Message ID | X8ilOfVz3pf0T5ec@mwanda |
---|---|
State | New |
Headers | show |
Series | [net] rtw88: debug: Fix uninitialized memory in debugfs code | expand |
Dan Carpenter <dan.carpenter@oracle.com> writes: > This code does not ensure that the whole buffer is initialized and none > of the callers check for errors so potentially none of the buffer is > initialized. Add a memset to eliminate this bug. > > Fixes: e3037485c68e ("rtw88: new Realtek 802.11ac driver") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > --- > drivers/net/wireless/realtek/rtw88/debug.c | 2 ++ > 1 file changed, 2 insertions(+) I'll take this to wireless-drivers, this shouldn't go to net.
On Thu, Dec 03, 2020 at 11:16:29AM +0200, Kalle Valo wrote: > Dan Carpenter <dan.carpenter@oracle.com> writes: > > > This code does not ensure that the whole buffer is initialized and none > > of the callers check for errors so potentially none of the buffer is > > initialized. Add a memset to eliminate this bug. > > > > Fixes: e3037485c68e ("rtw88: new Realtek 802.11ac driver") > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > --- > > drivers/net/wireless/realtek/rtw88/debug.c | 2 ++ > > 1 file changed, 2 insertions(+) > > I'll take this to wireless-drivers, this shouldn't go to net. Ugh... The worst part about that is that I manually added the "net" part without thinking thouroughly. :/ Anyway, I've modified my QC scripts now. regards, dan carpenter
Dan Carpenter <dan.carpenter@oracle.com> wrote: > This code does not ensure that the whole buffer is initialized and none > of the callers check for errors so potentially none of the buffer is > initialized. Add a memset to eliminate this bug. > > Fixes: e3037485c68e ("rtw88: new Realtek 802.11ac driver") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Patch applied to wireless-drivers.git, thanks. 74a8c816fa8f rtw88: debug: Fix uninitialized memory in debugfs code
diff --git a/drivers/net/wireless/realtek/rtw88/debug.c b/drivers/net/wireless/realtek/rtw88/debug.c index 5974a8ef8b34..12efc23bbfcb 100644 --- a/drivers/net/wireless/realtek/rtw88/debug.c +++ b/drivers/net/wireless/realtek/rtw88/debug.c @@ -147,6 +147,8 @@ static int rtw_debugfs_copy_from_user(char tmp[], int size, { int tmp_len; + memset(tmp, 0, size); + if (count < num) return -EFAULT;
This code does not ensure that the whole buffer is initialized and none of the callers check for errors so potentially none of the buffer is initialized. Add a memset to eliminate this bug. Fixes: e3037485c68e ("rtw88: new Realtek 802.11ac driver") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- drivers/net/wireless/realtek/rtw88/debug.c | 2 ++ 1 file changed, 2 insertions(+)