2012-04-10 08:05:08

by Vasanthakumar Thiagarajan

Subject: [PATCH] ath6kl: Fix possible unaligned memory access in ath6kl_get_rsn_capab()

alignment is not taken care in accessing pairwise cipher and AKM suite
count which are parsed from rsn ie. Fix this alignment issue.

Reported-by: Joe Perches <[email protected]>
Signed-off-by: Vasanthakumar Thiagarajan <[email protected]>
---
drivers/net/wireless/ath/ath6kl/cfg80211.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/ath/ath6kl/cfg80211.c b/drivers/net/wireless/ath/ath6kl/cfg80211.c
index fb73196..707c299 100644
--- a/drivers/net/wireless/ath/ath6kl/cfg80211.c
+++ b/drivers/net/wireless/ath/ath6kl/cfg80211.c
@@ -2546,14 +2546,14 @@ static int ath6kl_get_rsn_capab(struct cfg80211_beacon_data *beacon,
/* skip pairwise cipher suite */
if (rsn_ie_len < 2)
return -EINVAL;
- cnt = *((u16 *) rsn_ie);
+ cnt = get_unaligned_le16(rsn_ie);
rsn_ie += (2 + cnt * 4);
rsn_ie_len -= (2 + cnt * 4);

/* skip akm suite */
if (rsn_ie_len < 2)
return -EINVAL;
- cnt = *((u16 *) rsn_ie);
+ cnt = get_unaligned_le16(rsn_ie);
rsn_ie += (2 + cnt * 4);
rsn_ie_len -= (2 + cnt * 4);

--
1.7.0.4

2012-04-12 07:36:00

by Kalle Valo

Subject: Re: [PATCH] ath6kl: Fix possible unaligned memory access in ath6kl_get_rsn_capab()

On 04/10/2012 11:05 AM, Vasanthakumar Thiagarajan wrote:
> alignment is not taken care in accessing pairwise cipher and AKM suite
> count which are parsed from rsn ie. Fix this alignment issue.
>
> Reported-by: Joe Perches <[email protected]>
> Signed-off-by: Vasanthakumar Thiagarajan <[email protected]>

Thanks, applied.

Kalle