linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] staging: wlan-ng: fix uninitialized variable
@ 2019-10-02 17:41 Denis Efremov
  2019-10-03 11:26 ` Dan Carpenter
  0 siblings, 1 reply; 3+ messages in thread
From: Denis Efremov @ 2019-10-02 17:41 UTC (permalink / raw)
  To: devel, linux-kernel; +Cc: Denis Efremov, Greg Kroah-Hartman, stable

The result variable in prism2_connect() can be used uninitialized on path
!channel --> ... --> is_wep --> sme->key --> sme->key_idx >= NUM_WEPKEYS.
This patch initializes result with 0.

Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable@vger.kernel.org
Signed-off-by: Denis Efremov <efremov@linux.com>
---
 drivers/staging/wlan-ng/cfg80211.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/wlan-ng/cfg80211.c b/drivers/staging/wlan-ng/cfg80211.c
index eee1998c4b18..d426905e187e 100644
--- a/drivers/staging/wlan-ng/cfg80211.c
+++ b/drivers/staging/wlan-ng/cfg80211.c
@@ -441,7 +441,7 @@ static int prism2_connect(struct wiphy *wiphy, struct net_device *dev,
 	int chan = -1;
 	int is_wep = (sme->crypto.cipher_group == WLAN_CIPHER_SUITE_WEP40) ||
 	    (sme->crypto.cipher_group == WLAN_CIPHER_SUITE_WEP104);
-	int result;
+	int result = 0;
 	int err = 0;
 
 	/* Set the channel */
-- 
2.21.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] staging: wlan-ng: fix uninitialized variable
  2019-10-02 17:41 [PATCH] staging: wlan-ng: fix uninitialized variable Denis Efremov
@ 2019-10-03 11:26 ` Dan Carpenter
  2019-10-03 13:39   ` Denis Efremov
  0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2019-10-03 11:26 UTC (permalink / raw)
  To: Denis Efremov; +Cc: devel, linux-kernel, Greg Kroah-Hartman, stable

On Wed, Oct 02, 2019 at 08:41:03PM +0300, Denis Efremov wrote:
> The result variable in prism2_connect() can be used uninitialized on path
> !channel --> ... --> is_wep --> sme->key --> sme->key_idx >= NUM_WEPKEYS.
> This patch initializes result with 0.
> 
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: stable@vger.kernel.org
> Signed-off-by: Denis Efremov <efremov@linux.com>
> ---
>  drivers/staging/wlan-ng/cfg80211.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/staging/wlan-ng/cfg80211.c b/drivers/staging/wlan-ng/cfg80211.c
> index eee1998c4b18..d426905e187e 100644
> --- a/drivers/staging/wlan-ng/cfg80211.c
> +++ b/drivers/staging/wlan-ng/cfg80211.c
> @@ -441,7 +441,7 @@ static int prism2_connect(struct wiphy *wiphy, struct net_device *dev,
>  	int chan = -1;
>  	int is_wep = (sme->crypto.cipher_group == WLAN_CIPHER_SUITE_WEP40) ||
>  	    (sme->crypto.cipher_group == WLAN_CIPHER_SUITE_WEP104);
> -	int result;
> +	int result = 0;
>  	int err = 0;
>  

I can't see any reason why we should have both "err" and "result".
Maybe in olden times "result" used to save positive error codes instead
of negative error codes but now it's just negatives and zero on success.
There is no reason for the exit label either, we could just return
directly.

So could you redo it and get rid of "result" entirely?  Otherwise it
just causes more bugs like this.

regards,
dan carpenter


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] staging: wlan-ng: fix uninitialized variable
  2019-10-03 11:26 ` Dan Carpenter
@ 2019-10-03 13:39   ` Denis Efremov
  0 siblings, 0 replies; 3+ messages in thread
From: Denis Efremov @ 2019-10-03 13:39 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: devel, linux-kernel, Greg Kroah-Hartman, stable

Hi,

On 10/3/19 2:26 PM, Dan Carpenter wrote:
> On Wed, Oct 02, 2019 at 08:41:03PM +0300, Denis Efremov wrote:
>> The result variable in prism2_connect() can be used uninitialized on path
>> !channel --> ... --> is_wep --> sme->key --> sme->key_idx >= NUM_WEPKEYS.
>> This patch initializes result with 0.
>>
>> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>> Cc: stable@vger.kernel.org
>> Signed-off-by: Denis Efremov <efremov@linux.com>
>> ---
>>  drivers/staging/wlan-ng/cfg80211.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/staging/wlan-ng/cfg80211.c b/drivers/staging/wlan-ng/cfg80211.c
>> index eee1998c4b18..d426905e187e 100644
>> --- a/drivers/staging/wlan-ng/cfg80211.c
>> +++ b/drivers/staging/wlan-ng/cfg80211.c
>> @@ -441,7 +441,7 @@ static int prism2_connect(struct wiphy *wiphy, struct net_device *dev,
>>  	int chan = -1;
>>  	int is_wep = (sme->crypto.cipher_group == WLAN_CIPHER_SUITE_WEP40) ||
>>  	    (sme->crypto.cipher_group == WLAN_CIPHER_SUITE_WEP104);
>> -	int result;
>> +	int result = 0;
>>  	int err = 0;
>>  
> 
> I can't see any reason why we should have both "err" and "result".
> Maybe in olden times "result" used to save positive error codes instead
> of negative error codes but now it's just negatives and zero on success.
> There is no reason for the exit label either, we could just return
> directly.
> 
> So could you redo it and get rid of "result" entirely?  Otherwise it
> just causes more bugs like this.
> 

Yes, of course. I will prepare v2.

Thanks,
Denis

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-10-03 13:39 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-02 17:41 [PATCH] staging: wlan-ng: fix uninitialized variable Denis Efremov
2019-10-03 11:26 ` Dan Carpenter
2019-10-03 13:39   ` Denis Efremov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).