel.org> know about it. From efremov@linux.com Thu May 26 14:03:56 2022 From: "Denis Efremov (Oracle)" <efremov@linux.com> Date: Fri, 20 May 2022 07:57:30 +0400 Subject: staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() To: gregkh@linuxfoundation.org Cc: "Denis Efremov (Oracle)" <efremov@linux.com>, Larry.Finger@lwfinger.net, phil@philpotter.co.uk, dan.carpenter@oracle.com, straube.linux@gmail.com, linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, stable <stable@vger.kernel.org> Message-ID: <20220520035730.5533-1-efremov@linux.com> From: "Denis Efremov (Oracle)" <efremov@linux.com> This code has a check to prevent read overflow but it needs another check to prevent writing beyond the end of the ->Ssid[] array. Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Cc: stable <stable@vger.kernel.org> Signed-off-by: Denis Efremov (Oracle) <efremov@linux.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> --- drivers/staging/rtl8723bs/os_dep/ioctl_linux.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c +++ b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c @@ -1351,9 +1351,11 @@ static int rtw_wx_set_scan(struct net_de sec_len = *(pos++); len -= 1; - if (sec_len > 0 && sec_len <= len) { + if (sec_len > 0 && + sec_len <= len && + sec_len <= 32) { ssid[ssid_index].SsidLength = sec_len; - memcpy(ssid[ssid_index].Ssid, pos, ssid[ssid_index].SsidLength); + memcpy(ssid[ssid_index].Ssid, pos, sec_len); /* DBG_871X("%s COMBO_SCAN with specific ssid:%s, %d\n", __func__ */ /* , ssid[ssid_index].Ssid, ssid[ssid_index].SsidLength); */ ssid_index++; Patches currently in stable-queue which might be from efremov@linux.com are queue-5.10/staging-rtl8723bs-prevent-ssid-overflow-in-rtw_wx_set_scan.patch ^ permalink raw reply [flat|nested] 23+ messages in thread
* [PATCH v5.4-v4.14] staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() 2022-05-19 15:40 ` Greg KH 2022-05-20 3:57 ` [PATCH v5.10] staging: rtl8723bs: " Denis Efremov (Oracle) @ 2022-05-23 17:39 ` Denis Efremov (Oracle) 2022-05-26 12:05 ` Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 4.14-stable tree gregkh ` (2 more replies) 1 sibling, 3 replies; 23+ messages in thread From: Denis Efremov (Oracle) @ 2022-05-23 17:39 UTC (permalink / raw) To: gregkh Cc: Denis Efremov (Oracle), Larry.Finger, phil, dan.carpenter, straube.linux, linux-staging, linux-kernel, kernel-janitors, stable This code has a check to prevent read overflow but it needs another check to prevent writing beyond the end of the ->Ssid[] array. Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Cc: stable <stable@vger.kernel.org> Signed-off-by: Denis Efremov (Oracle) <efremov@linux.com> --- drivers/staging/rtl8723bs/os_dep/ioctl_linux.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c index d8d44fd9a92f..ea2fd3a73c3a 100644 --- a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c +++ b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c @@ -1351,9 +1351,11 @@ static int rtw_wx_set_scan(struct net_device *dev, struct iw_request_info *a, sec_len = *(pos++); len-= 1; - if (sec_len>0 && sec_len<=len) { + if (sec_len > 0 && + sec_len <= len && + sec_len <= 32) { ssid[ssid_index].SsidLength = sec_len; - memcpy(ssid[ssid_index].Ssid, pos, ssid[ssid_index].SsidLength); + memcpy(ssid[ssid_index].Ssid, pos, sec_len); /* DBG_871X("%s COMBO_SCAN with specific ssid:%s, %d\n", __func__ */ /* , ssid[ssid_index].Ssid, ssid[ssid_index].SsidLength); */ ssid_index++; -- 2.36.1 ^ permalink raw reply related [flat|nested] 23+ messages in thread
* Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 4.14-stable tree 2022-05-23 17:39 ` [PATCH v5.4-v4.14] staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() Denis Efremov (Oracle) @ 2022-05-26 12:05 ` gregkh 2022-05-26 12:05 ` Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 4.19-stable tree gregkh 2022-05-26 12:05 ` Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 5.4-stable tree gregkh 2 siblings, 0 replies; 23+ messages in thread From: gregkh @ 2022-05-26 12:05 UTC (permalink / raw) To: Larry.Finger, dan.carpenter, efremov, gregkh, linux-staging, phil, straube.linux Cc: stable-commits This is a note to let you know that I've just added the patch titled staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: staging-rtl8723bs-prevent-ssid-overflow-in-rtw_wx_set_scan.