cfg80211: Use const more consistently in for_each_element macros
authorJouni Malinen <j@w1.fi>
Mon, 11 Feb 2019 14:29:04 +0000 (16:29 +0200)
committerchenyt17 <chenyt17@lenovo.com>
Fri, 28 May 2021 07:07:54 +0000 (15:07 +0800)
commit 7388afe09143210f555bdd6c75035e9acc1fab96 upstream.

Enforce the first argument to be a correct type of a pointer to struct
element and avoid unnecessary typecasts from const to non-const pointers
(the change in validate_ie_attr() is needed to make this part work). In
addition, avoid signed/unsigned comparison within for_each_element() and
mark struct element packed just in case.

Mot-CRs-fixed: (CR)
CVE-Fixed: CVE-2019-16746
Bug: 145728612

Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jignesh Patel <jignesh@motorola.com>
Change-Id: If727423ab9539110c78487a2e38f118060122e06
Reviewed-on: https://gerrit.mot.com/1681824
SLTApproved: Slta Waiver
SME-Granted: SME Approvals Granted
Tested-by: Jira Key
Reviewed-by: Xiangpo Zhao <zhaoxp3@motorola.com>
Submit-Approved: Jira Key
(cherry picked from commit 6f4e34bffb1d256cd6899814705859733de1c621)

include/linux/ieee80211.h

index cf41820f279493ae215b36c8cccbabc6768b04d0..2e179778576cf9fea66c1c080bb09b94b8fce2da 100644 (file)
@@ -2747,16 +2747,16 @@ struct element {
        u8 id;
        u8 datalen;
        u8 data[];
-};
+} __packed;
 
 /* element iteration helpers */
-#define for_each_element(element, _data, _datalen)                     \
-       for (element = (void *)(_data);                                 \
-            (u8 *)(_data) + (_datalen) - (u8 *)element >=              \
-               sizeof(*element) &&                                     \
-            (u8 *)(_data) + (_datalen) - (u8 *)element >=              \
-               sizeof(*element) + element->datalen;                    \
-            element = (void *)(element->data + element->datalen))
+#define for_each_element(_elem, _data, _datalen)                       \
+       for (_elem = (const struct element *)(_data);                   \
+            (const u8 *)(_data) + (_datalen) - (const u8 *)_elem >=    \
+               (int)sizeof(*_elem) &&                                  \
+            (const u8 *)(_data) + (_datalen) - (const u8 *)_elem >=    \
+               (int)sizeof(*_elem) + _elem->datalen;                   \
+            _elem = (const struct element *)(_elem->data + _elem->datalen))
 
 #define for_each_element_id(element, _id, data, datalen)               \
        for_each_element(element, data, datalen)                        \
@@ -2793,7 +2793,7 @@ struct element {
 static inline bool for_each_element_completed(const struct element *element,
                                              const void *data, size_t datalen)
 {
-       return (u8 *)element == (u8 *)data + datalen;
+       return (const u8 *)element == (const u8 *)data + datalen;
 }
 
 #endif /* LINUX_IEEE80211_H */