Re: [PATCH] staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()

2021-03-05 Thread Edmundo Carmona Antoranz 
On Fri, Mar 5, 2021 at 12:33 PM Dan Carpenter  wrote:
>
> It's good that you're reviewing code...

Right now watching the patches flow feels like I'm just shadowing.
Later, when I get the hang of it, I might try providing something on
my own. I'll just watch things from a distance for the time being
perhaps making questions here or there (like I just did).

Just in case, my main point was to use a min() (or MIN? whatever way
it's provided in the standard) to have only two conditions instead of
three... .to keep them on separate lines, it could be done like this:

if (sec_len > 0 &&
sec_len <= min(len, 32)) {

_but_ I understand if you would rather keep the 3 conditions.

Thanks for your comment.
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

Re: [PATCH] staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()

2021-03-05 Thread Dan Carpenter 
On Fri, Mar 05, 2021 at 10:58:17AM -0600, Edmundo Carmona Antoranz wrote:
> On Fri, Mar 5, 2021 at 2:59 AM Dan Carpenter  wrote:
> > -   if (sec_len > 0 && sec_len <= len) {
> > +   if (sec_len > 0 &&
> > +   sec_len <= len &&
> > +   sec_len <= 32) {
> 
> I wonder if this could be reduced to (sec_len > 0 && sec_len <=
> min(len, 32)) from a stylistic POV?

I kind of prefer it the way I wrote it.  I prefer conditions split
apart and done ploddingly, one at a time...  You'll notice how I could
have written it like:

if (sec_len > 0 && sec_len <= len &&
sec_len <= 32) {

But I really like my conditions to be spelled out so the "sec_len" is
perfectly aligned in each part of the condition.  Your way would be to
combine two conditions into one part of a line and seems sneaky.

> 
> First attempt at something kernel related so I know there's plenty of
> things to learn (including patterns for problems like this and
> etiquette).

It's good that you're reviewing code...  We try to be predictable though
and no one would have predicted your response.  Ideally patch review
should be like, "Ugh!  Why didn't I think of that?  Of course, we should
propagate the error code."  Or "Oh, I didn't know checkpatch warns about
that."

The truth is that I don't always agree with all of Greg's reviews.  He
is more strict than I am about breaking up patches into multiple things.
(It's a tricky line to define for me).  But I can always predict what
Greg will say in a review so that saves time when I know which patches
he will accept and which he won't.

regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

Re: [PATCH] staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()

2021-03-05 Thread Edmundo Carmona Antoranz 
On Fri, Mar 5, 2021 at 2:59 AM Dan Carpenter  wrote:
> -   if (sec_len > 0 && sec_len <= len) {
> +   if (sec_len > 0 &&
> +   sec_len <= len &&
> +   sec_len <= 32) {

I wonder if this could be reduced to (sec_len > 0 && sec_len <=
min(len, 32)) from a stylistic POV?

First attempt at something kernel related so I know there's plenty of
things to learn (including patterns for problems like this and
etiquette).

BR
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

[PATCH] staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()

2021-03-05 Thread Dan Carpenter 
This code has a check to prevent read overflow but it needs another
check to prevent writing beyond the end of the ->ssid[] array.

Fixes: a2c60d42d97c ("staging: r8188eu: Add files for new driver - part 16")
Signed-off-by: Dan Carpenter 
---
 drivers/staging/rtl8188eu/os_dep/ioctl_linux.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c 
b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
index bf22f130d3e1..58954b88a817 100644
--- a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
+++ b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
@@ -1133,9 +1133,11 @@ static int rtw_wx_set_scan(struct net_device *dev, 
struct iw_request_info *a,
break;
}
sec_len = *(pos++); len -= 1;
-   if (sec_len > 0 && sec_len <= len) {
+   if (sec_len > 0 &&
+   sec_len <= len &&
+   sec_len <= 32) {
ssid[ssid_index].ssid_length = 
sec_len;
-   memcpy(ssid[ssid_index].ssid, 
pos, ssid[ssid_index].ssid_length);
+   memcpy(ssid[ssid_index].ssid, 
pos, sec_len);
ssid_index++;
}
pos += sec_len;
-- 
2.30.1

___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel