Commit 838c2d6c authored by Tobias Klauser's avatar Tobias Klauser Committed by Greg Kroah-Hartman

staging: vt6656: Use proper target pointer in memcpy()

The coverity scanner marked these two memcpy()'s as causing a buffer
overflow in CIDs 142743 and 142744. This is due the h_dest member of
struct ethhdr being used as a target (size ETH_ALEN) in memcpy, but the
copy is of size ETH_HLEN. However, the intention here seems to be to
copy the entire ethernet header. Make that clear by specifying the
proper destination buffer.

Also remove the unnecessary casts of the source argument.
Signed-off-by: default avatarTobias Klauser <tklauser@distanz.ch>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 34bdb981
......@@ -2183,7 +2183,7 @@ int nsDMA_tx_packet(struct vnt_private *pDevice,
return STATUS_RESOURCES;
}
memcpy(pDevice->sTxEthHeader.h_dest, (u8 *)(skb->data), ETH_HLEN);
memcpy(&pDevice->sTxEthHeader, skb->data, ETH_HLEN);
//mike add:station mode check eapol-key challenge--->
{
......@@ -2506,7 +2506,7 @@ int bRelayPacketSend(struct vnt_private *pDevice, u8 *pbySkbData, u32 uDataLen,
return false;
}
memcpy(pDevice->sTxEthHeader.h_dest, (u8 *)pbySkbData, ETH_HLEN);
memcpy(&pDevice->sTxEthHeader, pbySkbData, ETH_HLEN);
if (pDevice->bEncryptionEnable == true) {
bNeedEncryption = true;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment