[PATCH] staging: rtl8712: Fix possible buffer overrun

From: Young Xiao In commit 8b7a13c3f404 ("staging: r8712u: Fix possible buffer overrun") we fix a potential off by one by making the limit smaller. The better fix is to make the buffer larger. This makes it match up with the similar code in other drivers. Signed-off-by: Young Xiao --- drivers

Re: [PATCH] staging: rtl8723bs: Fix possible buffer overrun

Yes, you are right. I will send a new patch. Young On 2018/11/28 14:51, Dan Carpenter wrote: > The original code is OK. > > On Wed, Nov 28, 2018 at 02:22:31AM +0000, Yang Xiao wrote: >> From: Young Xiao >> >> In routine rtw_report_sec_ie(), the code could set the len

[PATCH] staging: rtl8723bs: Fix possible buffer overrun

From: Young Xiao In routine rtw_report_sec_ie(), the code could set the length of the buffer to 256; however, that value is one larger than the corresponding memory allocation. See commit 8b7a13c3f404 ("staging: r8712u: Fix possible buffer overrun") for detail. Signed-off-by: Young Xiao --- d

[PATCH] Revert commit ef9209b642f "staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c"

From: Young Xiao pstapriv->max_num_sta is always <= NUM_STA, since max_num_sta is either set in _rtw_init_sta_priv() or rtw_set_beacon(). Signed-off-by: Young Xiao --- drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/stag

Re: [PATCH] staging: rtl8188eu: Fix off-by-one in core/rtw_mlme_ext.c

Yes, you are right. I will send a patch to revert ef9209b642f. Young On 2018/11/27 16:49, Dan Carpenter wrote: > On Tue, Nov 27, 2018 at 08:41:53AM +0000, Yang Xiao wrote: >> Okay. I can send a patch to revert ef9209b642f. >> >> But, can you make sure that the conditio

Re: [PATCH] staging: rtl8188eu: Fix off-by-one in core/rtw_mlme_ext.c

Okay. I can send a patch to revert ef9209b642f. But, can you make sure that the condition "(pstapriv->sta_aid[pstat->aid - 1] == NULL)" can satisfies in the for loop? Young On 2018/11/27 16:34, Dan Carpenter wrote: > On Tue, Nov 27, 2018 at 08:29:05AM +, Yang Xiao wrot

Re: [PATCH] staging: rtl8188eu: Fix off-by-one in core/rtw_mlme_ext.c

access in line 3267. If you can prove it, then the patch is unnecessary. Young On 2018/11/27 16:15, Dan Carpenter wrote: > The original code is OK. > > On Tue, Nov 27, 2018 at 07:29:07AM +, Yang Xiao wrote: >> From: Young_X >> >> The error at line 3267 was the

[PATCH] staging: rtl8188eu: Fix off-by-one in core/rtw_mlme_ext.c

From: Young_X The error at line 3267 was the result of an off-by-one error in a for loop in line 3253. If condition in line 3254 never satisfies, then the value of pstat->aid is NUM_STA+1. This will lead to out-of-bound access in line 3267. Signed-off-by: Young_X --- driver