staging: r8712u: Add the new driver to the mainline kernel

Dan Carpenter dan.carpenter at oracle.com
Sat Nov 24 20:16:37 UTC 2012


Hello Larry Finger,

The patch 2865d42c78a9: "staging: r8712u: Add the new driver to the 
mainline kernel" from Aug 20, 2010, leads to the following warning:
drivers/staging/rtl8712/mlme_linux.c:161 r8712_report_sec_ie()
	 error: buffer overflow 'sec_ie' 255 <= 255

drivers/staging/rtl8712/mlme_linux.c
   158                  len = sec_ie[1] + 2;
   159                  len =  (len < IW_CUSTOM_MAX) ? len : IW_CUSTOM_MAX;
                                                             ^^^^^^^^^^^^^
We set len to 256 here.

   160                  for (i = 0; i < len; i++)
   161                          p += sprintf(p, "%02x", sec_ie[i]);
                                                        ^^^^^^
sec_ie[] comes from r8712_restruct_sec_ie() and it is only 255 bytes so
we are reading one past the end of the array.

   162                  p += sprintf(p, ")");

regards,
dan carpenter




More information about the devel mailing list