Re: [PATCH v6] staging: rtl8723bs: fix heap buffer overflow in cfg80211_rtw_add_key()

[Luka Gejak]

On May 4, 2026 7:01:00 PM GMT+02:00, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>On Mon, May 04, 2026 at 04:38:35PM +0000, Feng Ning wrote:
>> On Mon, May 04, 2026 at 06:03:02PM +0200, Greg KH wrote:
>> > Let's fix this in a way that the code can be moved out of staging
>> > someday please.
>> >
>> > > That said, I can see the argument for -EINVAL: it makes the contract
>> > > explicit and avoids installing a key with a truncated sequence counter
>> > > that could produce unexpected crypto behaviour.
>> >
>> > Yes, that is better.
>> >
>> > > Regarding hardware testing: I do not currently have a physical
>> > > rtl8723bs device.
>> >
>> > Ideally someone can test this on the real hardware.  I'm loath to take
>> > real patches for this driver without that happening.
>> 
>> Hi Greg,
>> 
>> Thank you.  I will change the silent truncation to an explicit -EINVAL
>> when seq_len > sizeof(param->u.crypt.seq) for the next iteration.
>> 
>> Regarding testing: I do not have access to RTL8723BS/BU hardware to
>> verify this, and I will not resubmit as a regular PATCH without a
>> Tested-by from real hardware.
>> 
>> Would you prefer I send the -EINVAL revision as an RFC on
>> linux-staging and linux-wireless to ask for a community tester, or
>> should I drop the patch until someone with the hardware picks up the
>> thread?
>
>Submit the patch and ask for someone to test it.  I think Luka here said
>they were getting a device, and I might have one somewhere around here
>as well if I dig hard enough...
>
>thanks,
>
>greg k-h

Hi Greg,
my hardware (medion akoya s2218 laptop) is currently on its way from 
Germany and should arrive in approximetely 10-14 days (approximation 
is based on time that it took other orders to arrive from same area).
Once it arrives I would be happy to serve as a tester if necessary.
Best regards,
Luka Gejak