mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-08-27 19:29:37 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/staging
History
Atul Gopinathan e78836ae76 staging: rtl8192e: Change state information from u16 to u8 
The "u16 CcxRmState[2];" array field in struct "rtllib_network" has 4
bytes in total while the operations performed on this array through-out
the code base are only 2 bytes.

The "CcxRmState" field is fed only 2 bytes of data using memcpy():

(In rtllib_rx.c:1972)
	memcpy(network->CcxRmState, &info_element->data[4], 2)

With "info_element->data[]" being a u8 array, if 2 bytes are written
into "CcxRmState" (whose one element is u16 size), then the 2 u8
elements from "data[]" gets squashed and written into the first element
("CcxRmState[0]") while the second element ("CcxRmState[1]") is never
fed with any data.

Same in file rtllib_rx.c:2522:
	 memcpy(dst->CcxRmState, src->CcxRmState, 2);

The above line duplicates "src" data to "dst" but only writes 2 bytes
(and not 4, which is the actual size). Again, only 1st element gets the
value while the 2nd element remains uninitialized.

This later makes operations done with CcxRmState unpredictable in the
following lines as the 1st element is having a squashed number while the
2nd element is having an uninitialized random number.

rtllib_rx.c:1973:    if (network->CcxRmState[0] != 0)
rtllib_rx.c:1977:    network->MBssidMask = network->CcxRmState[1] & 0x07;

network->MBssidMask is also of type u8 and not u16.

Fix this by changing the type of "CcxRmState" from u16 to u8 so that the
data written into this array and read from it make sense and are not
random values.

NOTE: The wrong initialization of "CcxRmState" can be seen in the
following commit:

commit ecdfa44610 ("Staging: add Realtek 8192 PCI wireless driver")

The above commit created a file `rtl8192e/ieee80211.h` which used to
have the faulty line. The file has been deleted (or possibly renamed)
with the contents copied in to a new file `rtl8192e/rtllib.h` along with
additional code in the commit 94a799425e (tagged in Fixes).

Fixes: 94a799425e ("From: wlanfae <wlanfae@realtek.com> [PATCH 1/8] rtl8192e: Import new version of driver from realtek")
Cc: stable@vger.kernel.org
Signed-off-by: Atul Gopinathan <atulgopinathan@gmail.com>
Link: https://lore.kernel.org/r/20210323113413.29179-2-atulgopinathan@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-03-23 13:32:40 +01:00
..
android driver: staging: count ashmem_range into SLAB_RECLAIMBLE 2020-12-28 15:06:06 +01:00
axis-fifo
board Revert "staging: board: Remove macro board_staging" 2021-01-04 15:55:40 +01:00
clocking-wizard staging: Replace lkml.org links with lore 2021-02-11 12:13:53 +01:00
comedi Staging/IIO driver fixes for 5.12-rc4 2021-03-21 11:54:04 -07:00
emxx_udc staging: emxx_udc: Make incorrectly defined global static 2021-02-07 10:15:05 +01:00
fbtft staging: fbtft: add tearing signal detect 2021-02-12 09:48:29 +01:00
fieldbus staging: fieldbus: arcx-anybus: constify static structs 2021-02-08 15:22:34 +01:00
fsl-dpaa2 Staging/IIO driver patches for 5.12-rc1 2021-02-20 21:36:51 -08:00
fwserial staging: fwserial: Fix error handling in fwserial_create 2020-12-28 15:11:52 +01:00
gasket staging: gasket: fix indentation and lines ending with open parenthesis 2021-02-08 15:24:40 +01:00
gdm724x staging: gdm724x: Fix DMA from stack 2021-02-11 11:08:17 +01:00
greybus staging: greybus: Fixed a misspelling in hid.c 2021-02-13 22:37:51 +01:00
gs_fpgaboot
hikey9xx staging: hikey9xx: Fix alignment of function parameters 2021-02-13 22:37:51 +01:00
iio
kpc2000
ks7010 staging: ks7010: prevent buffer overflow in ks_wlan_set_scan() 2021-03-10 09:23:28 +01:00
media Simple Firmware Interface (SFI) support removal for v5.12-rc1 2021-02-24 10:35:29 -08:00
most staging: most: Switch from strlcpy to strscpy 2021-02-04 17:16:06 +01:00
mt7621-dma staging/mt7621-dma: mtk-hsdma.c->hsdma-mt7621.c 2021-01-31 13:39:53 +01:00
mt7621-dts staging: mt7621-dts: remove obsolete switch node 2021-01-26 18:46:35 +01:00
mt7621-pci staging: mt7621-pci: remove 'RALINK_PCI_IMBASEBAR0_ADDR' register 2020-11-26 09:12:18 +01:00
netlogic
nvec staging: nvec: minor coding style fix 2021-02-12 09:49:43 +01:00
octeon staging: octeon: remove braces from single-line block 2021-02-07 10:05:29 +01:00
octeon-usb
olpc_dcon staging: olpc_dcon: Switch from strlcpy to strscpy 2021-02-04 17:16:06 +01:00
pi433
qlge staging: qlge: Remove duplicate word in comment 2021-02-11 21:32:35 +01:00
ralink-gdma
rtl8188eu staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() 2021-03-10 09:23:30 +01:00
rtl8192e staging: rtl8192e: Change state information from u16 to u8 2021-03-23 13:32:40 +01:00
rtl8192u staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan() 2021-03-10 09:23:30 +01:00
rtl8712 staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd 2021-03-10 09:23:28 +01:00
rtl8723bs Staging/IIO driver patches for 5.12-rc1 2021-02-20 21:36:51 -08:00
rts5208
sm750fb staging: sm750fb: Switch from strlcpy to strscpy 2021-02-04 17:16:07 +01:00
unisys staging: unisys: visorhba: enhance visorhba to use channel_interrupt 2021-01-07 16:57:50 +01:00
vc04_services staging: Replace lkml.org links with lore 2021-02-11 12:13:53 +01:00
vme Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2021-02-27 08:07:12 -08:00
vt6655 staging: vt665x: fix alignment constraints 2021-03-18 10:21:46 +01:00
vt6656 staging: vt6656: Fixed issue with alignment in rf.c 2021-02-12 09:47:13 +01:00
wfx Revert "staging: wfx: remove unused included header files" 2021-03-10 09:23:30 +01:00
wimax staging: wimax/i2400m: fix some byte order issues found by sparse 2021-02-13 22:37:50 +01:00
wlan-ng staging:wlan-ng: use memdup_user instead of kmalloc/copy_from_user 2021-02-13 22:37:50 +01:00
Kconfig Staging / IIO driver patches for 5.11-rc1 2020-12-15 14:18:40 -08:00
Makefile Staging / IIO driver patches for 5.11-rc1 2020-12-15 14:18:40 -08:00