Re: [PATCH v6] staging: rtl8723bs: fix heap buffer overflow in cfg80211_rtw_add_key()

Next message: Andreas Kemnade: "[PATCH] power: supply: bd71828: sysfs for auto input current limitation"
Previous message: Uwe Kleine-K&#xF6;nig (The Capable Hub): "Re: [PATCH] dmaengine: Consistently define pci_device_ids using named initializers"
In reply to: Greg KH: "Re: [PATCH v6] staging: rtl8723bs: fix heap buffer overflow in cfg80211_rtw_add_key()"
Next in thread: Greg KH: "Re: [PATCH v6] staging: rtl8723bs: fix heap buffer overflow in cfg80211_rtw_add_key()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Feng Ning

Date: Mon May 04 2026 - 12:39:55 EST

On Mon, May 04, 2026 at 06:03:02PM +0200, Greg KH wrote:
> Let's fix this in a way that the code can be moved out of staging
> someday please.
>
> > That said, I can see the argument for -EINVAL: it makes the contract
> > explicit and avoids installing a key with a truncated sequence counter
> > that could produce unexpected crypto behaviour.
>
> Yes, that is better.
>
> > Regarding hardware testing: I do not currently have a physical
> > rtl8723bs device.
>
> Ideally someone can test this on the real hardware. I'm loath to take
> real patches for this driver without that happening.

Hi Greg,

Thank you. I will change the silent truncation to an explicit -EINVAL
when seq_len > sizeof(param->u.crypt.seq) for the next iteration.

Regarding testing: I do not have access to RTL8723BS/BU hardware to
verify this, and I will not resubmit as a regular PATCH without a
Tested-by from real hardware.

Would you prefer I send the -EINVAL revision as an RFC on
linux-staging and linux-wireless to ask for a community tester, or
should I drop the patch until someone with the hardware picks up the
thread?

I'm fine with either path -- whichever you prefer.

thanks,
Feng Ning