staging: vt6656: Use proper target pointer in memcpy() The coverity scanner marked these two memcpy()'s as causing a buffer overflow in CIDs 142743 and 142744. This is due the h_dest member of struct ethhdr being used as a target (size ETH_ALEN) in memcpy, but the copy is of size ETH_HLEN. However, the intention here seems to be to copy the entire ethernet header. Make that clear by specifying the proper destination buffer. Also remove the unnecessary casts of the source argument. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit: 838c2d6cfc0c2dc8ce136e01e681fc6cf4124c39 [log] [tgz]
author: Tobias Klauser <tklauser@distanz.ch> Fri Apr 25 11:53:58 2014 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Thu May 15 13:23:03 2014 -0700
tree: e39d5b54774340fe67c3a1d951b7722af486a1f7
parent: 34bdb981f7cb446259b0999d40f090c16f732eca [diff] [blame]
diff --git a/drivers/staging/vt6656/rxtx.c b/drivers/staging/vt6656/rxtx.c
index abd1a26..28f40e6 100644
--- a/drivers/staging/vt6656/rxtx.c
+++ b/drivers/staging/vt6656/rxtx.c

@@ -2183,7 +2183,7 @@
         return STATUS_RESOURCES;
     }
 
-    memcpy(pDevice->sTxEthHeader.h_dest, (u8 *)(skb->data), ETH_HLEN);
+	memcpy(&pDevice->sTxEthHeader, skb->data, ETH_HLEN);
 
 //mike add:station mode check eapol-key challenge--->
 {
@@ -2506,7 +2506,7 @@
         return false;
     }
 
-    memcpy(pDevice->sTxEthHeader.h_dest, (u8 *)pbySkbData, ETH_HLEN);
+	memcpy(&pDevice->sTxEthHeader, pbySkbData, ETH_HLEN);
 
     if (pDevice->bEncryptionEnable == true) {
         bNeedEncryption = true;
commit	838c2d6cfc0c2dc8ce136e01e681fc6cf4124c39	[log] [tgz]
author	Tobias Klauser <tklauser@distanz.ch>	Fri Apr 25 11:53:58 2014 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	Thu May 15 13:23:03 2014 -0700
tree	e39d5b54774340fe67c3a1d951b7722af486a1f7
parent	34bdb981f7cb446259b0999d40f090c16f732eca [diff] [blame]