Re: [PATCH] staging: wilc1000: fix incorrect copy of pmkid data
From: walter harms
Date: Fri Mar 17 2017 - 04:36:02 EST
Am 17.03.2017 00:21, schrieb Colin King:
> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
>
> The pmkid data is meant be be copied to the previous item in the
> pmkidlist, however the code is just copying the data to itself because
> the src index into pmkidlist is the same as the dst index into pmkidlist.
> Fix this with i + 1 instead of i.
>
> Detected by CoverityScan,CID#13339465 ("Overlapping buffer in memory copy")
>
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> ---
> drivers/staging/wilc1000/wilc_wfi_cfgoperations.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c
> index a37896f..4034f40 100644
> --- a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c
> +++ b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c
> @@ -1346,7 +1346,7 @@ static int del_pmksa(struct wiphy *wiphy, struct net_device *netdev,
> priv->pmkid_list.pmkidlist[i + 1].bssid,
> ETH_ALEN);
> memcpy(priv->pmkid_list.pmkidlist[i].pmkid,
> - priv->pmkid_list.pmkidlist[i].pmkid,
> + priv->pmkid_list.pmkidlist[i + 1].pmkid,
> PMKID_LEN);
> }
> priv->pmkid_list.numpmkid--;
perhaps we can also simplify the error handling:
that would reduce the indentlevel by one and effectivly remove the s32Error variable.
if (i >= priv->pmkid_list.numpmkid || priv->pmkid_list.numpmkid <= 0)
return -EINVAL;
just my 2 cents.
re,
wh