| Message ID | 20181129223837.6719-1-aring@mojatatu.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [wpan] ieee802154: hwsim: fix off-by-one in parse nested | expand |
On Thu, Nov 29, 2018 at 05:38:37PM -0500, Alexander Aring wrote: > This patch fixes a off-by-one mistake in nla_parse_nested() functions of > mac802154_hwsim driver. I had to enabled stack protector so I was able > to reproduce it. > > Reference: https://github.com/linux-wpan/wpan-tools/issues/17 > > Signed-off-by: Alexander Aring <aring@mojatatu.com> > --- > drivers/net/ieee802154/mac802154_hwsim.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/ieee802154/mac802154_hwsim.c b/drivers/net/ieee802154/mac802154_hwsim.c > index bf70ab892e69..fbcbf55ce744 100644 > --- a/drivers/net/ieee802154/mac802154_hwsim.c > +++ b/drivers/net/ieee802154/mac802154_hwsim.c > @@ -500,7 +500,7 @@ static int hwsim_del_edge_nl(struct sk_buff *msg, struct genl_info *info) > !info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE]) > return -EINVAL; > > - if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX + 1, > + if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX, > info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE], > hwsim_edge_policy, NULL)) > return -EINVAL; > @@ -543,6 +543,7 @@ static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info) > struct hwsim_edge_info *einfo; > struct hwsim_phy *phy_v0; > struct hwsim_edge *e; > + grml, I will fix that... - Alex
diff --git a/drivers/net/ieee802154/mac802154_hwsim.c b/drivers/net/ieee802154/mac802154_hwsim.c index bf70ab892e69..fbcbf55ce744 100644 --- a/drivers/net/ieee802154/mac802154_hwsim.c +++ b/drivers/net/ieee802154/mac802154_hwsim.c @@ -500,7 +500,7 @@ static int hwsim_del_edge_nl(struct sk_buff *msg, struct genl_info *info) !info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE]) return -EINVAL; - if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX + 1, + if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX, info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE], hwsim_edge_policy, NULL)) return -EINVAL; @@ -543,6 +543,7 @@ static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info) struct hwsim_edge_info *einfo; struct hwsim_phy *phy_v0; struct hwsim_edge *e; + u32 v0, v1; u8 lqi; @@ -550,7 +551,7 @@ static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info) !info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE]) return -EINVAL; - if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX + 1, + if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX, info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE], hwsim_edge_policy, NULL)) return -EINVAL;
This patch fixes a off-by-one mistake in nla_parse_nested() functions of mac802154_hwsim driver. I had to enabled stack protector so I was able to reproduce it. Reference: https://github.com/linux-wpan/wpan-tools/issues/17 Signed-off-by: Alexander Aring <aring@mojatatu.com> --- drivers/net/ieee802154/mac802154_hwsim.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)