mirror of
https://github.com/lwfinger/rtl8188eu.git
synced 2024-11-22 04:23:39 +00:00
rtl8188eu: Fix smatch problems in core/rtw_ioctl_set.c
Smatch reports the following problems: CHECK /home/finger/rtl8188eu/core/rtw_ioctl_set.c /home/finger/rtl8188eu/core/rtw_ioctl_set.c:593 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4 /home/finger/rtl8188eu/core/rtw_ioctl_set.c:595 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKeylen' 4 <= 4 /home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4 /home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4 /home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4 /home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4 /home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4 /home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4 /home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4 /home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4 /home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4 /home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4 /home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4 /home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4 /home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4 /home/finger/rtl8188eu/core/rtw_ioctl_set.c:745 rtw_set_802_11_add_key() warn: was && intended here instead of ||? The buffer overflow messages are due to an off-by-one problem. An if test skips code for a value > 4. It should be >= 4. The warning for a suspect logical operator was correct. With a logical or in the statement, it made no sense. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
This commit is contained in:
parent
d1d8ed064b
commit
65c4e60be3
1 changed files with 2 additions and 2 deletions
|
@ -566,7 +566,7 @@ _func_enter_;
|
|||
|
||||
keyid = wep->KeyIndex & 0x3fffffff;
|
||||
|
||||
if (keyid > 4) {
|
||||
if (keyid >= 4) {
|
||||
RT_TRACE(_module_rtl871x_ioctl_set_c_, _drv_err_, ("MgntActrtw_set_802_11_add_wep:keyid>4 =>fail\n"));
|
||||
ret = false;
|
||||
goto exit;
|
||||
|
@ -743,7 +743,7 @@ _func_enter_;
|
|||
|
||||
/* Check key length for WEP. For NDTEST, 2005.01.27, by rcnjko. */
|
||||
if ((encryptionalgo == _WEP40_ || encryptionalgo == _WEP104_) &&
|
||||
(key->KeyLength != 5 || key->KeyLength != 13)) {
|
||||
(key->KeyLength != 5 && key->KeyLength != 13)) {
|
||||
RT_TRACE(_module_rtl871x_ioctl_set_c_, _drv_err_, ("WEP KeyLength:0x%x != 5 or 13\n", key->KeyLength));
|
||||
ret = _FAIL;
|
||||
goto exit;
|
||||
|
|
Loading…
Reference in a new issue