ath9k: off by one in ath9k_hw_nvram_read_array()

Message ID	20170406051220.GA23650@mwanda (mailing list archive)
State	Accepted
Commit	b7dcf68f383a05567bd16a390907b67022a62d3d
Delegated to:	Kalle Valo
Headers	show Return-Path: <linux-wireless-owner@kernel.org> Date: Thu, 6 Apr 2017 08:12:20 +0300 From: Dan Carpenter <dan.carpenter@oracle.com> To: QCA ath9k Development <ath9k-devel@qca.qualcomm.com>, Gabor Juhos <juhosg@openwrt.org> Cc: Kalle Valo <kvalo@codeaurora.org>, linux-wireless@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [PATCH] ath9k: off by one in ath9k_hw_nvram_read_array() Message-ID: <20170406051220.GA23650@mwanda> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.6.0 (2016-04-01) Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk

Message ID

20170406051220.GA23650@mwanda (mailing list archive)

State

Accepted

Commit

b7dcf68f383a05567bd16a390907b67022a62d3d

Delegated to:

Kalle Valo

Headers

show

Return-Path: <linux-wireless-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	EBBA560364 for <patchwork-linux-wireless@patchwork.kernel.org>;
	Thu,  6 Apr 2017 05:12:50 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DD7D827D4A
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Thu,  6 Apr 2017 05:12:50 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id D022B28533; Thu,  6 Apr 2017 05:12:50 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, 
	UNPARSEABLE_RELAY autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6CE7A27D4A
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Thu,  6 Apr 2017 05:12:50 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752422AbdDFFMq (ORCPT
	<rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
	Thu, 6 Apr 2017 01:12:46 -0400
Received: from userp1040.oracle.com ([156.151.31.81]:37827 "EHLO
	userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752211AbdDFFMo (ORCPT
	<rfc822;linux-wireless@vger.kernel.org>);
	Thu, 6 Apr 2017 01:12:44 -0400
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])
	by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2)
	with ESMTP id v365CWsj027453
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Thu, 6 Apr 2017 05:12:32 GMT
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72])
	by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id v365CVwt015179
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Thu, 6 Apr 2017 05:12:31 GMT
Received: from abhmp0002.oracle.com (abhmp0002.oracle.com [141.146.116.8])
	by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id v365CTOl023043; 
	Thu, 6 Apr 2017 05:12:30 GMT
Received: from mwanda (/154.122.98.7)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Wed, 05 Apr 2017 22:12:29 -0700
Date: Thu, 6 Apr 2017 08:12:20 +0300
From: Dan Carpenter <dan.carpenter@oracle.com>
To: QCA ath9k Development <ath9k-devel@qca.qualcomm.com>,
	Gabor Juhos <juhosg@openwrt.org>
Cc: Kalle Valo <kvalo@codeaurora.org>, linux-wireless@vger.kernel.org,
	kernel-janitors@vger.kernel.org
Subject: [PATCH] ath9k: off by one in ath9k_hw_nvram_read_array()
Message-ID: <20170406051220.GA23650@mwanda>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.6.0 (2016-04-01)
X-Source-IP: aserv0022.oracle.com [141.146.126.234]
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The > should be >= or we read one space beyond the end of the array. Fixes: ab5c4f71d8c7 ("ath9k: allow to load EEPROM content via firmware API") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Comments

Kalle Valo April 19, 2017, 1:58 p.m. UTC | #1

Dan Carpenter <dan.carpenter@oracle.com> wrote:
> The > should be >= or we read one space beyond the end of the array.
> 
> Fixes: ab5c4f71d8c7 ("ath9k: allow to load EEPROM content via firmware API")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/drivers/net/wireless/ath/ath9k/eeprom.c b/drivers/net/wireless/ath/ath9k/eeprom.c
> index fb80ec86e53d..6ccf24814514 100644
> --- a/drivers/net/wireless/ath/ath9k/eeprom.c
> +++ b/drivers/net/wireless/ath/ath9k/eeprom.c
> @@ -112,7 +112,7 @@ void ath9k_hw_usb_gen_fill_eeprom(struct ath_hw *ah, u16 *eep_data,
>  static bool ath9k_hw_nvram_read_array(u16 *blob, size_t blob_size,
>  				      off_t offset, u16 *data)
>  {
> -	if (offset > blob_size)
> +	if (offset >= blob_size)
>  		return false;
>  
>  	*data =  blob[offset];

Patch applied to ath-next branch of ath.git, thanks.

b7dcf68f383a ath9k: off by one in ath9k_hw_nvram_read_array()

diff --git a/drivers/net/wireless/ath/ath9k/eeprom.c b/drivers/net/wireless/ath/ath9k/eeprom.c
index fb80ec86e53d..6ccf24814514 100644
--- a/drivers/net/wireless/ath/ath9k/eeprom.c
+++ b/drivers/net/wireless/ath/ath9k/eeprom.c
@@ -112,7 +112,7 @@  void ath9k_hw_usb_gen_fill_eeprom(struct ath_hw *ah, u16 *eep_data,
 static bool ath9k_hw_nvram_read_array(u16 *blob, size_t blob_size,
 				      off_t offset, u16 *data)
 {
-	if (offset > blob_size)
+	if (offset >= blob_size)
 		return false;
 
 	*data =  blob[offset];

ath9k: off by one in ath9k_hw_nvram_read_array()

Commit Message

Comments

Patch