nl80211: Fix RTM NEW/DELLINK IFNAME copy

Message ID	20200318095836.30859-1-ouden.lin@realtek.com
State	Accepted
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: Ouden Lin <ouden.biz@gmail.com> To: hostap@lists.infradead.org Subject: [PATCH] nl80211: Fix RTM NEW/DELLINK IFNAME copy Date: Wed, 18 Mar 2020 17:58:37 +0800 Message-Id: <20200318095836.30859-1-ouden.lin@realtek.com> MIME-Version: 1.0 summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:441 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [ouden.biz[at]gmail.com] -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain Precedence: list Cc: Ouden <Ouden.Biz@gmail.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	nl80211: Fix RTM NEW/DELLINK IFNAME copy \| expand nl80211: Fix RTM NEW/DELLINK IFNAME copy

Message ID

20200318095836.30859-1-ouden.lin@realtek.com

State

Accepted

Headers

From: Ouden Lin <ouden.biz@gmail.com>
To: hostap@lists.infradead.org
Subject: [PATCH] nl80211: Fix RTM NEW/DELLINK IFNAME copy
Date: Wed, 18 Mar 2020 17:58:37 +0800
Message-Id: <20200318095836.30859-1-ouden.lin@realtek.com>
MIME-Version: 1.0
Precedence: list
Cc: Ouden <Ouden.Biz@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

nl80211: Fix RTM NEW/DELLINK IFNAME copy | expand

Commit Message

Ouden Lin March 18, 2020, 9:58 a.m. UTC

From: Ouden <Ouden.Biz@gmail.com>

If the kernel rtm_newlink or rtm_dellink send the max length of IFNAME,
then the ifname will not copy from RTA_DATA (IFLA_IFNAME)
in function wpa_driver_nl80211_event_rtm_addlink () and
wpa_driver_nl80211_event_rtm_dellink (). Because the
RTA_PAYLOAD (IFLA_IFNAME) length already include the NULL terminaled,
that equal the IFNAMSIZ.

This patch will fixed the condition when IFNAME reach max size.

Signed-off-by: Ouden <Ouden.Biz@gmail.com>
---
 src/drivers/driver_nl80211.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Jouni Malinen March 21, 2020, 3:15 p.m. UTC | #1

On Wed, Mar 18, 2020 at 05:58:37PM +0800, Ouden Lin wrote:
> If the kernel rtm_newlink or rtm_dellink send the max length of IFNAME,
> then the ifname will not copy from RTA_DATA (IFLA_IFNAME)
> in function wpa_driver_nl80211_event_rtm_addlink () and
> wpa_driver_nl80211_event_rtm_dellink (). Because the
> RTA_PAYLOAD (IFLA_IFNAME) length already include the NULL terminaled,
> that equal the IFNAMSIZ.
> 
> This patch will fixed the condition when IFNAME reach max size.

Thanks, applied.

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index efcd69ad2..c071cc0e0 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -1047,7 +1047,7 @@  static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
 	while (RTA_OK(attr, attrlen)) {
 		switch (attr->rta_type) {
 		case IFLA_IFNAME:
-			if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
+			if (RTA_PAYLOAD(attr) > IFNAMSIZ)
 				break;
 			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
 			ifname[RTA_PAYLOAD(attr)] = '\0';
@@ -1222,7 +1222,7 @@  static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
 	while (RTA_OK(attr, attrlen)) {
 		switch (attr->rta_type) {
 		case IFLA_IFNAME:
-			if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
+			if (RTA_PAYLOAD(attr) > IFNAMSIZ)
 				break;
 			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
 			ifname[RTA_PAYLOAD(attr)] = '\0';

nl80211: Fix RTM NEW/DELLINK IFNAME copy

Commit Message

Comments

Patch