Commit a73d4e14 authored by Alexander Aring's avatar Alexander Aring Committed by Stefan Schmidt
Browse files

ieee802154: hwsim: fix off-by-one in parse nested 

This patch fixes a off-by-one mistake in nla_parse_nested() functions of
mac802154_hwsim driver. I had to enabled stack protector so I was able
to reproduce it.

Reference: https://github.com/linux-wpan/wpan-tools/issues/17



Signed-off-by: default avatarAlexander Aring <aring@mojatatu.com>
Signed-off-by: default avatarStefan Schmidt <stefan@datenfreihafen.org>
parent 35b827b6

drivers/net/ieee802154/mac802154_hwsim.c

+2 −2
Original line number Diff line number Diff line
@@ -492,7 +492,7 @@ static int hwsim_del_edge_nl(struct sk_buff *msg, struct genl_info *info) 
	    !info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE])

		return -EINVAL;



	if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX + 1,

	if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX,

			     info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE],

			     hwsim_edge_policy, NULL))

		return -EINVAL;
@@ -542,7 +542,7 @@ static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info) 
	    !info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE])

		return -EINVAL;



	if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX + 1,

	if (nla_parse_nested(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX,

			     info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE],

			     hwsim_edge_policy, NULL))

		return -EINVAL;