Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Date:   Wed, 20 Apr 2022 20:52:44 +0300
From:   Dan Carpenter <dan.carpenter@oracle.com>
To:     Rebecca Mckeever <remckee0@gmail.com>
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org,
        outreachy@lists.linux.dev
Subject: Re: [PATCH] staging: rtl8192u: change get_key functions to return 0
 instead of -1
Message-ID: <20220420175243.GI2951@kadam>
References: <Yl/7QPKXer7YtXOs@bertie>
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Yl/7QPKXer7YtXOs@bertie>
User-Agent: Mutt/1.9.4 (2018-02-28)
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?MB1XM8z9iVQvPQKBUhysBG9f3ltIRB8y2HEtmwKEJfqjWpXwYMmJBbg9pXKL?=
 =?us-ascii?Q?gQaNFUg2tn14qW21Zyn6gDl7lIjG+y9Aq7yvy/CRDl4CT/7LtgC/a95vmw3d?=
 =?us-ascii?Q?BaorVMjPCtZMYj+swxQguRfC6NvrHI+p40FVa9WP8pay9KPWsWKYcqOPJ4iB?=
 =?us-ascii?Q?7n8+IVTwZHSSyFfFIf0wWVBMVyFpWC361Vp2d8GVohSoUCg5A7Gmxgh3/VRO?=
 =?us-ascii?Q?SwkXDpVftO8Tlf+WE59K9oABr5qX/Iz9a9DG3FawtRddSgXWOK9sQNBNPd/C?=
 =?us-ascii?Q?d/oxwMUGAj7VXpac8xYJl88siqWmAHxXBkLSOBKn9aTs8Z8bRU38QFYzNHdG?=
 =?us-ascii?Q?mZExfqbnYlT8U8SKdqWIe5JzxdQEnnD8/NJZu6Rgi306XW1kUmznL7KMuZyB?=
 =?us-ascii?Q?mAUsx2WkaLJxROYHx/rjhgYQOiU0eRQ4icNb8qu4jdlSenCZfMqyrnujkrv6?=
 =?us-ascii?Q?ECZ8qh6rO0DkAFGCM78YqJvugZ7CYwP6YxYBTsHe8Txkn/8QcPNIV2qJhYYP?=
 =?us-ascii?Q?hE+euYkUquJJbeTCS7UWUJtQ7G7/hw7vDbOfMiLWUDqIZql09tXJIzl1EH+U?=
 =?us-ascii?Q?asm4I5kSxerzhLzRlRDxq/ab0fZnCHOHbbf5JnCFJ/Lmd7vOlsafzCHGjnNy?=
 =?us-ascii?Q?xFX/WuIY+zqDWuHkJp95CXGF1812eUNKTzp5/Yoq0A9V3wrXhU2wFUhDMDjY?=
 =?us-ascii?Q?FQvFwoaY9liUeKHrpK1QX31pFq5yTpUu55JoX1VWMoQKRo5LgVkr9pIxi9xm?=
 =?us-ascii?Q?MuEPQ0zwPN717FnUYG+wqDrKOXKN+XyX6CK+Y150ySIA63obG5mRXn9o5krK?=
 =?us-ascii?Q?wnua7DfSrUIep/iJ3bS2JcEqxZsW7IHr8YYrhJ3JCuifeKwHgJBluqxpp/9Z?=
 =?us-ascii?Q?UcAUu9IrdILH7WszGfE0p0M+ScLa3YpSibU76wZtY4+MBxD7/nZH2VY4VWqC?=
 =?us-ascii?Q?s1KEuUCRb0Or2OthDAFuCOCf+/WCaS7bXcgVj/m0cY1BMP3FCN025DPDhc9z?=
 =?us-ascii?Q?RHDPtKv80PRt+L6CYiyMMyDqE4zN6ng+lRkFSfpr+nZu+YKksB4fCXS+ijnb?=
 =?us-ascii?Q?UTu11fmuzqcsXIsVnZ5G0A50U/YXuwqW1bZFqn0HeW9xo5ODMstj66jflZC0?=
 =?us-ascii?Q?xQjo5fk8zGndmeJiIJPyRa21I9I3RMgenQx45H7TAzKvA4RuV1uXtDNMj+1d?=
 =?us-ascii?Q?IJNnXE1vl3EDmtAEeczHtioGLgNRkJzKl/UAK3PKXqAKDU/FeAlM3Ho9vs1y?=
 =?us-ascii?Q?1/Skjs1jOtezrUilw6MKay6g7DxCC6xsX5X611gP+kSvfmpOdlskcJCP18Ct?=
 =?us-ascii?Q?4TakOCaH6uBym+sQ+ng/unJfG+fSEtYSisWhYg5ZVrJriRQNzU1KHpzy8QuS?=
 =?us-ascii?Q?MblOi+H4TA4k26tOwmCvAMnFoRUQRuiWo2WpD4Hcf+h4q8P1zCgzAfETUNL2?=
 =?us-ascii?Q?oGHfZDQ188muwZHJhOXxxCDuJ3hyQHB0dRv/taTgJ556tVloL7nRwnRyo4sT?=
