Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp2512428imm; Thu, 27 Sep 2018 14:14:11 -0700 (PDT) X-Google-Smtp-Source: ACcGV61VelA9fhmxOfaoiGvYBZkkEtoIwqXR2rWD9yu7J2wbQmyYUlcRf3xPd51SOo9Fi3r6zUt5 X-Received: by 2002:a17:902:c85:: with SMTP id 5-v6mr12936407plt.141.1538082851943; Thu, 27 Sep 2018 14:14:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538082851; cv=none; d=google.com; s=arc-20160816; b=GLHA57tbZWQfVvC6Rad8LfYtE/QaGazC3PAilnX1QOFJszo0ScwUkPa9BrA+aJnX4+ seLkRVykF5yhSp8/vElmAh17jCmcxGFcVXVn+3kKHnfwv4WkIKK5qz4VqlmAU49Wgccz IiUknxGfVo06c85YPQMSApY1N8BRUC9xONuk4/+Vh9gM9C5izmwqo53DFDtj7jKcuoJR WbVhdwupdhQjbyVuW0ZvLbo/egbntQ/ny/LTBxBvwYTltRWw15DmMLM5CWYZE9D3f1x2 5lQRqzqfMTjMrHGxR5dcCMOq/Vod1vC1b7DCmWFrHoKnHLM1VYySOD4ZoVrtagnCzyBG 52wA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=94jf4jMsAlSUxK1ho48R+3/pZWxZZCO1NRsXTs0bpdM=; b=FRteDyjJFEQiq2BtOzjiFz1SND8O/3t/AHw6GQ9xwzpid0Gye1GCImzhZx3J3ja8h+ siy7pKhRkPCriOENFk7GEnJ1msaz5SjehD3k/nl26EzxOBwQG0IC/XgB6ums3PTUGi7K oGoWvu82eG5XZodfVkrtwiKPiFwkq1W3fjqKhEeziT3Nxwz66mhOb8JAHP/keaolgEEM yZgTvhNzkHXQ6BgfPrBccIXqiD6z6et88G1DQpXxcPKqvxf9QeaPfcmvZTF8Ute5UjTN QGUFuX+kvWwxp19A7/rlYm0JuLbGBR9ndJzStkLhmL9/bZNCZXNTIPn4hbPffB/uVfiF nK/A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=oxFcLykr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 73-v6si3031731pfv.139.2018.09.27.14.13.55; Thu, 27 Sep 2018 14:14:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=oxFcLykr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728137AbeI1DdM (ORCPT + 99 others); Thu, 27 Sep 2018 23:33:12 -0400 Received: from mail-wm1-f68.google.com ([209.85.128.68]:54220 "EHLO mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727340AbeI1DdL (ORCPT ); Thu, 27 Sep 2018 23:33:11 -0400 Received: by mail-wm1-f68.google.com with SMTP id b19-v6so218972wme.3 for ; Thu, 27 Sep 2018 14:12:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=94jf4jMsAlSUxK1ho48R+3/pZWxZZCO1NRsXTs0bpdM=; b=oxFcLykr6OxOW+vk7orFIYdauEn5PtB9sfNWpcHx2aY18fnbFtbogwjP3rlOikj+7V ECiTYLc/7Mq1hNoyV+sFnYzBzV0ulmXUSouNIoCKk0YLE/xi6cTpvAERjXca6iRxc1gt Lq4k8Kixkm4mEZydKflDdqDCH7Yyrl8GM/Hp/JbDVvIFF9Z26mcKeG8ZvLlDYLhmCVuM RLgHFXxOM/h48qhw8H0mobIQ5SkC5d154z7zGa9cyJ9hUQ4EHjH6KqbEalNjG6Fum2an VSapVlwfECxVdkOVyN4kLSHFMNxCgvbY9k79fOGzUzEGMxN19uuAwtmyb8ZN2ai/j1yZ XB6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=94jf4jMsAlSUxK1ho48R+3/pZWxZZCO1NRsXTs0bpdM=; b=FCMcevEa+R/D0OkvFnKjFKlGG+N90pRocWYY1LinXiU0iYCHitBTrjGps+88+LU5+z 1lP/xKuiAkQmQirrh76J1bM/3DBz8fTOudY2fOAubWhIRiRgMP+md/0UWj2atRopBwZF XRZtt07pcb9hvtxjZ7nZdRcCX+8GTiaUoxP9pVAeVFkzJmGHuTBnofWIiKPpHoNXdaXO OhjLUPVVlG/jMm96lp/Ih7G/VgyXia1Wx/HLelFI+neqh7tw6Z5JijHbPg8SyMBNzZRD VkvChQWChYwGc08sBRSQqJwwyZcnyVQjf04V0PLcASO/FqlLZRywdULlUvgsKt8uvF37 j/Cw== X-Gm-Message-State: ABuFfoikiKHH0lWLqlKGZ74bz0S8ALw4Saozm0gWla67kQwFmPHcrSlf BSGQ3x3Zxc6MvtvQQ0ZeH1k= X-Received: by 2002:a1c:f53:: with SMTP id 80-v6mr240646wmp.58.1538082777123; Thu, 27 Sep 2018 14:12:57 -0700 (PDT) Received: from localhost.localdomain ([2a01:388:3ce:110::1:5]) by smtp.gmail.com with ESMTPSA id 75-v6sm225053wml.21.2018.09.27.14.12.55 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 27 Sep 2018 14:12:56 -0700 (PDT) Date: Thu, 27 Sep 2018 22:12:54 +0100 From: Aymen Qader To: Larry Finger Cc: Greg Kroah-Hartman , devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] staging: rtl8188eu: Avoid null pointer arithmetic Message-ID: <20180927211254.v2s7hdfubjird376@localhost.localdomain> References: <20180927170408.4495-1-qader.aymen@gmail.com> <96968145-e727-56ac-1a74-8458e479b7bf@lwfinger.