mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-15 08:14:15 +08:00
wifi: nl80211: convert cfg80211_scan_request allocation to *_size macros
The cfg80211_scan_request structure is followed by a flexible array member as well as several other arrays that are then stored into pointers in the structure. These are allocated currently using a simple sequence of multiplications. Replace the calculations with struct_size(), size_add(), and array_size() helper macros. These macros saturate the calculation at SIZE_MAX rather than overflowing. Note that we can't use flex_array_size() instead of array_size() because the fields are not arrays, but simple pointers. Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Link: https://lore.kernel.org/r/20230228162827.3876606-3-jacob.e.keller@intel.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
parent
6933486133
commit
14e05beb10
@ -9027,7 +9027,7 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
|
|||||||
struct nlattr *attr;
|
struct nlattr *attr;
|
||||||
struct wiphy *wiphy;
|
struct wiphy *wiphy;
|
||||||
int err, tmp, n_ssids = 0, n_channels, i;
|
int err, tmp, n_ssids = 0, n_channels, i;
|
||||||
size_t ie_len;
|
size_t ie_len, size;
|
||||||
|
|
||||||
wiphy = &rdev->wiphy;
|
wiphy = &rdev->wiphy;
|
||||||
|
|
||||||
@ -9072,10 +9072,10 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
|
|||||||
if (ie_len > wiphy->max_scan_ie_len)
|
if (ie_len > wiphy->max_scan_ie_len)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
request = kzalloc(sizeof(*request)
|
size = struct_size(request, channels, n_channels);
|
||||||
+ sizeof(*request->ssids) * n_ssids
|
size = size_add(size, array_size(sizeof(*request->ssids), n_ssids));
|
||||||
+ sizeof(*request->channels) * n_channels
|
size = size_add(size, ie_len);
|
||||||
+ ie_len, GFP_KERNEL);
|
request = kzalloc(size, GFP_KERNEL);
|
||||||
if (!request)
|
if (!request)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
@ -9408,7 +9408,7 @@ nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
|
|||||||
struct nlattr *attr;
|
struct nlattr *attr;
|
||||||
int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
|
int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
|
||||||
enum nl80211_band band;
|
enum nl80211_band band;
|
||||||
size_t ie_len;
|
size_t ie_len, size;
|
||||||
struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
|
struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
|
||||||
s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
|
s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
|
||||||
|
|
||||||
@ -9517,12 +9517,14 @@ nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
|
|||||||
attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
|
attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
|
||||||
return ERR_PTR(-EINVAL);
|
return ERR_PTR(-EINVAL);
|
||||||
|
|
||||||
request = kzalloc(sizeof(*request)
|
size = struct_size(request, channels, n_channels);
|
||||||
+ sizeof(*request->ssids) * n_ssids
|
size = size_add(size, array_size(sizeof(*request->ssids), n_ssids));
|
||||||
+ sizeof(*request->match_sets) * n_match_sets
|
size = size_add(size, array_size(sizeof(*request->match_sets),
|
||||||
+ sizeof(*request->scan_plans) * n_plans
|
n_match_sets));
|
||||||
+ sizeof(*request->channels) * n_channels
|
size = size_add(size, array_size(sizeof(*request->scan_plans),
|
||||||
+ ie_len, GFP_KERNEL);
|
n_plans));
|
||||||
|
size = size_add(size, ie_len);
|
||||||
|
request = kzalloc(size, GFP_KERNEL);
|
||||||
if (!request)
|
if (!request)
|
||||||
return ERR_PTR(-ENOMEM);
|
return ERR_PTR(-ENOMEM);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user