Re: [PATCH] wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier

[Gustavo A. R. Silva]

On 30/12/24 12:36, Kees Cook wrote:

Since adding __counted_by(n_channels) to struct cfg80211_scan_request,
anything adding to the channels array must increment n_channels first.
Move n_channels increment earlier.

Reported-by: John Rowley <l...@johnrowley.me>
Closes: 
https://lore.kernel.org/stable/1815535c709ba9d9.156c6a5c9cdf6e59.b249b6b6a5ee4634@localhost.localdomain/
Fixes: aa4ec06c455d ("wifi: cfg80211: use __counted_by where appropriate")
Signed-off-by: Kees Cook <k...@kernel.org>

Reviewed-by: Gustavo A. R. Silva <gustavo...@kernel.org>

-Gustavo

---
Cc: Johannes Berg <johan...@sipsolutions.net>
Cc: Dmitry Antipov <dmanti...@yandex.ru>
Cc: Nathan Chancellor <nat...@kernel.org>
Cc: linux-wirel...@vger.kernel.org
---
  net/wireless/scan.c | 3 +--
  1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 1c6fd45aa809..ccdbeb604639 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -763,12 +763,11 @@ static  void cfg80211_scan_req_add_chan(struct 
cfg80211_scan_request *request,
                }
        }

+ request->n_channels++;

        request->channels[n_channels] = chan;
        if (add_to_6ghz)
                request->scan_6ghz_params[request->n_6ghz_params].channel_idx =
                        n_channels;
-
-       request->n_channels++;
  }

static bool cfg80211_find_ssid_match(struct cfg80211_colocated_ap *ap,