Function r8712_sitesurvey_cmd calls memcpy without checking the length.
A user could control that length and trigger a buffer overflow.
Fix by checking the length is within the maximum allowed size.
Signed-off-by: Lee Gibson <leegib@gmail.com>
Link: https://lore.kernel.org/r/20210301132648.420296-1-leegib@gmail.com
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The memdup_user() function does not necessarily return a NUL terminated
string so this can lead to a read overflow. Switch from memdup_user()
to strndup_user() to fix this bug.
Fixes: c6dc001f2a ("staging: r8712u: Merging Realtek's latest (v2.6.6). Various fixes.")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/YDYSR+1rj26NRhvb@mwanda
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
strlcpy is marked as deprecated in Documentation/process/deprecated.rst,
and there is no functional difference when the caller expects truncation
(when not checking the return value). strscpy is relatively better as it
also avoids scanning the whole source string.
This silences the related checkpatch warnings from:
5dbdb2d87c ("checkpatch: prefer strscpy to strlcpy")
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20210131172838.146706-12-memxor@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The logic of this function was accidentally broken by a checkpatch
inspired cleanup. I've modified the code to restore the original
behavior and also make checkpatch happy.
Fixes: 98fe05e21a ("staging: rtl8712: Remove unnecesary else after return statement.")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20200929103548.GA493135@mwanda
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Use empty brace syntax to initialize zero valued arrays.
Simplifies and shortens the code a little bit.
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200919085032.32453-2-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Clean up comparsions to NULL Reported by checkpatch.
if (x == NULL) -> if (!x)
if (x != NULL) -> if (x)
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200919085032.32453-1-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In preparation for unconditionally passing the
struct tasklet_struct pointer to all tasklet
callbacks, switch to using the new tasklet_setup()
and from_tasklet() to pass the tasklet pointer explicitly.
Signed-off-by: Romain Perier <romain.perier@gmail.com>
Signed-off-by: Allen Pais <apais@linux.microsoft.com>
Link: https://lore.kernel.org/r/20200916061831.57848-1-allen.lkml@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Removed braces for a 'if' condition as it contain only single line &
there is no need for braces for such case according to coding style
rules.
Signed-off-by: Ankit Baluni <b18007@students.iitmandi.ac.in>
Link: https://lore.kernel.org/r/20200729074541.1972-1-b18007@students.iitmandi.ac.in
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
clear below issues reported by checkpatch.pl:
CHECK: Using comparison to true is error prone
CHECK: Comparison to NULL should be written "!oldest"
Signed-off-by: John Oldman <john.oldman@polehill.co.uk>
Link: https://lore.kernel.org/r/20200710113113.1648-1-john.oldman@polehill.co.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In the call to dev_err(), remove the cast of size_t to int
and change the format string accordingly.
As reported by the kernel test robot, the correct
format string for a size_t argument should be %zu.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Mauro Dreissig <mukadr@gmail.com>
Link: https://lore.kernel.org/r/20200705143552.9368-6-mukadr@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove useless variable 'raw' from function rtl871x_open_fw()
making the code a bit easier to understand.
Signed-off-by: Mauro Dreissig <mukadr@gmail.com>
Link: https://lore.kernel.org/r/20200705143552.9368-5-mukadr@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Use macro ETH_ALEN which defines the number of octets in
an ethernet address.
Signed-off-by: Mauro Dreissig <mukadr@gmail.com>
Link: https://lore.kernel.org/r/20200705143552.9368-4-mukadr@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add __must_hold() sparse annotation to r8712_sitesurvey_cmd(),
replacing the comments on top of the function.
Signed-off-by: Mauro Dreissig <mukadr@gmail.com>
Link: https://lore.kernel.org/r/20200705180944.20958-1-mukadr@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Many defined constants in wifi.h are unused and/or available from
<linux/ieee80211.h>, some with slightly different names. Use the
common ones, rename where necessary and remove unused.
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200701164213.4205-1-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The constants IEEE80211_BAR_CTRL_ACK_POLICY_NORMAL and
IEEE80211_BAR_CTRL_CBMTID_COMPRESSED_BA are not used in the driver
code and, if ever needed, available from 'include/linux/ieee80211.h'.
Remove them from wifi.h.
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200629171405.7711-3-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The skb allocated when out of memory is likely to be discarded
during subsequent processing.
Signed-off-by: Ivan Safonov <insafonov@gmail.com>
Link: https://lore.kernel.org/r/20200531110548.9318-1-insafonov@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch fixes the checkpatch.pl warning:
WARNING: else is not generally useful after a break or return
490: FILE: drivers/staging/rtl8712/rtl8712_recv.c:490:
return false;
else
Signed-off-by: Sebastian Arriola <sebdeveloper6952@gmail.com>
Link: https://lore.kernel.org/r/20200615155131.GA4563@sevic69
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch switches to <linux/ieee80211.h> and <net/cfg80211.h> and
deletes a lot of duplicate definitions plus many unused ones.
