Message ID | 20190315153907.16192-4-luca@coelho.fi (mailing list archive) |
---|---|
State | Changes Requested |
Delegated to: | Johannes Berg |
Headers | show |
Series | cfg80211/mac80211 patches from our internal tree 2019-03-15 | expand |
On Fri, 2019-03-15 at 17:38 +0200, Luca Coelho wrote: > From: Luca Coelho <luciano.coelho@intel.com> > > It is generally safer to copy the length of the destination instead of > the length of the source, because if the sizes don't match, it's > usually better to leak some data from the source than to write data > out of bounds in the destination. > > Signed-off-by: Luca Coelho <luciano.coelho@intel.com> > --- > net/wireless/nl80211.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c > index 25a9e3b5c154..239be0e2f9e1 100644 > --- a/net/wireless/nl80211.c > +++ b/net/wireless/nl80211.c > @@ -8061,7 +8061,7 @@ static int nl80211_notify_radar_detection(struct sk_buff *skb, > > cfg80211_sched_dfs_chan_update(rdev); > > - memcpy(&rdev->radar_chandef, &chandef, sizeof(chandef)); > + memcpy(&rdev->radar_chandef, &chandef, sizeof(rdev->radar_chandef)); I think we're better off doing a struct assignment here. johannes
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 25a9e3b5c154..239be0e2f9e1 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -8061,7 +8061,7 @@ static int nl80211_notify_radar_detection(struct sk_buff *skb, cfg80211_sched_dfs_chan_update(rdev); - memcpy(&rdev->radar_chandef, &chandef, sizeof(chandef)); + memcpy(&rdev->radar_chandef, &chandef, sizeof(rdev->radar_chandef)); /* Propagate this notification to other radios as well */ queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);