[PATCH 09/32] p54: Use mem_to_flex_dup() with struct p54_cal_database
Kees Cook
keescook at chromium.org
Wed May 4 01:44:18 UTC 2022
As part of the work to perform bounds checking on all memcpy() uses,
replace the open-coded a deserialization of bytes out of memory into a
trailing flexible array by using a flex_array.h helper to perform the
allocation, bounds checking, and copying.
Cc: Christian Lamparter <chunkeey at googlemail.com>
Cc: Kalle Valo <kvalo at kernel.org>
Cc: "David S. Miller" <davem at davemloft.net>
Cc: Eric Dumazet <edumazet at google.com>
Cc: Jakub Kicinski <kuba at kernel.org>
Cc: Paolo Abeni <pabeni at redhat.com>
Cc: linux-wireless at vger.kernel.org
Cc: netdev at vger.kernel.org
Signed-off-by: Kees Cook <keescook at chromium.org>
---
drivers/net/wireless/intersil/p54/eeprom.c | 8 ++------
drivers/net/wireless/intersil/p54/p54.h | 4 ++--
2 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/drivers/net/wireless/intersil/p54/eeprom.c b/drivers/net/wireless/intersil/p54/eeprom.c
index 5bd35c147e19..bd9b3ea327b9 100644
--- a/drivers/net/wireless/intersil/p54/eeprom.c
+++ b/drivers/net/wireless/intersil/p54/eeprom.c
@@ -702,7 +702,7 @@ static int p54_convert_output_limits(struct ieee80211_hw *dev,
static struct p54_cal_database *p54_convert_db(struct pda_custom_wrapper *src,
size_t total_len)
{
- struct p54_cal_database *dst;
+ struct p54_cal_database *dst = NULL;
size_t payload_len, entries, entry_size, offset;
payload_len = le16_to_cpu(src->len);
@@ -713,16 +713,12 @@ static struct p54_cal_database *p54_convert_db(struct pda_custom_wrapper *src,
(payload_len + sizeof(*src) != total_len))
return NULL;
- dst = kmalloc(sizeof(*dst) + payload_len, GFP_KERNEL);
- if (!dst)
+ if (mem_to_flex_dup(&dst, src->data, payload_len, GFP_KERNEL))
return NULL;
dst->entries = entries;
dst->entry_size = entry_size;
dst->offset = offset;
- dst->len = payload_len;
-
- memcpy(dst->data, src->data, payload_len);
return dst;
}
diff --git a/drivers/net/wireless/intersil/p54/p54.h b/drivers/net/wireless/intersil/p54/p54.h
index 3356ea708d81..22bbb6d28245 100644
--- a/drivers/net/wireless/intersil/p54/p54.h
+++ b/drivers/net/wireless/intersil/p54/p54.h
@@ -125,8 +125,8 @@ struct p54_cal_database {
size_t entries;
size_t entry_size;
size_t offset;
- size_t len;
- u8 data[];
+ DECLARE_FLEX_ARRAY_ELEMENTS_COUNT(size_t, len);
+ DECLARE_FLEX_ARRAY_ELEMENTS(u8, data);
};
#define EEPROM_READBACK_LEN 0x3fc
--
2.32.0
More information about the Linux-security-module-archive
mailing list