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <96968145-e727-56ac-1a74-8458e479b7bf@lwfinger.net> User-Agent: NeoMutt/20180716 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 27, 2018 at 03:52:53PM -0500, Larry Finger wrote: > On 9/27/18 12:04 PM, Aymen Qader wrote: > > Avoid null pointer arithmetic in rtw_mlme_ext.c by skipping other field > > checks if the information element pointer is null. > > > > Signed-off-by: Aymen Qader > > --- > > drivers/staging/rtl8188eu/core/rtw_mlme_ext.c | 4 +++- > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c b/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c > > index 834053a0ae9d..8a3a71456cd0 100644 > > --- a/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c > > +++ b/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c > > @@ -2971,8 +2971,10 @@ static unsigned int OnAssocReq(struct adapter *padapter, > > /* checking SSID */ > > p = rtw_get_ie(pframe + WLAN_HDR_A3_LEN + ie_offset, _SSID_IE_, &ie_len, > > pkt_len - WLAN_HDR_A3_LEN - ie_offset); > > - if (!p) > > + if (!p) { > > status = _STATS_FAILURE_; > > + goto OnAssocReqFail; > > + } > > if (ie_len == 0) { /* broadcast ssid, however it is not allowed in assocreq */ > > status = _STATS_FAILURE_; > > I do not think this patch avoids any pointer arithmetic. If p is NULL, then > ie_len will be zero and the branch with the memcmp() call, where the pointer > arithmetic is done, will be skipped. I'm sincerely sorry, you're completely right--that was a bad oversight from me, I should have checked more thoroughly. > > That said, it is better to bail out with the first failure condition. I do > not require the following, but the code would be even simpler if you test p > and ie_len==0 in a single if statement and eliminate some code as in > > diff --git a/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c > b/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c > index 1115050077e4..71722cec84a0 100644 > --- a/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c > +++ b/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c > @@ -2982,11 +2982,10 @@ static unsigned int OnAssocReq(struct adapter *padapter, > /* checking SSID */ > p = rtw_get_ie(pframe + WLAN_HDR_A3_LEN + ie_offset, _SSID_IE_, &ie_len, > pkt_len - WLAN_HDR_A3_LEN - ie_offset); > - if (!p) > - status = _STATS_FAILURE_; > > - if (ie_len == 0) { /* broadcast ssid, however it is not allowed in > assocreq */ > + if (!p || ie_len == 0) { /* broadcast ssid, however it is not > allowed in assocreq */ > status = _STATS_FAILURE_; > + goto OnAssocReqFail; > } else { > /* check if ssid match */ > if (memcmp((void *)(p+2), cur->Ssid.Ssid, cur->Ssid.SsidLength)) > Yep, I understand that would be a lot better. If it's alright, I'll send this in with a v2 (w/ a more appropriate commit message). > > ACKed-by: Larry Finger > > Thanks, > > Larry > Kind regards, Aymen