| Message ID | 20221024162843.535921-1-Jason@zx2c4.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp588563wru;
Mon, 24 Oct 2022 11:16:06 -0700 (PDT)
X-Google-Smtp-Source:
AMsMyM7FHrXzUZ+IcrH+n/R+eBw+xkNl0PNUuOGyeQfR2+2zWVVCOKPdUeoN1qB6z7L59QASRILo
X-Received: by 2002:a17:907:d03:b0:7a2:d213:de18 with SMTP id
gn3-20020a1709070d0300b007a2d213de18mr9880600ejc.124.1666635365827;
Mon, 24 Oct 2022 11:16:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1666635365; cv=none;
d=google.com; s=arc-20160816;
b=NISZ+olU1YNLSGEaS0Z1iHGhhIxNX2aWVzuwQ3B1RPCiJHqo+zFDwMVtPTfE++HuSy
64eb9pB2Eg+AH7bkqueHmq6pyKqbsRu1wkxWfZmqvLgNAVm0UKQbZsfx80+eBLRxVdQ/
mvNQYtXwwpI+eKY2Wc9zj7vgevKH9nZuNTeXwpYcXfDZWiE/S9MPPkW4L5/QIANzyfZg
r0hJgZwFYk4r335MrgoN3WN3LUEKdRisxtm1mMV7c1A95/UOtnBn4em03UmzScKH0PdB
EqZKo3TV24Y+vqmzpSH9IM2v3ghYh96eL8XYILX+MSYhKssB8nN/UGHpHVfjBw/hPylI
QPFA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=lGWkAOM76PXD9OlLzryeLFcK9Aq5PqnA6itzc82Ub3k=;
b=rffbwYQgVHdAPcmFefuoNEsMY+BAnkJnsLJgyrrgWDPkpqpTbMk6XVXmALs+4EOsaq
OyL8cA9kAkXKrKsr0npK+IgUNayKeEkx65QNpc9AQ4ALNJ475QpBYaAumcmvVBbwWTnm
38ueE+mImq/WIFNAJ26rRvJNpiz7jGTGY5DZXJESFuPvt6N4oprbUlxL+87bm5uz1Pco
P7QyciROgfBMqbhVjyPd48R/M/Tpa3KxI/mIinG+uOPx7s48ucJu0OVar7JOyt0vLOH3
1TEzRR4a+RnhJMnrmWWKtGJcDHOklmtjc8QN57vt73SGcnUjIcdMq+Fc2RdDYIOs3fL0
8zgg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=M+4u14Jr;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
hq34-20020a1709073f2200b007a858ead52dsi433657ejc.732.2022.10.24.11.15.40;
Mon, 24 Oct 2022 11:16:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=M+4u14Jr;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S230403AbiJXSOc (ORCPT <rfc822;pwkd43@gmail.com> + 99 others);
Mon, 24 Oct 2022 14:14:32 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47302 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S233118AbiJXSON (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 24 Oct 2022 14:14:13 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org
[IPv6:2604:1380:4641:c500::1])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A0085F5CE1;
Mon, 24 Oct 2022 09:55:46 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by dfw.source.kernel.org (Postfix) with ESMTPS id 9682A614A9;
Mon, 24 Oct 2022 16:28:51 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id AFCB5C433C1;
Mon, 24 Oct 2022 16:28:50 +0000 (UTC)
Authentication-Results: smtp.kernel.org;
dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com
header.b="M+4u14Jr"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105;
t=1666628929;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:
content-transfer-encoding:content-transfer-encoding;
bh=lGWkAOM76PXD9OlLzryeLFcK9Aq5PqnA6itzc82Ub3k=;
b=M+4u14JreonhS4vq1das3LDBYNnu98JclDVylg7bnn3tXscMzTOWihPJkilWMzZRBB37Ca
S9acT1Bxh2NYBFW4LjoKQhyCy3lra+g1dzuaUxGeAkk7DT/t2+OG3cAcs8pIU61cazWGvh
PCxsepQ1D45QhxmMTJ1aaymwd12dDpU=
Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 8130baa5
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
Mon, 24 Oct 2022 16:28:48 +0000 (UTC)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: linux-kernel@vger.kernel.org
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
Kalle Valo <kvalo@kernel.org>, linux-wireless@vger.kernel.org
Subject: [PATCH] wifi: cisco: do not assign -1 to unsigned char
Date: Mon, 24 Oct 2022 18:28:43 +0200
Message-Id: <20221024162843.535921-1-Jason@zx2c4.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1747593845345925853?=
X-GMAIL-MSGID: =?utf-8?q?1747593845345925853?=
|
| Series |
wifi: cisco: do not assign -1 to unsigned char
|
|
Commit Message
Jason A. Donenfeld
Oct. 24, 2022, 4:28 p.m. UTC
With char becoming unsigned by default, and with `char` alone being
ambiguous and based on architecture, we get a warning when assigning the
unchecked output of hex_to_bin() to that unsigned char. Mark `key` as a
`u8`, which matches the struct's type, and then check each call to
hex_to_bin() before casting.
Cc: Kalle Valo <kvalo@kernel.org>
Cc: linux-wireless@vger.kernel.org
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
drivers/net/wireless/cisco/airo.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
Comments
From: Jason A. Donenfeld > Sent: 24 October 2022 17:29 > > With char becoming unsigned by default, and with `char` alone being > ambiguous and based on architecture, we get a warning when assigning the > unchecked output of hex_to_bin() to that unsigned char. Mark `key` as a > `u8`, which matches the struct's type, and then check each call to > hex_to_bin() before casting. > > Cc: Kalle Valo <kvalo@kernel.org> > Cc: linux-wireless@vger.kernel.org > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> > --- > drivers/net/wireless/cisco/airo.c | 18 ++++++++++++++---- > 1 file changed, 14 insertions(+), 4 deletions(-) > > diff --git a/drivers/net/wireless/cisco/airo.c b/drivers/net/wireless/cisco/airo.c > index 10daef81c355..fb2c35bd73bb 100644 > --- a/drivers/net/wireless/cisco/airo.c > +++ b/drivers/net/wireless/cisco/airo.c > @@ -5232,7 +5232,7 @@ static int get_wep_tx_idx(struct airo_info *ai) > return -1; > } > > -static int set_wep_key(struct airo_info *ai, u16 index, const char *key, > +static int set_wep_key(struct airo_info *ai, u16 index, const u8 *key, > u16 keylen, int perm, int lock) > { > static const unsigned char macaddr[ETH_ALEN] = { 0x01, 0, 0, 0, 0, 0 }; > @@ -5283,7 +5283,7 @@ static void proc_wepkey_on_close(struct inode *inode, struct file *file) > struct net_device *dev = pde_data(inode); > struct airo_info *ai = dev->ml_priv; > int i, rc; > - char key[16]; > + u8 key[16]; > u16 index = 0; > int j = 0; > > @@ -5311,12 +5311,22 @@ static void proc_wepkey_on_close(struct inode *inode, struct file *file) > } > > for (i = 0; i < 16*3 && data->wbuffer[i+j]; i++) { > + int val; > + > + if (i % 3 == 2) > + continue; > + > + val = hex_to_bin(data->wbuffer[i+j]); > + if (val < 0) { > + airo_print_err(ai->dev->name, "WebKey passed invalid key hex"); > + return; > + } > switch(i%3) { > case 0: > - key[i/3] = hex_to_bin(data->wbuffer[i+j])<<4; > + key[i/3] = (u8)val << 4; > break; > case 1: > - key[i/3] |= hex_to_bin(data->wbuffer[i+j]); > + key[i/3] |= (u8)val; > break; > } > } That is about the crappiest loop I've seen. I was just going to point out that the (u8) casts aren't needed. Something like: for (i = 0, buf = data->wbuffer + j; i < 16; i++, buf += 3) { int val; if (!buf[0] || !buf[1]) break; val = hex_to_bin(buf[0]) | hex_to_bin(buf[1]) << 8; if (val < 0) { airo_print_err(ai->dev->name, "WebKey passed invalid key hex"); return; } key[i] = val; if (!buf[2]) break; } Although there should be a check for buf[2] being valid. Any I worry about exactly what happens if there aren't 16 full bytes. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
On Tue, Oct 25, 2022 at 10:11:44AM +0000, David Laight wrote: > From: Jason A. Donenfeld > > Sent: 24 October 2022 17:29 > > > > With char becoming unsigned by default, and with `char` alone being > > ambiguous and based on architecture, we get a warning when assigning the > > unchecked output of hex_to_bin() to that unsigned char. Mark `key` as a > > `u8`, which matches the struct's type, and then check each call to > > hex_to_bin() before casting. > > > > Cc: Kalle Valo <kvalo@kernel.org> > > Cc: linux-wireless@vger.kernel.org > > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> > > --- > > drivers/net/wireless/cisco/airo.c | 18 ++++++++++++++---- > > 1 file changed, 14 insertions(+), 4 deletions(-) > > > > diff --git a/drivers/net/wireless/cisco/airo.c b/drivers/net/wireless/cisco/airo.c > > index 10daef81c355..fb2c35bd73bb 100644 > > --- a/drivers/net/wireless/cisco/airo.c > > +++ b/drivers/net/wireless/cisco/airo.c > > @@ -5232,7 +5232,7 @@ static int get_wep_tx_idx(struct airo_info *ai) > > return -1; > > } > > > > -static int set_wep_key(struct airo_info *ai, u16 index, const char *key, > > +static int set_wep_key(struct airo_info *ai, u16 index, const u8 *key, > > u16 keylen, int perm, int lock) > > { > > static const unsigned char macaddr[ETH_ALEN] = { 0x01, 0, 0, 0, 0, 0 }; > > @@ -5283,7 +5283,7 @@ static void proc_wepkey_on_close(struct inode *inode, struct file *file) > > struct net_device *dev = pde_data(inode); > > struct airo_info *ai = dev->ml_priv; > > int i, rc; > > - char key[16]; > > + u8 key[16]; > > u16 index = 0; > > int j = 0; > > > > @@ -5311,12 +5311,22 @@ static void proc_wepkey_on_close(struct inode *inode, struct file *file) > > } > > > > for (i = 0; i < 16*3 && data->wbuffer[i+j]; i++) { > > + int val; > > + > > + if (i % 3 == 2) > > + continue; > > + > > + val = hex_to_bin(data->wbuffer[i+j]); > > + if (val < 0) { > > + airo_print_err(ai->dev->name, "WebKey passed invalid key hex"); > > + return; > > + } > > switch(i%3) { > > case 0: > > - key[i/3] = hex_to_bin(data->wbuffer[i+j])<<4; > > + key[i/3] = (u8)val << 4; > > break; > > case 1: > > - key[i/3] |= hex_to_bin(data->wbuffer[i+j]); > > + key[i/3] |= (u8)val; > > break; > > } > > } > > That is about the crappiest loop I've seen. > I was just going to point out that the (u8) casts aren't needed. > Something like: > for (i = 0, buf = data->wbuffer + j; i < 16; i++, buf += 3) { > int val; > if (!buf[0] || !buf[1]) > break; > val = hex_to_bin(buf[0]) | hex_to_bin(buf[1]) << 8; > if (val < 0) { > airo_print_err(ai->dev->name, "WebKey passed invalid key hex"); > return; > } > key[i] = val; > if (!buf[2]) > break; > } > > Although there should be a check for buf[2] being valid. > Any I worry about exactly what happens if there aren't 16 full bytes. buf[2] isn't checked. Presumably it's a space or something. Your <<8 also isn't right; this is a hex char. Anyway, I think I'd rather minimize this delta and leave this patch as-is. Jason
"Jason A. Donenfeld" <Jason@zx2c4.com> wrote: > With char becoming unsigned by default, and with `char` alone being > ambiguous and based on architecture, we get a warning when assigning the > unchecked output of hex_to_bin() to that unsigned char. Mark `key` as a > `u8`, which matches the struct's type, and then check each call to > hex_to_bin() before casting. > > Cc: Kalle Valo <kvalo@kernel.org> > Cc: linux-wireless@vger.kernel.org > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Patch applied to wireless.git, thanks. e6cb8769452e wifi: airo: do not assign -1 to unsigned char
diff --git a/drivers/net/wireless/cisco/airo.c b/drivers/net/wireless/cisco/airo.c index 10daef81c355..fb2c35bd73bb 100644 --- a/drivers/net/wireless/cisco/airo.c +++ b/drivers/net/wireless/cisco/airo.c @@ -5232,7 +5232,7 @@ static int get_wep_tx_idx(struct airo_info *ai) return -1; } -static int set_wep_key(struct airo_info *ai, u16 index, const char *key, +static int set_wep_key(struct airo_info *ai, u16 index, const u8 *key, u16 keylen, int perm, int lock) { static const unsigned char macaddr[ETH_ALEN] = { 0x01, 0, 0, 0, 0, 0 }; @@ -5283,7 +5283,7 @@ static void proc_wepkey_on_close(struct inode *inode, struct file *file) struct net_device *dev = pde_data(inode); struct airo_info *ai = dev->ml_priv; int i, rc; - char key[16]; + u8 key[16]; u16 index = 0; int j = 0; @@ -5311,12 +5311,22 @@ static void proc_wepkey_on_close(struct inode *inode, struct file *file) } for (i = 0; i < 16*3 && data->wbuffer[i+j]; i++) { + int val; + + if (i % 3 == 2) + continue; + + val = hex_to_bin(data->wbuffer[i+j]); + if (val < 0) { + airo_print_err(ai->dev->name, "WebKey passed invalid key hex"); + return; + } switch(i%3) { case 0: - key[i/3] = hex_to_bin(data->wbuffer[i+j])<<4; + key[i/3] = (u8)val << 4; break; case 1: - key[i/3] |= hex_to_bin(data->wbuffer[i+j]); + key[i/3] |= (u8)val; break; } }