diff options
| author |   Kees Cook <keescook@chromium.org> | 2021-08-19 13:28:25 -0700 |
|---|---|---|
| committer |   Kalle Valo <kvalo@codeaurora.org> | 2021-08-21 20:15:36 +0300 |
| commit | 92276c592a6b5d7e3d99b8905429dd5c2bff4ec7 (patch) | |
| tree | ab13516102797dcfd4c6e2ec68e97bf24ae377a7 | |
| parent | ipw2x00: Avoid field-overflowing memcpy() (diff) | |
| download | linux-dev-92276c592a6b5d7e3d99b8905429dd5c2bff4ec7.tar.xz linux-dev-92276c592a6b5d7e3d99b8905429dd5c2bff4ec7.zip | |
ray_cs: Split memcpy() to avoid bounds check warning
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.
Split memcpy() for each address range to help memcpy() correctly reason
about the bounds checking. Avoids the future warning:
In function 'fortify_memcpy_chk',
inlined from 'memcpy_toio' at ./include/asm-generic/io.h:1204:2,
inlined from 'ray_build_header.constprop' at drivers/net/wireless/ray_cs.c:984:3:
./include/linux/fortify-string.h:285:4: warning: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Wattribute-warning]
285 | __write_overflow_field(p_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: linux-wireless@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210819202825.3545692-4-keescook@chromium.org
| -rw-r--r-- | drivers/net/wireless/ray_cs.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/drivers/net/wireless/ray_cs.c b/drivers/net/wireless/ray_cs.c index de614ac60421..0f5009c47cd0 100644 --- a/drivers/net/wireless/ray_cs.c +++ b/drivers/net/wireless/ray_cs.c @@ -982,7 +982,9 @@ AP to AP 1 1 dest AP src AP dest source if (local->net_type == ADHOC) { writeb(0, &ptx->mac.frame_ctl_2); memcpy_toio(ptx->mac.addr_1, ((struct ethhdr *)data)->h_dest, - 2 * ADDRLEN); + ADDRLEN); + memcpy_toio(ptx->mac.addr_2, ((struct ethhdr *)data)->h_source, + ADDRLEN); memcpy_toio(ptx->mac.addr_3, local->bss_id, ADDRLEN); } else { /* infrastructure */ |