Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4806440pxj; Tue, 22 Jun 2021 08:25:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzQoOyw0efIqDg4cFP44h/C8Xg8KPm4qIg6FfYNbBfdVYxJojrHCXb/gyKIXBNeoK4aVW9S X-Received: by 2002:a02:1c06:: with SMTP id c6mr4565454jac.121.1624375504321; Tue, 22 Jun 2021 08:25:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624375504; cv=none; d=google.com; s=arc-20160816; b=rziDZLCpDthy9iS3IJHGx7l8PN+JQ6YMdpbIhkKC80TC02zhkoz1/D7KdrOKaTsf9E XK+bI0G1P8OwHX41gg8k34s8TgFUn2+XF+JBlQm/VSq44krXqwpS8TN7w1ZoSuy8zJVs k0VE9Vu+kDel3HoImZDFtiESTlA0Jo9VcnssfEsNmLcpWiCPuni8Uw6WGTTNL5d6BBWP wDzegNq9oKEsktIHK5r2BDETPtN+xvzz+KiH+uDjfs9RivTdvAJvm55IQ/VDXqvMopXn KvgB4e5MvGxUGuXVQ4F1RaBDNQ2IwonM+aSCfJQjiR58mGxA34/tGnx1s9k51lBezUxM wMQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:date:message-id:user-agent:cc:to:references :in-reply-to:from:subject:content-transfer-encoding:mime-version :dmarc-filter:sender:dkim-signature; bh=E8X8lcgEaG4yOAIaONCDUILAgwyQVZ8tkIXoeCJN4Cs=; b=vq6atexnZaHuzDwnIEsAEB9PY3E+udix48vQd8Gx2hIwrXYqH5NoMn+ozwxn03XqF3 jSOY3579XZoZ57g2BesB3Bn2KNEaP25qNPBge2zkLWZoQqShBKvLvXsb4ggqBMVfYZub NSerrtQB6Mp2bSyvPyloukeV3hVfQyWrdhnhyr0WJbgm4EjU/pBAb/WQ1C61t+rcl4Cr /N7g05YkuGphW89rWXaYnib8Ys2QzO9WvjHvro6OPJfyqbV+LZ390sjPSQxbg5pgA2lK 9tl4sk9qDCoFtTPT0qTYA7ZPEUYeEOuTagB9xcKLd9+eZ9pQUYIYZ67JbKk7xgvDjDda KKsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mg.codeaurora.org header.s=smtp header.b=Kw2x7G5j; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l11si25700109iow.13.2021.06.22.08.24.51; Tue, 22 Jun 2021 08:25:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@mg.codeaurora.org header.s=smtp header.b=Kw2x7G5j; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232246AbhFVP0n (ORCPT + 99 others); Tue, 22 Jun 2021 11:26:43 -0400 Received: from m43-7.mailgun.net ([69.72.43.7]:40202 "EHLO m43-7.mailgun.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231761AbhFVP0m (ORCPT ); Tue, 22 Jun 2021 11:26:42 -0400 DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mg.codeaurora.org; q=dns/txt; s=smtp; t=1624375467; h=Date: Message-Id: Cc: To: References: In-Reply-To: From: Subject: Content-Transfer-Encoding: MIME-Version: Content-Type: Sender; bh=E8X8lcgEaG4yOAIaONCDUILAgwyQVZ8tkIXoeCJN4Cs=; b=Kw2x7G5jlCUAtqzjh2o+xzG4j1yKRvlTkLHjzeouNBKjTQwFalNPAkeLifSgAC47szmZOMBI GA/SK0RmYLDOo3OhMaXGjtqWMKddmQZA0cMAI2jHJpWvw8KkHDep2b+fKWCLJUlNt+FvOYfr SDm1QN5K4UZEmnXQ5mfDw0GGeqA= X-Mailgun-Sending-Ip: 69.72.43.7 X-Mailgun-Sid: WyI3YTAwOSIsICJsaW51eC13aXJlbGVzc0B2Z2VyLmtlcm5lbC5vcmciLCAiYmU5ZTRhIl0= Received: from smtp.codeaurora.org (ec2-35-166-182-171.us-west-2.compute.amazonaws.com [35.166.182.171]) by smtp-out-n04.prod.us-east-1.postgun.com with SMTP id 60d2008432b73d6b2824dca8 (version=TLS1.2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256); Tue, 22 Jun 2021 15:23:48 GMT Sender: kvalo=codeaurora.org@mg.codeaurora.org Received: by smtp.codeaurora.org (Postfix, from userid 1001) id 83806C4338A; Tue, 22 Jun 2021 15:23:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-caf-mail-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=2.0 tests=ALL_TRUSTED,BAYES_00, MISSING_DATE,MISSING_MID,SPF_FAIL,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from tykki.adurom.net (tynnyri.adurom.net [51.15.11.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: kvalo) by smtp.codeaurora.org (Postfix) with ESMTPSA id 50A75C4323A; Tue, 22 Jun 2021 15:23:45 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 50A75C4323A Authentication-Results: aws-us-west-2-caf-mail-1.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: aws-us-west-2-caf-mail-1.web.codeaurora.org; spf=fail smtp.mailfrom=kvalo@codeaurora.org Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: Re: [PATCH] orinoco: Avoid field-overflowing memcpy() From: Kalle Valo In-Reply-To: <20210616203952.1248910-1-keescook@chromium.org> References: <20210616203952.1248910-1-keescook@chromium.org> To: Kees Cook Cc: Kees Cook , "David S. Miller" , Jakub Kicinski , linux-kernel@vger.kernel.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-hardening@vger.kernel.org User-Agent: pwcli/0.1.0-git (https://github.com/kvalo/pwcli/) Python/3.7.3 Message-Id: <20210622152347.83806C4338A@smtp.codeaurora.org> Date: Tue, 22 Jun 2021 15:23:47 +0000 (UTC) Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Kees Cook wrote: > In preparation for FORTIFY_SOURCE performing compile-time and run-time > field bounds checking for memcpy(), memmove(), and memset(), avoid > intentionally writing across neighboring array fields. > > Validate the expected key size and introduce a wrapping structure > to use as the multi-field memcpy() destination so that overflows > can be correctly detected. > > Signed-off-by: Kees Cook Patch applied to wireless-drivers-next.git, thanks. 70ca8441ebfc orinoco: Avoid field-overflowing memcpy() -- https://patchwork.kernel.org/project/linux-wireless/patch/20210616203952.1248910-1-keescook@chromium.org/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches