Re: [PATCH v2] wifi: mac80211: Avoid address calculations via out of bounds array indexing
From: Johannes Berg <johannes@sipsolutions.net>
Date: 2024-06-04 19:30:12
Also in:
linux-hardening, linux-wireless, lkml
On Tue, 2024-06-04 at 14:53 -0400, Kenton Groombridge wrote:
On 24/05/29 04:54PM, Johannes Berg wrote:quoted
On Fri, 2024-05-17 at 10:54 -0400, Kenton Groombridge wrote:quoted
req->n_channels must be set before req->channels[] can be used.I don't know why, but this patch breaks a number of hwsim test cases. https://w1.fi/cgit/hostap/tree/tests/hwsim/ johannesPardon my absence. I'm also not sure why these tests are failing. Unless I'm missing something, the runtime behavior of these code paths shouldn't have changed significantly.
Looking at your patch again, this seems wrong?
+ local->hw_scan_req->req.channels[*n_chans++] = req->channels[i];
This will increment n_chans rather than *n_chans, no? johannes