* [BUG] staging: rtl8192e: possible null-pointer dereference in rtllib_wx_set_encode()
@ 2021-08-11 3:33 Tuo Li
2021-08-11 7:33 ` Dan Carpenter
0 siblings, 1 reply; 2+ messages in thread
From: Tuo Li @ 2021-08-11 3:33 UTC (permalink / raw)
To: gregkh, will+git, davidsondfgl, zhaoxiao, dan.carpenter
Cc: linux-staging, linux-kernel, baijiaju1990
Hello,
Our static analysis tool finds a possible null-pointer dereference in
rtllib_wx.c in Linux 5.14.0-rc3:
The variable (*crypt)->ops is checked in:
342: if (*crypt && (*crypt)->ops && strcmp((*crypt)->ops->name,
"R-WEP") != 0)
This indicates that it can be NULL. If so, null-pointer dereferences
will occur:
389: (*crypt)->ops->set_key()
400: len = (*crypt)->ops->get_key()
I am not quite sure whether this possible null-pointer dereference is
real and how to fix it if it is real.
Any feedback would be appreciated, thanks!
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Best wishes,
Tuo Li
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [BUG] staging: rtl8192e: possible null-pointer dereference in rtllib_wx_set_encode()
2021-08-11 3:33 [BUG] staging: rtl8192e: possible null-pointer dereference in rtllib_wx_set_encode() Tuo Li
@ 2021-08-11 7:33 ` Dan Carpenter
0 siblings, 0 replies; 2+ messages in thread
From: Dan Carpenter @ 2021-08-11 7:33 UTC (permalink / raw)
To: Tuo Li
Cc: gregkh, will+git, davidsondfgl, zhaoxiao, linux-staging,
linux-kernel, baijiaju1990
On Wed, Aug 11, 2021 at 11:33:57AM +0800, Tuo Li wrote:
> Hello,
>
> Our static analysis tool finds a possible null-pointer dereference in
> rtllib_wx.c in Linux 5.14.0-rc3:
>
> The variable (*crypt)->ops is checked in:
> 342: if (*crypt && (*crypt)->ops && strcmp((*crypt)->ops->name, "R-WEP")
> != 0)
>
> This indicates that it can be NULL. If so, null-pointer dereferences will
> occur:
> 389: (*crypt)->ops->set_key()
> 400: len = (*crypt)->ops->get_key()
>
> I am not quite sure whether this possible null-pointer dereference is real
> and how to fix it if it is real.
> Any feedback would be appreciated, thanks!
>
> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
I don't *think* the check is required.
The data in ieee->crypt_info.crypt[idx] is set in rtllib_wx_set_encode()
and rtllib_wx_set_encode_ext() when we do "*crypt = new_crypt;". (The
line is the same in both functions). And in both cases ->ops is
non-NULL.
So probably the check should be removed.
On the other hand, I don't know the code very well and it's possible I
missed something.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-08-11 7:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-11 3:33 [BUG] staging: rtl8192e: possible null-pointer dereference in rtllib_wx_set_encode() Tuo Li
2021-08-11 7:33 ` Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).