Re: [PATCH v7] staging: rtl8723bs: fix remote heap info disclosure and OOB reads

Next message: Fernando Fernandez Mancera: "Re: [PATCH net] net: hsr: fix potential OOB access in supervision frame handling"
Previous message: Carlos Llamas: "[PATCH v4] libbpf: fix UAF in strset__add_str()"
In reply to: Greg Kroah-Hartman: "Re: [PATCH v7] staging: rtl8723bs: fix remote heap info disclosure and OOB reads"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Luka Gejak

Date: Sat May 23 2026 - 12:32:45 EST

Hi Greg,
On May 23, 2026 3:44:58 PM GMT+02:00, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>On Sat, May 23, 2026 at 03:13:31PM +0200, luka.gejak@xxxxxxxxx wrote:
>> From: Luka Gejak <luka.gejak@xxxxxxxxx>

...

>> Also fix three additional issues discovered during review:
>> - Missing free of pmgntframe and its xmitbuf before jumping to exit
>> in the WLAN_EID_VENDOR_SPECIFIC lower-bound checks.
>> - In is_ap_in_tkip(), add missing lower-bound checks for the RSN and
>> vendor-specific IE data accesses (pre-existing bug).
>> - Move rtw_buf_update() before dump_mgntframe() to avoid a potential
>> use-after-free of pwlanhdr, which points into the mgmt frame buffer
>> (pre-existing bug).
>
>When you say "also" that implies you need to break this patch up into
>smaller pieces, right? Please do so.
>

Well, I just addressed sashiko comments on my patch, so I thought to
keep it one patch as it was review of if.

>>
>> Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver")
>> Cc: stable@xxxxxxxxxxxxxxx
>> Signed-off-by: Luka Gejak <luka.gejak@xxxxxxxxx>
>> ---
>> Changes in v7:
>> - Address new sashiko comments.
>>
>
>That does not say _what_ you did, only that you did _something_. Please
>be more specific.

"Also" part is what was changed due to sashiko's request. Should I
move it here, provide link to sashiko or write it here completely.

>
>thanks,
>
>greg k-h

Best regards,
Luka Gejak