skyfall/rtl8188eu
1
0
Fork 0
mirror of https://github.com/lwfinger/rtl8188eu.git synced 2024-11-10 07:29:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

rtl8188eu: Fix smatch problems in core/rtw_ioctl_set.c

Browse source 
Smatch reports the following problems:
  CHECK   /home/finger/rtl8188eu/core/rtw_ioctl_set.c
/home/finger/rtl8188eu/core/rtw_ioctl_set.c:593 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4
/home/finger/rtl8188eu/core/rtw_ioctl_set.c:595 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKeylen' 4 <= 4
/home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4
/home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4
/home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4
/home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4
/home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4
/home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4
/home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4
/home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4
/home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4
/home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4
/home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4
/home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4
/home/finger/rtl8188eu/core/rtw_ioctl_set.c:599 rtw_set_802_11_add_wep() error: buffer overflow 'psecuritypriv->dot11DefKey' 4 <= 4
/home/finger/rtl8188eu/core/rtw_ioctl_set.c:745 rtw_set_802_11_add_key() warn: was && intended here instead of ||?

The buffer overflow messages are due to an off-by-one problem. An if test skips code
for a value > 4. It should be >= 4.

The warning for a suspect logical operator was correct. With a logical or in the statement,
it made no sense.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
This commit is contained in:
Larry Finger 2013-09-05 12:26:29 -05:00
parent d1d8ed064b
commit 65c4e60be3
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
core/rtw_ioctl_set.c
View file

@ -566,7 +566,7 @@ _func_enter_;
keyid = wep->KeyIndex & 0x3fffffff; keyid = wep->KeyIndex & 0x3fffffff;
if (keyid > 4) { if (keyid >= 4) {
RT_TRACE(_module_rtl871x_ioctl_set_c_, _drv_err_, ("MgntActrtw_set_802_11_add_wep:keyid>4 =>fail\n")); RT_TRACE(_module_rtl871x_ioctl_set_c_, _drv_err_, ("MgntActrtw_set_802_11_add_wep:keyid>4 =>fail\n"));
ret = false; ret = false;
goto exit; goto exit;
@ -743,7 +743,7 @@ _func_enter_;
/* Check key length for WEP. For NDTEST, 2005.01.27, by rcnjko. */ /* Check key length for WEP. For NDTEST, 2005.01.27, by rcnjko. */
if ((encryptionalgo == _WEP40_ || encryptionalgo == _WEP104_) && if ((encryptionalgo == _WEP40_ || encryptionalgo == _WEP104_) &&
(key->KeyLength != 5 || key->KeyLength != 13)) { (key->KeyLength != 5 && key->KeyLength != 13)) {
RT_TRACE(_module_rtl871x_ioctl_set_c_, _drv_err_, ("WEP KeyLength:0x%x != 5 or 13\n", key->KeyLength)); RT_TRACE(_module_rtl871x_ioctl_set_c_, _drv_err_, ("WEP KeyLength:0x%x != 5 or 13\n", key->KeyLength));
ret = _FAIL; ret = _FAIL;
goto exit; goto exit;