Hello,
I've written a new kind of Smatch check that generates this warning:
drivers/net/wireless/ipw2x00/libipw_rx.c:1303 libipw_parse_info_param()
warn: potentially allocating too little.
drivers/net/wireless/ipw2x00/libipw_rx.c
1300 case WLAN_EID_IBSS_DFS:
1301 if (network->ibss_dfs)
1302 break;
1303 network->ibss_dfs = kmemdup(info_element->data,
1304 info_element->len,
The problem is that smatch marks "info_element->len" as untrusted data
because it comes from skb->data. "network->ibss_dfs" is a 9 character
struct. We're not necessarily allocating enough space for that.
So far as I can see this is harmless because we never use ->ibss_dfs
and we should just delete it along with all the related code?
1305 GFP_ATOMIC);
1306 if (!network->ibss_dfs)
1307 return 1;
1308 network->flags |= NETWORK_HAS_IBSS_DFS;
1309 break;
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
