]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit
mt76: mt7915: potential array overflow in mt7915_mcu_tx_rate_report()
authorDan Carpenter <dan.carpenter@oracle.com>
Thu, 9 Jul 2020 11:04:35 +0000 (14:04 +0300)
committerFelix Fietkau <nbd@nbd.name>
Tue, 21 Jul 2020 17:01:18 +0000 (19:01 +0200)
commiteb744e5df86cf7e377d0acc4e686101b0fd9663a
tree5aced7349636451cb61e0cb41c770d0c381a6ba3
parent9248c08c3fc4ef816c82aa49d01123f4746d349f
mt76: mt7915: potential array overflow in mt7915_mcu_tx_rate_report()

Smatch complains that "wcidx" value comes from the network and thus
cannot be trusted.  In this case, it actually seems to come from the
firmware.  If your wireless firmware is malicious then probably no
amount of carefulness can protect you.

On the other hand, these days we still try to check the firmware as much
as possible.  Verifying that the index is within bounds will silence a
static checker warning.  And it's harmless and a good exercise in kernel
hardening.  So I suggest that we do add a bounds check.

Fixes: e57b7901469f ("mt76: add mac80211 driver for MT7915 PCIe-based chipsets")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c