Skip to content

Commit 14b6cff

Browse files
arndbgregkh
arndb
authored and
gregkh
committed
staging: rtl8723bs: avoid bogus gcc warning
gcc gets confused by some of the type casts and produces an apparently senseless warning about an out-of-bound memcpy to an unrelated array in the same structure: drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c: In function 'rtw_cfg80211_ap_set_encryption': cc1: error: writing 8 bytes into a region of size 0 [-Werror=stringop-overflow=] In file included from drivers/staging/rtl8723bs/include/drv_types.h:32, from drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c:10: drivers/staging/rtl8723bs/include/rtw_security.h:98:15: note: at offset [184, 4264] into destination object 'dot11AuthAlgrthm' of size 4 98 | u32 dot11AuthAlgrthm; /* 802.11 auth, could be open, shared, 8021x and authswitch */ | ^~~~~~~~~~~~~~~~ cc1: error: writing 8 bytes into a region of size 0 [-Werror=stringop-overflow=] drivers/staging/rtl8723bs/include/rtw_security.h:98:15: note: at offset [264, 4344] into destination object 'dot11AuthAlgrthm' of size 4 This is a known gcc bug, and the patch here is only a workaround, but the approach of using a temporary variable to hold a pointer to the key also improves readability in addition to avoiding the warning, so overall this should still help. Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99673 Signed-off-by: Arnd Bergmann <[email protected]> Link: https://lore.kernel.org/r/[email protected] Cc: stable <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
1 parent 6efb943 commit 14b6cff

File tree

2 files changed

+25
-19
lines changed

2 files changed

+25
-19
lines changed

drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c

Lines changed: 13 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -527,6 +527,9 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, struct ieee_pa
527527
struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
528528
struct security_priv *psecuritypriv = &(padapter->securitypriv);
529529
struct sta_priv *pstapriv = &padapter->stapriv;
530+
char *grpkey = padapter->securitypriv.dot118021XGrpKey[param->u.crypt.idx].skey;
531+
char *txkey = padapter->securitypriv.dot118021XGrptxmickey[param->u.crypt.idx].skey;
532+
char *rxkey = padapter->securitypriv.dot118021XGrprxmickey[param->u.crypt.idx].skey;
530533

531534
param->u.crypt.err = 0;
532535
param->u.crypt.alg[IEEE_CRYPT_ALG_NAME_LEN - 1] = '\0';
@@ -609,7 +612,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, struct ieee_pa
609612
{
610613
if (strcmp(param->u.crypt.alg, "WEP") == 0)
611614
{
612-
memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
615+
memcpy(grpkey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
613616

614617
psecuritypriv->dot118021XGrpPrivacy = _WEP40_;
615618
if (param->u.crypt.key_len == 13)
@@ -622,12 +625,12 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, struct ieee_pa
622625
{
623626
psecuritypriv->dot118021XGrpPrivacy = _TKIP_;
624627

625-
memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
628+
memcpy(grpkey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
626629

627630
/* DEBUG_ERR("set key length :param->u.crypt.key_len =%d\n", param->u.crypt.key_len); */
628631
/* set mic key */
629-
memcpy(psecuritypriv->dot118021XGrptxmickey[param->u.crypt.idx].skey, &(param->u.crypt.key[16]), 8);
630-
memcpy(psecuritypriv->dot118021XGrprxmickey[param->u.crypt.idx].skey, &(param->u.crypt.key[24]), 8);
632+
memcpy(txkey, &(param->u.crypt.key[16]), 8);
633+
memcpy(rxkey, &(param->u.crypt.key[24]), 8);
631634

632635
psecuritypriv->busetkipkey = true;
633636

@@ -636,7 +639,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, struct ieee_pa
636639
{
637640
psecuritypriv->dot118021XGrpPrivacy = _AES_;
638641

639-
memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
642+
memcpy(grpkey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
640643
}
641644
else
642645
{
@@ -713,7 +716,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, struct ieee_pa
713716
{
714717
if (strcmp(param->u.crypt.alg, "WEP") == 0)
715718
{
716-
memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
719+
memcpy(grpkey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
717720

718721
psecuritypriv->dot118021XGrpPrivacy = _WEP40_;
719722
if (param->u.crypt.key_len == 13)
@@ -725,12 +728,12 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, struct ieee_pa
725728
{
726729
psecuritypriv->dot118021XGrpPrivacy = _TKIP_;
727730

728-
memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
731+
memcpy(grpkey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
729732

730733
/* DEBUG_ERR("set key length :param->u.crypt.key_len =%d\n", param->u.crypt.key_len); */
731734
/* set mic key */
732-
memcpy(psecuritypriv->dot118021XGrptxmickey[param->u.crypt.idx].skey, &(param->u.crypt.key[16]), 8);
733-
memcpy(psecuritypriv->dot118021XGrprxmickey[param->u.crypt.idx].skey, &(param->u.crypt.key[24]), 8);
735+
memcpy(txkey, &(param->u.crypt.key[16]), 8);
736+
memcpy(rxkey, &(param->u.crypt.key[24]), 8);
734737

