I was looking at how TOTAL_CAM_ENTRY is used and I saw this code. We
print an error but continue writing "EntryNo" to a register as if it
were valid. "EntryNo" is controlled by the user in rtl8192_ioctl() so
it definitely can be invalid. I'm not positive what happens with the
invalid data but it can't be good.
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
diff --git a/drivers/staging/rtl8192e/rtl8192e/rtl_cam.c
b/drivers/staging/rtl8192e/rtl8192e/rtl_cam.c
index c146b7e..29dd93a 100644
--- a/drivers/staging/rtl8192e/rtl8192e/rtl_cam.c
+++ b/drivers/staging/rtl8192e/rtl8192e/rtl_cam.c
@@ -117,8 +117,10 @@ void rtl92e_set_key(struct net_device *dev, u8 EntryNo, u8
KeyIndex,
}
}
priv->rtllib->is_set_key = true;
- if (EntryNo >= TOTAL_CAM_ENTRY)
+ if (EntryNo >= TOTAL_CAM_ENTRY) {
netdev_info(dev, "%s(): Invalid CAM entry\n", __func__);
+ return;
+ }
RT_TRACE(COMP_SEC,
"====>to rtl92e_set_key(), dev:%p, EntryNo:%d,
KeyIndex:%d,KeyType:%d, MacAddr %pM\n",
_______________________________________________
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