 =?us-ascii?Q?/dgCrAe7z/KY/3pMUK3ikXV/WA/8Qq/kCl9f86cjNbW1vdT25EBxnynMnMDJ?=
 =?us-ascii?Q?x0yMTLOnXF2KMPskAVjcKZLmdQxY6zK4528K797XAc9PXtg0qT5f6cvfXkQo?=
 =?us-ascii?Q?5L53oXb0csoSVVFp7KZZJvpcRzUhCUXl+fjpGxWvBTONv07JfdqcyRomIhP0?=
 =?us-ascii?Q?YNAy4BHeBPM08LMDEaBp2sUPrWzeRlCyCGrzv2Ojz+TqwY4RdDZ77uVhxvf9?=
 =?us-ascii?Q?J+S+DOv0ulILOWcAtkMbN+k/Bm5NEGs=3D?=
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a310baea-b815-4949-df8f-08da22f69d8d
X-MS-Exchange-CrossTenant-AuthSource: MWHPR1001MB2365.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Apr 2022 17:53:02.8997
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: Kr3nBj8osVqKbPq2sQvhpwateLPkXeFAS/EmO5L2qOYr1WSfz86aZZYaX5oma6l9V+0sWfPthGX0djTGJkGm+uowcBq9YhWrlOdmfYbFOOw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR10MB4280
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.486,18.0.858
 definitions=2022-04-20_05:2022-04-20,2022-04-20 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 phishscore=0 malwarescore=0
 suspectscore=0 spamscore=0 mlxlogscore=999 adultscore=0 bulkscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000
 definitions=main-2204200106
X-Proofpoint-GUID: IkMq1XDi9-BmolhOwt0q_sYvn-wC10KQ
X-Proofpoint-ORIG-GUID: IkMq1XDi9-BmolhOwt0q_sYvn-wC10KQ
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,
        RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Apr 20, 2022 at 07:23:28AM -0500, Rebecca Mckeever wrote:
> Currently, these three get_key functions return -1 when the provided len
> value is less a specific key length value, which can result in buffer
> overflow depending on how the returned value is used. These functions are
> used in three places in ieee80211/ieee80211_wx.c:
> 
>   ieee80211_wx_get_encode() :
>     The behavior of this function will be unchanged.
> 
>   ieee80211_wx_get_encode_ext() :
>     The result of the get_key function is written to ext->key_len,
>     resulting in a buffer overflow if the result is negative.
> 
>   ieee80211_wx_set_encode() :
>     The behavior of this function will change. When len is less than the
>     key length value, it will set a default key of all 0.
> 
> Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Rebecca Mckeever <remckee0@gmail.com>

Of course I suggested this one, but reviewing it again it still seems
like the right thing.  Good commit message.  It explains the
controversial bit nicely which is the behavior change in
ieee80211_wx_set_encode().  When you explain the all controversial bits
in advance then it builds trust.

regards,
dan carpenter