Re: [PATCH v4] wifi: cfg80211: Fix uninitialized header access in cfg80211_classify8021d

From: Johannes Berg
Date: Tue Dec 16 2025 - 04:28:45 EST

Next message: Jarkko Sakkinen: "[PATCH v8 02/12] KEYS: trusted: Use get_random_bytes_wait() instead of tpm_get_random()"
Previous message: Joel Fernandes: "Re: [PATCH v3 0/4] gpu: nova-core: fixups for GSP message queue and bindings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2025-12-03 at 23:24 +0530, Ranganath V N wrote:
>
> +++ b/net/wireless/util.c
> @@ -962,12 +962,28 @@ unsigned int cfg80211_classify8021d(struct sk_buff *skb,
> }
>
> switch (skb->protocol) {
> - case htons(ETH_P_IP):
> - dscp = ipv4_get_dsfield(ip_hdr(skb)) & 0xfc;
> + case htons(ETH_P_IP): {
> + struct iphdr iph, *ip;
> +
> + ip = skb_header_pointer(skb, sizeof(struct ethhdr),
> + sizeof(*ip), &iph);

The sizeof(struct ethhdr) is probably a *correct* assumption, but
wouldn't skb->network_header make more sense?

Please try to understand the code in question before reposting this
patch *again*, I'm not interested in coding by remote-control.

johannes

Next message: Jarkko Sakkinen: "[PATCH v8 02/12] KEYS: trusted: Use get_random_bytes_wait() instead of tpm_get_random()"
Previous message: Joel Fernandes: "Re: [PATCH v3 0/4] gpu: nova-core: fixups for GSP message queue and bindings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]