From 838c2d6cfc0c2dc8ce136e01e681fc6cf4124c39 Mon Sep 17 00:00:00 2001 From: Tobias Klauser Date: Fri, 25 Apr 2014 11:53:58 +0200 Subject: [PATCH] staging: vt6656: Use proper target pointer in memcpy() The coverity scanner marked these two memcpy()'s as causing a buffer overflow in CIDs 142743 and 142744. This is due the h_dest member of struct ethhdr being used as a target (size ETH_ALEN) in memcpy, but the copy is of size ETH_HLEN. However, the intention here seems to be to copy the entire ethernet header. Make that clear by specifying the proper destination buffer. Also remove the unnecessary casts of the source argument. Signed-off-by: Tobias Klauser Signed-off-by: Greg Kroah-Hartman --- drivers/staging/vt6656/rxtx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/staging/vt6656/rxtx.c b/drivers/staging/vt6656/rxtx.c index abd1a26ce417..28f40e6bd262 100644 --- a/drivers/staging/vt6656/rxtx.c +++ b/drivers/staging/vt6656/rxtx.c @@ -2183,7 +2183,7 @@ int nsDMA_tx_packet(struct vnt_private *pDevice, return STATUS_RESOURCES; } - memcpy(pDevice->sTxEthHeader.h_dest, (u8 *)(skb->data), ETH_HLEN); + memcpy(&pDevice->sTxEthHeader, skb->data, ETH_HLEN); //mike add:station mode check eapol-key challenge---> { @@ -2506,7 +2506,7 @@ int bRelayPacketSend(struct vnt_private *pDevice, u8 *pbySkbData, u32 uDataLen, return false; } - memcpy(pDevice->sTxEthHeader.h_dest, (u8 *)pbySkbData, ETH_HLEN); + memcpy(&pDevice->sTxEthHeader, pbySkbData, ETH_HLEN); if (pDevice->bEncryptionEnable == true) { bNeedEncryption = true; -- 2.20.1