kern/54668: atu(4) out of range access

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/54668: atu(4) out of range access
From: msaitoh%five.execsw.org@localhost
Date: Fri, 1 Nov 2019 04:05:00 +0000 (UTC)

>Number:         54668
>Category:       kern
>Synopsis:       atu(4) out of range access
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Nov 01 04:05:00 +0000 2019
>Originator:     msaitoh%five.execsw.org@localhost
>Release:        NetBSD 9.99.17
>Organization:
>Environment:
>Description:
	kUBSan give me the following message:

		UBSan: Undefined Behavior in ../../../../dev/usb/if_atu.c:686:25, index 65535 is out of range for type 'ieee80211_key [4]'

	The code is:

	if (ic->ic_flags & IEEE80211_F_PRIVACY) {
                switch (ic->ic_nw_keys[ic->ic_def_txkey].wk_keylen) { <= Here!
                case 5:
                        cmd.EncryptionType = ATU_WEP_40BITS;
                        break;

	65535 is IEEE80211_KEYIX_NONE.

>How-To-Repeat:
	Use atu(4).
>Fix:
	I don't know.

Prev by Date: Re: kern/54395 (earmv7hf binaries trigger kernel panic on aarch64)
Next by Date: PR/54395 CVS commit: [netbsd-9] src/sys/uvm
Previous by Thread: Re: kern/54395 (earmv7hf binaries trigger kernel panic on aarch64)
Next by Thread: PR/54395 CVS commit: [netbsd-9] src/sys/uvm
Indexes:

Home | Main Index | Thread Index | Old Index