mac80211: rx: check for the skb_copy_bits() return value

Commit Message

Denis Kirjanov Feb. 17, 2015, 7:12 p.m. UTC

Signed-off-by: Denis Kirjanov <kda@linux-powerpc.org>
---
 net/mac80211/rx.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

Comments

Johannes Berg Feb. 23, 2015, 11:50 a.m. UTC | #1

You fail to provide a useful commit log explaining why this change
should be done? Given that all the code already has the necessary
checks, these calls can never return non-zero, so this seems pointless?

johannes


--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 1101563..4d3ec94 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -685,7 +685,8 @@  static int iwl80211_get_cs_keyid(const struct ieee80211_cipher_scheme *cs,
 	if (skb->len < hdrlen + cs->hdr_len)
 		return -EINVAL;
 
-	skb_copy_bits(skb, hdrlen + cs->key_idx_off, &keyid, 1);
+	if (skb_copy_bits(skb, hdrlen + cs->key_idx_off, &keyid, 1))
+		return -EFAULT;
 	keyid &= cs->key_idx_mask;
 	keyid >>= cs->key_idx_shift;
 
@@ -1128,7 +1129,8 @@  ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
 			if (rx->skb->len < hdrlen + 8)
 				return RX_DROP_MONITOR;
 
-			skb_copy_bits(rx->skb, hdrlen + 6, &ethertype, 2);
+			if (skb_copy_bits(rx->skb, hdrlen + 6, &ethertype, 2))
+				return RX_DROP_MONITOR;
 			if (ethertype == rx->sdata->control_port_protocol)
 				return RX_CONTINUE;
 		}
@@ -1614,7 +1616,8 @@  ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
 			 * no need to call ieee80211_wep_get_keyidx,
 			 * it verifies a bunch of things we've done already
 			 */
-			skb_copy_bits(rx->skb, hdrlen + 3, &keyid, 1);
+			if (skb_copy_bits(rx->skb, hdrlen + 3, &keyid, 1))
+				return RX_DROP_MONITOR;
 			keyidx = keyid >> 6;
 		}