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@vger.kernel.org> know about it. From efremov@linux.com Thu May 26 14:03:14 2022 From: "Denis Efremov (Oracle)" <efremov@linux.com> Date: Mon, 23 May 2022 21:39:43 +0400 Subject: staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() To: gregkh@linuxfoundation.org Cc: "Denis Efremov (Oracle)" <efremov@linux.com>, Larry.Finger@lwfinger.net, phil@philpotter.co.uk, dan.carpenter@oracle.com, straube.linux@gmail.com, linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, stable <stable@vger.kernel.org> Message-ID: <20220523173943.12486-1-efremov@linux.com> From: "Denis Efremov (Oracle)" <efremov@linux.com> This code has a check to prevent read overflow but it needs another check to prevent writing beyond the end of the ->Ssid[] array. Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Cc: stable <stable@vger.kernel.org> Signed-off-by: Denis Efremov (Oracle) <efremov@linux.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> --- drivers/staging/rtl8723bs/os_dep/ioctl_linux.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c +++ b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c @@ -1438,9 +1438,11 @@ static int rtw_wx_set_scan(struct net_de sec_len = *(pos++); len-= 1; - if (sec_len>0 && sec_len<=len) { + if (sec_len > 0 && + sec_len <= len && + sec_len <= 32) { ssid[ssid_index].SsidLength = sec_len; - memcpy(ssid[ssid_index].Ssid, pos, ssid[ssid_index].SsidLength); + memcpy(ssid[ssid_index].Ssid, pos, sec_len); /* DBG_871X("%s COMBO_SCAN with specific ssid:%s, %d\n", __func__ */ /* , ssid[ssid_index].Ssid, ssid[ssid_index].SsidLength); */ ssid_index++; Patches currently in stable-queue which might be from efremov@linux.com are queue-4.14/staging-rtl8723bs-prevent-ssid-overflow-in-rtw_wx_set_scan.patch ^ permalink raw reply [flat|nested] 23+ messages in thread
* Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 4.19-stable tree 2022-05-23 17:39 ` [PATCH v5.4-v4.14] staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() Denis Efremov (Oracle) 2022-05-26 12:05 ` Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 4.14-stable tree gregkh @ 2022-05-26 12:05 ` gregkh 2022-05-26 12:05 ` Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 5.4-stable tree gregkh 2 siblings, 0 replies; 23+ messages in thread From: gregkh @ 2022-05-26 12:05 UTC (permalink / raw) To: Larry.Finger, dan.carpenter, efremov, gregkh, linux-staging, phil, straube.linux Cc: stable-commits This is a note to let you know that I've just added the patch titled staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() to the 4.19-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: staging-rtl8723bs-prevent-ssid-overflow-in-rtw_wx_set_scan.patch and it can be found in the queue-4.19 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@vger.kernel.org> know about it. From efremov@linux.com Thu May 26 14:03:14 2022 From: "Denis Efremov (Oracle)" <efremov@linux.com> Date: Mon, 23 May 2022 21:39:43 +0400 Subject: staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() To: gregkh@linuxfoundation.org Cc: "Denis Efremov (Oracle)" <efremov@linux.com>, Larry.Finger@lwfinger.net, phil@philpotter.co.uk, dan.carpenter@oracle.com, straube.linux@gmail.com, linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, stable <stable@vger.kernel.org> Message-ID: <20220523173943.12486-1-efremov@linux.com> From: "Denis Efremov (Oracle)" <efremov@linux.com> This code has a check to prevent read overflow but it needs another check to prevent writing beyond the end of the ->Ssid[] array. Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Cc: stable <stable@vger.kernel.org> Signed-off-by: Denis Efremov (Oracle) <efremov@linux.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> --- drivers/staging/rtl8723bs/os_dep/ioctl_linux.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c +++ b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c @@ -1359,9 +1359,11 @@ static int rtw_wx_set_scan(struct net_de sec_len = *(pos++); len-= 1; - if (sec_len>0 && sec_len<=len) { + if (sec_len > 0 && + sec_len <= len && + sec_len <= 32) { ssid[ssid_index].SsidLength = sec_len; - memcpy(ssid[ssid_index].Ssid, pos, ssid[ssid_index].SsidLength); + memcpy(ssid[ssid_index].Ssid, pos, sec_len); /* DBG_871X("%s COMBO_SCAN with specific ssid:%s, %d\n", __func__ */ /* , ssid[ssid_index].Ssid, ssid[ssid_index].SsidLength); */ ssid_index++; Patches currently in stable-queue which might be from efremov@linux.com are queue-4.19/staging-rtl8723bs-prevent-ssid-overflow-in-rtw_wx_set_scan.patch ^ permalink raw reply [flat|nested] 23+ messages in thread
* Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 5.4-stable tree 2022-05-23 17:39 ` [PATCH v5.4-v4.14] staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() Denis Efremov (Oracle) 2022-05-26 12:05 ` Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 4.14-stable tree gregkh 2022-05-26 12:05 ` Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 4.19-stable tree gregkh @ 2022-05-26 12:05 ` gregkh 2 siblings, 0 replies; 23+ messages in thread From: gregkh @ 2022-05-26 12:05 UTC (permalink / raw) To: Larry.Finger, dan.carpenter, efremov, gregkh, linux-staging, phil, straube.linux Cc: stable-commits This is a note to let you know that I've just added the patch titled staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() to the 5.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: staging-rtl8723bs-prevent-ssid-overflow-in-rtw_wx_set_scan.patch and it can be found in the queue-5.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@vger.kernel.org> know about it. From efremov@linux.com Thu May 26 14:03:14 2022 From: "Denis Efremov (Oracle)" <efremov@linux.com> Date: Mon, 23 May 2022 21:39:43 +0400 Subject: staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() To: gregkh@linuxfoundation.org Cc: "Denis Efremov (Oracle)" <efremov@linux.com>, Larry.Finger@lwfinger.net, phil@philpotter.co.uk, dan.carpenter@oracle.com, straube.linux@gmail.com, linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, stable <stable@vger.kernel.org> Message-ID: <20220523173943.12486-1-efremov@linux.com> From: "Denis Efremov (Oracle)" <efremov@linux.com> This code has a check to prevent read overflow but it needs another check to prevent writing beyond the end of the ->Ssid[] array. Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Cc: stable <stable@vger.kernel.org> Signed-off-by: Denis Efremov (Oracle) <efremov@linux.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> --- drivers/staging/rtl8723bs/os_dep/ioctl_linux.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c +++ b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c @@ -1351,9 +1351,11 @@ static int rtw_wx_set_scan(struct net_de sec_len = *(pos++); len-= 1; - if (sec_len>0 && sec_len<=len) { + if (sec_len > 0 && + sec_len <= len && + sec_len <= 32) { ssid[ssid_index].SsidLength = sec_len; - memcpy(ssid[ssid_index].Ssid, pos, ssid[ssid_index].SsidLength); + memcpy(ssid[ssid_index].Ssid, pos, sec_len); /* DBG_871X("%s COMBO_SCAN with specific ssid:%s, %d\n", __func__ */ /* , ssid[ssid_index].Ssid, ssid[ssid_index].SsidLength); */ ssid_index++; Patches currently in stable-queue which might be from efremov@linux.com are queue-5.4/staging-rtl8723bs-prevent-ssid-overflow-in-rtw_wx_set_scan.patch ^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH] staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() 2022-05-18 7:00 ` [PATCH] staging: r8188eu: prevent ->Ssid " Denis Efremov 2022-05-18 7:49 ` Denis Efremov @ 2022-05-19 15:45 ` Greg KH 2022-05-19 17:16 ` Dan Carpenter 1 sibling, 1 reply; 23+ messages in thread From: Greg KH @ 2022-05-19 15:45 UTC (permalink / raw) To: Denis Efremov Cc: Larry.Finger, phil, dan.carpenter, straube.linux, linux-staging, linux-kernel, kernel-janitors, stable On Wed, May 18, 2022 at 11:00:52AM +0400, Denis Efremov wrote: > This code has a check to prevent read overflow but it needs another > check to prevent writing beyond the end of the ->Ssid[] array. > > Fixes: 2b42bd58b321 ("staging: r8188eu: introduce new os_dep dir for RTL8188eu driver") > Cc: stable <stable@vger.kernel.org> > Signed-off-by: Denis Efremov <denis.e.efremov@oracle.com> > --- > > This patch is a copy of Dan's 74b6b20df8cf (CVE-2021-28660). > Drivers r8188eu and rtl8188eu share the same code. This does not apply to my tree at all. This file is not present anymore, what tree did you make it against? confused, greg k-h ^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH] staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() 2022-05-19 15:45 ` [PATCH] staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() Greg KH @ 2022-05-19 17:16 ` Dan Carpenter 2022-05-19 17:36 ` Greg KH 0 siblings, 1 reply; 23+ messages in thread From: Dan Carpenter @ 2022-05-19 17:16 UTC (permalink / raw) To: Greg KH Cc: Denis Efremov, Larry.Finger, phil, straube.linux, linux-staging, linux-kernel, kernel-janitors, stable On Thu, May 19, 2022 at 05:45:31PM +0200, Greg KH wrote: > On Wed, May 18, 2022 at 11:00:52AM +0400, Denis Efremov wrote: > > This code has a check to prevent read overflow but it needs another > > check to prevent writing beyond the end of the ->Ssid[] array. > > > > Fixes: 2b42bd58b321 ("staging: r8188eu: introduce new os_dep dir for RTL8188eu driver") > > Cc: stable <stable@vger.kernel.org> > > Signed-off-by: Denis Efremov <denis.e.efremov@oracle.com> > > --- > > > > This patch is a copy of Dan's 74b6b20df8cf (CVE-2021-28660). > > Drivers r8188eu and rtl8188eu share the same code. > > This does not apply to my tree at all. This file is not present anymore, > what tree did you make it against? > That's weird. It applies fine for me on today's linux-next. regards, dan carpenter ^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH] staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() 2022-05-19 17:16 ` Dan Carpenter @ 2022-05-19 17:36 ` Greg KH 0 siblings, 0 replies; 23+ messages in thread From: Greg KH @ 2022-05-19 17:36 UTC (permalink / raw) To: Dan Carpenter Cc: Denis Efremov, Larry.Finger, phil, straube.linux, linux-staging, linux-kernel, kernel-janitors, stable On Thu, May 19, 2022 at 08:16:28PM +0300, Dan Carpenter wrote: > On Thu, May 19, 2022 at 05:45:31PM +0200, Greg KH wrote: > > On Wed, May 18, 2022 at 11:00:52AM +0400, Denis Efremov wrote: > > > This code has a check to prevent read overflow but it needs another > > > check to prevent writing beyond the end of the ->Ssid[] array. > > > > > > Fixes: 2b42bd58b321 ("staging: r8188eu: introduce new os_dep dir for RTL8188eu driver") > > > Cc: stable <stable@vger.kernel.org> > > > Signed-off-by: Denis Efremov <denis.e.efremov@oracle.com> > > > --- > > > > > > This patch is a copy of Dan's 74b6b20df8cf (CVE-2021-28660). > > > Drivers r8188eu and rtl8188eu share the same code. > > > > This does not apply to my tree at all. This file is not present anymore, > > what tree did you make it against? > > > > That's weird. It applies fine for me on today's linux-next. Ok, really wierd, it worked this time. I'll blame my email setup somehow, I was churning through lots of patches at once... thanks for checking. greg k-h ^ permalink raw reply [flat|nested] 23+ messages in thread
end of thread, other threads:[~2022-05-26 12:06 UTC | newest] Thread overview: 23+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-03-05 8:58 [PATCH] staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() Dan Carpenter 2021-03-05 8:58 ` Dan Carpenter 2021-03-05 16:58 ` Edmundo Carmona Antoranz 2021-03-05 16:58 ` Edmundo Carmona Antoranz 2021-03-05 18:32 ` Dan Carpenter 2021-03-05 18:32 ` Dan Carpenter 2021-03-05 18:55 ` Edmundo Carmona Antoranz 2021-03-05 18:55 ` Edmundo Carmona Antoranz 2022-05-18 7:00 ` [PATCH] staging: r8188eu: prevent ->Ssid " Denis Efremov 2022-05-18 7:49 ` Denis Efremov 2022-05-19 15:40 ` Greg KH 2022-05-20 3:57 ` [PATCH v5.10] staging: rtl8723bs: " Denis Efremov (Oracle) 2022-05-23 15:26 ` Greg KH 2022-05-23 17:41 ` Denis Efremov 2022-05-26 12:05 ` Greg KH 2022-05-26 12:05 ` Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 5.10-stable tree gregkh 2022-05-23 17:39 ` [PATCH v5.4-v4.14] staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() Denis Efremov (Oracle) 2022-05-26 12:05 ` Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 4.14-stable tree gregkh 2022-05-26 12:05 ` Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 4.19-stable tree gregkh 2022-05-26 12:05 ` Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 5.4-stable tree gregkh 2022-05-19 15:45 ` [PATCH] staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() Greg KH 2022-05-19 17:16 ` Dan Carpenter 2022-05-19 17:36 ` Greg KH
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.