Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp7100297ybn;
        Mon, 30 Sep 2019 08:39:24 -0700 (PDT)
X-Google-Smtp-Source: APXvYqx3JhcFsYhXY44W6BadUy6VtnUQP6vHzNuKDwwZbYysLY2nTg5lSq5NQi+Lxi7x2nrCFOf9
X-Received: by 2002:a50:934c:: with SMTP id n12mr20786532eda.12.1569857964580;
        Mon, 30 Sep 2019 08:39:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1569857964; cv=none;
        d=google.com; s=arc-20160816;
        b=OavqPgIkOFTFEWNYzi5DSWKkMzancQE9ybGYOsdhdeN9umGWplPzkOvAod1USM8OmC
         vgkqcxR3ve6eo4eOB5hCOOhPfzR33rYDZfIduBRjxjeea7ZbFtGLrI1OFndq+qZ8QTwx
         98TuGocCT144ml0YRKyAhdzUjMBi31vZw63UV9qQyL2IaA1EXd/wzWVsAL9ON8Tw6qmx
         qrbVlsrWM2hU0DQ0D84KLY/Wt2TCAK2EgmF5m2BTw0EQSqfqFHygPXXJ2WkXEfn+CQq3
         YXjycLPOUUezdZxLG49gab4exIoD/br9k1lfXhz7K6FGPQN65nifghjAk1DlGbe1zI3s
         IcqA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :content-language:accept-language:in-reply-to:references:message-id
         :date:thread-index:thread-topic:subject:cc:to:from;
        bh=qCQkRb5tsN8k2QQpGmKLBsRTs0+WF2K8Y9umBBo2jpI=;
        b=rqBTwbejtCloAqQAz/f4hjZtN330PJzJ01LoVCmFeY7l5CVDqRxFNrpfpNqdWV436a
         eLQ8c5gjgtSCR5e6fmi2puVCIpp9RgrTxmNdkgl0CT3AgXLSKfKZJ4o38DxcIRoBp+N3
         cOc8OWaKR/qTMqpJH9Wgu6FMRE8/ab02cVwuknDM0rP47av0dZK0ax+IKrmWDDahmKdM
         p+DwsFtrSsBsdQ8GOK098443j4jJ7z9EBU6uYXlaU0JyP4deAfm+TUTA6vAGFqNsxPXG
         b3LY05bOKuk0r6myfkv1ihjqjnU+JceW6CKTqzulQsfEwboL3cWPM9HTwRzoDJ4IU+ZN
         /c/g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y11si7084613eje.365.2019.09.30.08.39.00;
        Mon, 30 Sep 2019 08:39:24 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731276AbfI3Pfq convert rfc822-to-8bit (ORCPT
        <rfc822;7819ynot@gmail.com> + 99 others);
        Mon, 30 Sep 2019 11:35:46 -0400
Received: from eu-smtp-delivery-151.mimecast.com ([146.101.78.151]:20001 "EHLO
        eu-smtp-delivery-151.mimecast.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1730809AbfI3Pfq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 30 Sep 2019 11:35:46 -0400
Received: from AcuMS.aculab.com (156.67.243.126 [156.67.243.126]) (Using
 TLS) by relay.mimecast.com with ESMTP id
 uk-mta-171-6gbYdDGuMiuY3reOFp0ISg-1; Mon, 30 Sep 2019 16:35:43 +0100
Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) by
 AcuMS.aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) with Microsoft SMTP
 Server (TLS) id 15.0.1347.2; Mon, 30 Sep 2019 16:35:42 +0100
Received: from AcuMS.Aculab.com ([fe80::43c:695e:880f:8750]) by
 AcuMS.aculab.com ([fe80::43c:695e:880f:8750%12]) with mapi id 15.00.1347.000;
 Mon, 30 Sep 2019 16:35:42 +0100
From:   David Laight <David.Laight@ACULAB.COM>
To:     'Denis Efremov' <efremov@linux.com>,
        "linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>,
        "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
CC:     Pontus Fuchs <pontus.fuchs@gmail.com>,
        Kalle Valo <kvalo@codeaurora.org>,
        "David S. Miller" <davem@davemloft.net>,
        "stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: RE: [PATCH] ar5523: check NULL before memcpy() in ar5523_cmd()
Thread-Topic: [PATCH] ar5523: check NULL before memcpy() in ar5523_cmd()
Thread-Index: AQHVd5eyJR20opeapUCX0TL00aRlGadEWhCg
Date:   Mon, 30 Sep 2019 15:35:42 +0000
Message-ID: <230cd4f790544b01a26afa26e4186454@AcuMS.aculab.com>
References: <20190930140207.28638-1-efremov@linux.com>
In-Reply-To: <20190930140207.28638-1-efremov@linux.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.202.205.107]
MIME-Version: 1.0
X-MC-Unique: 6gbYdDGuMiuY3reOFp0ISg-1
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8BIT
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Denis Efremov
> Sent: 30 September 2019 15:02
> 
> memcpy() call with "idata == NULL && ilen == 0" results in undefined
> behavior in ar5523_cmd(). For example, NULL is passed in callchain
> "ar5523_stat_work() -> ar5523_cmd_write() -> ar5523_cmd()". This patch
> adds idata check before memcpy() call in ar5523_cmd() to prevent an
> undefined behavior.
> 
...
> Signed-off-by: Denis Efremov <efremov@linux.com>
> ---
>  drivers/net/wireless/ath/ar5523/ar5523.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/net/wireless/ath/ar5523/ar5523.c b/drivers/net/wireless/ath/ar5523/ar5523.c
> index b94759daeacc..f25af5bc5282 100644
> --- a/drivers/net/wireless/ath/ar5523/ar5523.c
> +++ b/drivers/net/wireless/ath/ar5523/ar5523.c
> @@ -255,7 +255,8 @@ static int ar5523_cmd(struct ar5523 *ar, u32 code, const void *idata,
> 
>  	if (flags & AR5523_CMD_FLAG_MAGIC)
>  		hdr->magic = cpu_to_be32(1 << 24);
> -	memcpy(hdr + 1, idata, ilen);
> +	if (idata)
> +		memcpy(hdr + 1, idata, ilen);

That would be better as if (ilen) ...

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)