Skip to content

L
linux
Commit 859c57f6 authored by Kees Cook's avatar Kees Cook Committed by Greg Kroah-Hartman
Browse files
Options

staging: rtl8723bs: Avoid field-overflowing memcpy() 

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.

Adjust memcpy() destination to be the named structure itself, rather than
the first member, allowing memcpy() to correctly reason about the size.

"objdump -d" shows no object code changes.

Cc: Ross Schmidt <ross.schm.dev@gmail.com>
Cc: Joe Perches <joe@perches.com>
Cc: devel@driverdev.osuosl.org
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210806201422.2871679-1-keescook@chromium.orgSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 1b3c6ccc
Hide whitespace changes
Inline Side-by-side
Showing with 1 addition and 1 deletion
drivers/staging/rtl8723bs/core/rtw_mlme.c
View file @ 859c57f6
......@@ -2389,7 +2389,7 @@ unsigned int rtw_restructure_ht_ie(struct adapter *padapter, u8 *in_ie, u8 *out_
}
/* fill default supported_mcs_set */
memcpy(ht_capie.mcs.rx_mask, pmlmeext->default_supported_mcs_set, 16);
memcpy(&ht_capie.mcs, pmlmeext->default_supported_mcs_set, 16);
/* update default supported_mcs_set */
rtw_hal_get_hwreg(padapter, HW_VAR_RF_TYPE, (u8 *)(&rf_type));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7