Non obvious changes:
- struct ieee80211_ht_cap is different enough that I preferred to keep
(and rename) it for now.
- mcs_rate in translate_scan was not read after being set, so I deleted
that part rather than using the renamed struct
- WLAN_CAPABILITY_BSS is replaced with WLAN_CAPABILITY_ESS which is the
corresponding one with same value
Signed-off-by: Pascal Terjan <pterjan@google.com>
Link: https://lore.kernel.org/r/20200609194848.166130-1-pterjan@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The value in shared headers was fixed 9 years ago in commit 8d661f1e46
("ieee80211: correct IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK macro") and
while looking at using shared headers for other duplicated constants
I noticed this driver uses the old value.
The macros are also defined twice in this file so I am deleting the
second definition.
Signed-off-by: Pascal Terjan <pterjan@google.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200523211247.23262-1-pterjan@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixes two long line in Kconfig help.
Found using checkpatch.pl
Signed-off-by: R Veera Kumar <vkor@vkten.in>
Link: https://lore.kernel.org/r/20200319095513.GA3078@tulip.local
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Correct a single typo in a comment.
Misspelling found using checkpatch.pl.
Signed-off-by: R Veera Kumar <vkor@vkten.in>
Link: https://lore.kernel.org/r/20200319094358.GA2751@tulip.local
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixes for simple typos in C comments.
Found using checkpatch.pl.
Signed-off-by: R Veera Kumar <vkor@vkten.in>
Link: https://lore.kernel.org/r/20200312091042.GA4246@tulip.local
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The current codebase makes use of the zero-length array language
extension to the C90 standard, but the preferred mechanism to declare
variable-length types such as these ones is a flexible array member[1][2],
introduced in C99:
struct foo {
int stuff;
struct boo array[];
};
By making use of the mechanism above, we will get a compiler warning
in case the flexible array does not occur last in the structure, which
will help us prevent some kind of undefined behavior bugs from being
inadvertently introduced[3] to the codebase from now on.
Also, notice that, dynamic memory allocations won't be affected by
this change:
"Flexible array members have incomplete type, and so the sizeof operator
may not be applied. As a quirk of the original implementation of
zero-length arrays, sizeof evaluates to zero."[1]
This issue was found with the help of Coccinelle.
[1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
[2] https://github.com/KSPP/linux/issues/21
[3] commit 7649773293 ("cxgb3/l2t: Fix undefined behaviour")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Link: https://lore.kernel.org/r/20200220132908.GA30501@embeddedor
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Make sure to use the current alternate setting when verifying the
interface descriptors to avoid binding to an invalid interface.
Failing to do so could cause the driver to misbehave or trigger a WARN()
in usb_submit_urb() that kernels with panic_on_warn set would choke on.
Fixes: 2865d42c78 ("staging: r8712u: Add the new driver to the mainline kernel")
Cc: stable <stable@vger.kernel.org> # 2.6.37
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191210114751.5119-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In order to make the entire kernel usable under Clang's Control Flow
Integrity protections, function prototype casts need to be avoided
because this will trip CFI checks at runtime (i.e. a mismatch between
the caller's expected function prototype and the destination function's
prototype). Many of these cases can be found with -Wcast-function-type,
which found that the rtl wifi drivers had a bunch of needless function
casts. Remove function casts for tasklet callbacks in the various drivers.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/201911150926.2894A4F973@keescook
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove variables that are only used to hold and return constants and
have the functions directly return the constants.
Issue found by coccinelle:
@@
local idexpression ret;
expression e;
@@
-ret =
+return
e;
-return ret;
Signed-off-by: Wambui Karuga <wambui.karugax@gmail.com>
Link: https://lore.kernel.org/r/f61a0f036af24228c682c6b12c3a8e6cf6736185.1570918228.git.wambui.karugax@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixes checkpatch.pl "CHECK Alignment should match open parenthesis"
on drivers/staging/rtl8712/rtl8712_recv.c:122
Signed-off-by: Wambui Karuga <wambui.karugax@gmail.com>
Link: https://lore.kernel.org/r/20191008195350.20544-1-wambui.karugax@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Now that snprintf is replaced by scnprintf n >= MAX_WPA_IE_LEN doesn't
make sense as the maximum value n can take is MAX_WPA_IE_LEN.
Signed-off-by: Rohit Sarkar <rohitsarkar5398@gmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20191002170518.GA1688@SARKAR
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
When the number of bytes to be printed exceeds the limit snprintf
returns the number of bytes that would have been printed (if there was
no truncation). This might cause issues, hence use scnprintf which
returns the actual number of bytes printed to buffer always.
Signed-off-by: Rohit Sarkar <rohitsarkar5398@gmail.com>
Link: https://lore.kernel.org/r/20190910184931.GA8228@SARKAR
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>