Signed-off-by: Roel Kluin <roel....@gmail.com>
---
drivers/usb/wusbcore/security.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Unless I am mistaken?
diff --git a/drivers/usb/wusbcore/security.c b/drivers/usb/wusbcore/security.c
index 4516c36..857f6e9 100644
--- a/drivers/usb/wusbcore/security.c
+++ b/drivers/usb/wusbcore/security.c
@@ -213,7 +213,7 @@ int wusb_dev_sec_add(struct wusbhc *wusbhc,
result = usb_get_descriptor(usb_dev, USB_DT_SECURITY,
0, secd, sizeof(struct usb_security_descriptor));
- if (result < sizeof(secd)) {
+ if (result < sizeof(*secd)) {
dev_err(dev, "Can't read security descriptor or "
"not enough data: %d\n", result);
goto out;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
> The sizeof the struct should be used rather than sizeof the pointer
>
> Signed-off-by: Roel Kluin <roel....@gmail.com>
> ---
> drivers/usb/wusbcore/security.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> Unless I am mistaken?
>
> diff --git a/drivers/usb/wusbcore/security.c b/drivers/usb/wusbcore/security.c
> index 4516c36..857f6e9 100644
> --- a/drivers/usb/wusbcore/security.c
> +++ b/drivers/usb/wusbcore/security.c
> @@ -213,7 +213,7 @@ int wusb_dev_sec_add(struct wusbhc *wusbhc,
>
> result = usb_get_descriptor(usb_dev, USB_DT_SECURITY,
> 0, secd, sizeof(struct usb_security_descriptor));
> - if (result < sizeof(secd)) {
> + if (result < sizeof(*secd)) {
> dev_err(dev, "Can't read security descriptor or "
> "not enough data: %d\n", result);
> goto out;
ick, code's a bit of a mess.
This:
--- a/drivers/usb/wusbcore/security.c~wusb-use-sizeof-struct-rather-than-pointer
+++ a/drivers/usb/wusbcore/security.c
@@ -205,15 +205,15 @@ int wusb_dev_sec_add(struct wusbhc *wusb
const void *itr, *top;
char buf[64];
- secd = kmalloc(sizeof(struct usb_security_descriptor), GFP_KERNEL);
+ secd = kmalloc(sizeof(*secd), GFP_KERNEL);
if (secd == NULL) {
result = -ENOMEM;
goto out;
}
- result = usb_get_descriptor(usb_dev, USB_DT_SECURITY,
- 0, secd, sizeof(struct usb_security_descriptor));
- if (result < sizeof(secd)) {
+ result = usb_get_descriptor(usb_dev, USB_DT_SECURITY, 0, secd,
+ sizeof(*secd));
+ if (result < sizeof(*secd)) {
dev_err(dev, "Can't read security descriptor or "
"not enough data: %d\n", result);
goto out;
_
at least makes things consistent.
But I wonder if the code will still work. Because we then go on to do
secd_size = le16_to_cpu(secd->wTotalLength);
secd = krealloc(secd, secd_size, GFP_KERNEL);
which implies (to me) that the thing we read from the device might
indeed have been smaller than we expected, in which case the
newly-fixed check will cause a failure.
That's probably not the case, but it needs checking by someone who
knows what's going on here, please
We first read the security descriptor which tells use the total length
of the security descriptor plus all the following encryption type
descriptors. Your revised patch is fine.
David