* [PATCH wpan] ieee802154: hwsim: fix off-by-one in parse nested
@ 2018-11-29 22:38 Alexander Aring
2018-11-29 22:40 ` Alexander Aring
0 siblings, 1 reply; 2+ messages in thread
From: Alexander Aring @ 2018-11-29 22:38 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, Alexander Aring
This patch fixes a off-by-one mistake in nla_parse_nested() functions of
mac802154_hwsim driver. I had to enabled stack protector so I was able
to reproduce it.
Reference: https://github.com/linux-wpan/wpan-tools/issues/17
Signed-off-by: Alexander Aring <aring@mojatatu.com>
---
drivers/net/ieee802154/mac802154_hwsim.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ieee802154/mac802154_hwsim.c b/drivers/net/ieee802154/mac802154_hwsim.c
index bf70ab892e69..fbcbf55ce744 100644
--- a/drivers/net/ieee802154/mac802154_hwsim.c
+++ b/drivers/net/ieee802154/mac802154_hwsim.c
@@ -500,7 +500,7 @@ static int hwsim_del_edge_nl(struct sk_buff *msg, struct genl_info *info)
!info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE])
return -EINVAL;
- if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX + 1,
+ if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX,
info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE],
hwsim_edge_policy, NULL))
return -EINVAL;
@@ -543,6 +543,7 @@ static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info)
struct hwsim_edge_info *einfo;
struct hwsim_phy *phy_v0;
struct hwsim_edge *e;
+
u32 v0, v1;
u8 lqi;
@@ -550,7 +551,7 @@ static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info)
!info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE])
return -EINVAL;
- if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX + 1,
+ if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX,
info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE],
hwsim_edge_policy, NULL))
return -EINVAL;
--
2.11.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH wpan] ieee802154: hwsim: fix off-by-one in parse nested
2018-11-29 22:38 [PATCH wpan] ieee802154: hwsim: fix off-by-one in parse nested Alexander Aring
@ 2018-11-29 22:40 ` Alexander Aring
0 siblings, 0 replies; 2+ messages in thread
From: Alexander Aring @ 2018-11-29 22:40 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan
On Thu, Nov 29, 2018 at 05:38:37PM -0500, Alexander Aring wrote:
> This patch fixes a off-by-one mistake in nla_parse_nested() functions of
> mac802154_hwsim driver. I had to enabled stack protector so I was able
> to reproduce it.
>
> Reference: https://github.com/linux-wpan/wpan-tools/issues/17
>
> Signed-off-by: Alexander Aring <aring@mojatatu.com>
> ---
> drivers/net/ieee802154/mac802154_hwsim.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/ieee802154/mac802154_hwsim.c b/drivers/net/ieee802154/mac802154_hwsim.c
> index bf70ab892e69..fbcbf55ce744 100644
> --- a/drivers/net/ieee802154/mac802154_hwsim.c
> +++ b/drivers/net/ieee802154/mac802154_hwsim.c
> @@ -500,7 +500,7 @@ static int hwsim_del_edge_nl(struct sk_buff *msg, struct genl_info *info)
> !info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE])
> return -EINVAL;
>
> - if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX + 1,
> + if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX,
> info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE],
> hwsim_edge_policy, NULL))
> return -EINVAL;
> @@ -543,6 +543,7 @@ static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info)
> struct hwsim_edge_info *einfo;
> struct hwsim_phy *phy_v0;
> struct hwsim_edge *e;
> +
grml, I will fix that...
- Alex
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-11-30 9:47 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-29 22:38 [PATCH wpan] ieee802154: hwsim: fix off-by-one in parse nested Alexander Aring
2018-11-29 22:40 ` Alexander Aring
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).