[PATCH AUTOSEL 4.9 09/13] net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size()

* [PATCH AUTOSEL 4.9 09/13] net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size()
       [not found] <20191122194958.24926-1-sashal@kernel.org>
@ 2019-11-22 19:49 ` Sasha Levin
  2019-11-22 19:49 ` [PATCH AUTOSEL 4.9 12/13] ax88172a: fix information leak on short answers Sasha Levin
  1 sibling, 0 replies; 2+ messages in thread
From: Sasha Levin @ 2019-11-22 19:49 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Dan Carpenter, David S . Miller, Sasha Levin, linux-usb, netdev

From: Dan Carpenter <dan.carpenter@oracle.com>

[ Upstream commit a56dcc6b455830776899ce3686735f1172e12243 ]

This code is supposed to test for negative error codes and partial
reads, but because sizeof() is size_t (unsigned) type then negative
error codes are type promoted to high positive values and the condition
doesn't work as expected.

Fixes: 332f989a3b00 ("CDC-NCM: handle incomplete transfer of MTU")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/usb/cdc_ncm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c
index cbb9b4343d1ea..be4e56826daf6 100644
--- a/drivers/net/usb/cdc_ncm.c
+++ b/drivers/net/usb/cdc_ncm.c
@@ -577,7 +577,7 @@ static void cdc_ncm_set_dgram_size(struct usbnet *dev, int new_size)
 	err = usbnet_read_cmd(dev, USB_CDC_GET_MAX_DATAGRAM_SIZE,
 			      USB_TYPE_CLASS | USB_DIR_IN | USB_RECIP_INTERFACE,
 			      0, iface_no, &max_datagram_size, sizeof(max_datagram_size));
-	if (err < sizeof(max_datagram_size)) {
+	if (err != sizeof(max_datagram_size)) {
 		dev_dbg(&dev->intf->dev, "GET_MAX_DATAGRAM_SIZE failed\n");
 		goto out;
 	}
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread