| Message ID | 20241230183610.work.680-kees@kernel.org |
|---|---|
| State | New |
| Headers | show |
| Series | wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier | expand |
On 30/12/24 12:36, Kees Cook wrote: > Since adding __counted_by(n_channels) to struct cfg80211_scan_request, > anything adding to the channels array must increment n_channels first. > Move n_channels increment earlier. > > Reported-by: John Rowley <lkml@johnrowley.me> > Closes: https://lore.kernel.org/stable/1815535c709ba9d9.156c6a5c9cdf6e59.b249b6b6a5ee4634@localhost.localdomain/ > Fixes: aa4ec06c455d ("wifi: cfg80211: use __counted_by where appropriate") > Signed-off-by: Kees Cook <kees@kernel.org> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> -Gustavo > --- > Cc: Johannes Berg <johannes@sipsolutions.net> > Cc: Dmitry Antipov <dmantipov@yandex.ru> > Cc: Nathan Chancellor <nathan@kernel.org> > Cc: linux-wireless@vger.kernel.org > --- > net/wireless/scan.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/net/wireless/scan.c b/net/wireless/scan.c > index 1c6fd45aa809..ccdbeb604639 100644 > --- a/net/wireless/scan.c > +++ b/net/wireless/scan.c > @@ -763,12 +763,11 @@ static void cfg80211_scan_req_add_chan(struct cfg80211_scan_request *request, > } > } > > + request->n_channels++; > request->channels[n_channels] = chan; > if (add_to_6ghz) > request->scan_6ghz_params[request->n_6ghz_params].channel_idx = > n_channels; > - > - request->n_channels++; > } > > static bool cfg80211_find_ssid_match(struct cfg80211_colocated_ap *ap,
diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 1c6fd45aa809..ccdbeb604639 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -763,12 +763,11 @@ static void cfg80211_scan_req_add_chan(struct cfg80211_scan_request *request, } } + request->n_channels++; request->channels[n_channels] = chan; if (add_to_6ghz) request->scan_6ghz_params[request->n_6ghz_params].channel_idx = n_channels; - - request->n_channels++; } static bool cfg80211_find_ssid_match(struct cfg80211_colocated_ap *ap,
Since adding __counted_by(n_channels) to struct cfg80211_scan_request, anything adding to the channels array must increment n_channels first. Move n_channels increment earlier. Reported-by: John Rowley <lkml@johnrowley.me> Closes: https://lore.kernel.org/stable/1815535c709ba9d9.156c6a5c9cdf6e59.b249b6b6a5ee4634@localhost.localdomain/ Fixes: aa4ec06c455d ("wifi: cfg80211: use __counted_by where appropriate") Signed-off-by: Kees Cook <kees@kernel.org> --- Cc: Johannes Berg <johannes@sipsolutions.net> Cc: Dmitry Antipov <dmantipov@yandex.ru> Cc: Nathan Chancellor <nathan@kernel.org> Cc: linux-wireless@vger.kernel.org --- net/wireless/scan.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)