[bug report] platform/x86: think-lmi: Add WMI interface support on Lenovo platforms

[bug report] platform/x86: think-lmi: Add WMI interface support on Lenovo platforms

[Dan Carpenter]

Hello Mark Pearson,

The patch a7314b3b1d8a: "platform/x86: think-lmi: Add WMI interface
support on Lenovo platforms" from May 30, 2021, leads to the
following static checker warning:

drivers/platform/x86/think-lmi.c:540 current_value_store() warn: this array is probably non-NULL. 'tlmi_priv.pwd_admin->password'
drivers/platform/x86/think-lmi.c:566 current_value_store() warn: this array is probably non-NULL. 'tlmi_priv.pwd_admin->password'

drivers/platform/x86/think-lmi.c
   533          if (!new_setting)
   534                  return -ENOMEM;
   535  
   536          /* Strip out CR if one is present */
   537          p = strchrnul(new_setting, '\n');
   538          *p = '\0';
   539  
   540          if (tlmi_priv.pwd_admin->valid && tlmi_priv.pwd_admin->password) {
                                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This can't be NULL

   541                  auth_str = kasprintf(GFP_KERNEL, "%s,%s,%s;",
   542                                  tlmi_priv.pwd_admin->password,
   543                                  encoding_options[tlmi_priv.pwd_admin->encoding],
   544                                  tlmi_priv.pwd_admin->kbdlang);
   545                  if (!auth_str) {
   546                          ret = -ENOMEM;
   547                          goto out;
   548                  }
   549          }
   550  
   551          if (auth_str)
   552                  set_str = kasprintf(GFP_KERNEL, "%s,%s,%s", setting->display_name,
   553                                  new_setting, auth_str);
   554          else
   555                  set_str = kasprintf(GFP_KERNEL, "%s,%s;", setting->display_name,
   556                                  new_setting);
   557          if (!set_str) {
   558                  ret = -ENOMEM;
   559                  goto out;
   560          }
   561  
   562          ret = tlmi_simple_call(LENOVO_SET_BIOS_SETTINGS_GUID, set_str);
   563          if (ret)
   564                  goto out;
   565  
   566          if (tlmi_priv.pwd_admin->valid && tlmi_priv.pwd_admin->password)
                                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Same

   567                  ret = tlmi_save_bios_settings(auth_str);
   568          else
   569                  ret = tlmi_save_bios_settings("");
   570  
   571  out:
   572          kfree(auth_str);
   573          kfree(set_str);

regards,
dan carpenter

[bug report] platform/x86: think-lmi: Add WMI interface support on Lenovo platforms

[Dan Carpenter]

Hello Mark Pearson,

The patch a7314b3b1d8a: "platform/x86: think-lmi: Add WMI interface
support on Lenovo platforms" from May 30, 2021, leads to the
following static checker warning:

	drivers/platform/x86/think-lmi.c:453 kbdlang_store()
	error: iterator underflow 'setting->kbdlang' (-1),1-3

drivers/platform/x86/think-lmi.c
   438  static ssize_t kbdlang_store(struct kobject *kobj,
   439                                    struct kobj_attribute *attr,
   440                                    const char *buf, size_t count)
   441  {
   442          struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
   443          int length;
   444  
   445          length = strlen(buf);

"count" can never be zero, but strlen(buf) can be zero.

   446          if (buf[length-1] == '\n')
                        ^^^^^^^^
So this code can read before the start of the buffer, potentially
leading to an Oops.

   447                  length--;
   448  
   449          if (!length || (length >= TLMI_LANG_MAXLEN))
   450                  return -EINVAL;
   451  
   452          memcpy(setting->kbdlang, buf, length);
   453          setting->kbdlang[length] = '\0';
   454          return count;
   455  }

regards,
dan carpenter