735738
psecuritypriv->busetkipkey = true;
736739

@@ -739,7 +742,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, struct ieee_pa
739742
{
740743
psecuritypriv->dot118021XGrpPrivacy = _AES_;
741744

742-
memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
745+
memcpy(grpkey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
743746
}
744747
else
745748
{

drivers/staging/rtl8723bs/os_dep/ioctl_linux.c

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2963,6 +2963,9 @@ static int rtw_set_encryption(struct net_device *dev, struct ieee_param *param,
29632963
struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
29642964
struct security_priv *psecuritypriv = &(padapter->securitypriv);
29652965
struct sta_priv *pstapriv = &padapter->stapriv;
2966+
char *txkey = padapter->securitypriv.dot118021XGrptxmickey[param->u.crypt.idx].skey;
2967+
char *rxkey = padapter->securitypriv.dot118021XGrprxmickey[param->u.crypt.idx].skey;
2968+
char *grpkey = psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey;
29662969

29672970
param->u.crypt.err = 0;
29682971
param->u.crypt.alg[IEEE_CRYPT_ALG_NAME_LEN - 1] = '\0';
@@ -3064,7 +3067,7 @@ static int rtw_set_encryption(struct net_device *dev, struct ieee_param *param,
30643067
if (!psta && check_fwstate(pmlmepriv, WIFI_AP_STATE)) { /* group key */
30653068
if (param->u.crypt.set_tx == 1) {
30663069
if (strcmp(param->u.crypt.alg, "WEP") == 0) {
3067-
memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
3070+
memcpy(grpkey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
30683071

30693072
psecuritypriv->dot118021XGrpPrivacy = _WEP40_;
30703073
if (param->u.crypt.key_len == 13)
@@ -3073,11 +3076,11 @@ static int rtw_set_encryption(struct net_device *dev, struct ieee_param *param,
30733076
} else if (strcmp(param->u.crypt.alg, "TKIP") == 0) {
30743077
psecuritypriv->dot118021XGrpPrivacy = _TKIP_;
30753078

3076-
memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
3079+
memcpy(grpkey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
30773080

30783081
/* DEBUG_ERR("set key length :param->u.crypt.key_len =%d\n", param->u.crypt.key_len); */
30793082
/* set mic key */
3080-
memcpy(psecuritypriv->dot118021XGrptxmickey[param->u.crypt.idx].skey, &(param->u.crypt.key[16]), 8);
3083+
memcpy(txkey, &(param->u.crypt.key[16]), 8);
30813084
memcpy(psecuritypriv->dot118021XGrprxmickey[param->u.crypt.idx].skey, &(param->u.crypt.key[24]), 8);
30823085

30833086
psecuritypriv->busetkipkey = true;
@@ -3086,7 +3089,7 @@ static int rtw_set_encryption(struct net_device *dev, struct ieee_param *param,
30863089
else if (strcmp(param->u.crypt.alg, "CCMP") == 0) {
30873090
psecuritypriv->dot118021XGrpPrivacy = _AES_;
30883091

3089-
memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
3092+
memcpy(grpkey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
30903093
} else {
30913094
psecuritypriv->dot118021XGrpPrivacy = _NO_PRIVACY_;
30923095
}
@@ -3142,27 +3145,27 @@ static int rtw_set_encryption(struct net_device *dev, struct ieee_param *param,
31423145

31433146
} else { /* group key??? */
31443147
if (strcmp(param->u.crypt.alg, "WEP") == 0) {
3145-
memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
3148+
memcpy(grpkey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
31463149

31473150
psecuritypriv->dot118021XGrpPrivacy = _WEP40_;
31483151
if (param->u.crypt.key_len == 13)
31493152
psecuritypriv->dot118021XGrpPrivacy = _WEP104_;
31503153
} else if (strcmp(param->u.crypt.alg, "TKIP") == 0) {
31513154
psecuritypriv->dot118021XGrpPrivacy = _TKIP_;
31523155

3153-
memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
3156+
memcpy(grpkey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
31543157

31553158
/* DEBUG_ERR("set key length :param->u.crypt.key_len =%d\n", param->u.crypt.key_len); */
31563159
/* set mic key */
3157-
memcpy(psecuritypriv->dot118021XGrptxmickey[param->u.crypt.idx].skey, &(param->u.crypt.key[16]), 8);
3158-
memcpy(psecuritypriv->dot118021XGrprxmickey[param->u.crypt.idx].skey, &(param->u.crypt.key[24]), 8);
3160+
memcpy(txkey, &(param->u.crypt.key[16]), 8);
3161+
memcpy(rxkey, &(param->u.crypt.key[24]), 8);
31593162

31603163
psecuritypriv->busetkipkey = true;
31613164

31623165
} else if (strcmp(param->u.crypt.alg, "CCMP") == 0) {
31633166
psecuritypriv->dot118021XGrpPrivacy = _AES_;
31643167

3165-
memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
3168+
memcpy(grpkey, param->u.crypt.key, (param->u.crypt.key_len > 16 ? 16 : param->u.crypt.key_len));
31663169
} else {
31673170
psecuritypriv->dot118021XGrpPrivacy = _NO_PRIVACY_;
31683171
}

0 commit comments

Comments
 (0)