Re: [PATCH] wifi: nl80211: Avoid address calculations via out of bounds array indexing

From: Kees Cook
Date: Tue Apr 30 2024 - 17:01:13 EST

Next message: Andrew Halaney: "racing ndo_open()/phylink*connect() with phy_probe()"
Previous message: Namhyung Kim: "Re: [RFC PATCH v2 3/3] perf evsel: Add retirement latency event support"
In reply to: Jeff Johnson: "Re: [PATCH] wifi: nl80211: Avoid address calculations via out of bounds array indexing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 30, 2024 at 12:59:57PM -0700, Jeff Johnson wrote:
> On 4/30/2024 3:01 AM, Johannes Berg wrote:
> > This really doesn't even seem right, shouldn't do pointer arithmetic on
> > void pointers.
>
> FWIW I argued this in the past in another context and Linus gave his opinion:
>
> https://lore.kernel.org/all/CAHk-=whFKYMrF6euVvziW+drw7-yi1pYdf=uccnzJ8k09DoTXA@xxxxxxxxxxxxxx/

I was going to make the same argument. :) For this case, (void *) is
superior because we need to perform byte-granular arithmetic and we need
to use the implicit cast to the assigned variable's type.

The reason not to use the channels[] array is because we're not addressing
anything in the array -- we're addressing past it. Better to use the
correct allocation base.

-Kees

--
Kees Cook

Next message: Andrew Halaney: "racing ndo_open()/phylink*connect() with phy_probe()"
Previous message: Namhyung Kim: "Re: [RFC PATCH v2 3/3] perf evsel: Add retirement latency event support"
In reply to: Jeff Johnson: "Re: [PATCH] wifi: nl80211: Avoid address calculations via out of bounds array indexing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]