lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Fri, 09 Apr 2021 19:04:41 +0500
From:   Muhammad Usama Anjum <musamaanjum@...il.com>
To:     scan-admin@...erity.com, colin.king@...onical.com,
        kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Cc:     musamaanjum@...il.com
Subject: Re: New Defects reported by Coverity Scan for linux-next weekly scan

On Thu, 2021-04-08 at 17:13 +0000, scan-admin@...erity.com wrote:
> ** CID 1503714:    (DEADCODE)
> /drivers/staging/rtl8723bs/os_dep/ioctl_linux.c: 367 in wpa_set_auth_algs()
> /drivers/staging/rtl8723bs/os_dep/ioctl_linux.c: 357 in wpa_set_auth_algs()
> 
> 
> ________________________________________________________________________________________________________
> *** CID 1503714:    (DEADCODE)
> /drivers/staging/rtl8723bs/os_dep/ioctl_linux.c: 367 in wpa_set_auth_algs()
> 361     		padapter->securitypriv.ndisencryptstatus = Ndis802_11Encryption1Enabled;
> 362     
> 363     		padapter->securitypriv.ndisauthtype = Ndis802_11AuthModeShared;
> 364     		padapter->securitypriv.dot11AuthAlgrthm = dot11AuthAlgrthm_Shared;
> 365     	} else if (value & WLAN_AUTH_OPEN) {
> 366     		/* padapter->securitypriv.ndisencryptstatus = Ndis802_11EncryptionDisabled; */
> > > >     CID 1503714:    (DEADCODE)
> > > >     Execution cannot reach this statement: "if (padapter->securitypriv....".
> 367     		if (padapter->securitypriv.ndisauthtype < Ndis802_11AuthModeWPAPSK) {
> 368     			padapter->securitypriv.ndisauthtype = Ndis802_11AuthModeOpen;
> 369     			padapter->securitypriv.dot11AuthAlgrthm = dot11AuthAlgrthm_Open;
> 370     		}
> 371     	} else {
> 372     		ret = -EINVAL;
> /drivers/staging/rtl8723bs/os_dep/ioctl_linux.c: 357 in wpa_set_auth_algs()
> 351     static int wpa_set_auth_algs(struct net_device *dev, u32 value)
> 352     {
> 353     	struct adapter *padapter = rtw_netdev_priv(dev);
> 354     	int ret = 0;
> 355     
> 356     	if ((value & WLAN_AUTH_SHARED_KEY) && (value & WLAN_AUTH_OPEN)) {

The value of WLAN_AUTH_OPEN macro is 0 and it is being treated as if
is a bit number. Two conditions in this function never execute. It
seems like a crucial bug. Anyone looking into it?

> > > >     CID 1503714:    (DEADCODE)
> > > >     Execution cannot reach this statement: "padapter->securitypriv.ndis...".
> 357     		padapter->securitypriv.ndisencryptstatus = Ndis802_11Encryption1Enabled;
> 358     		padapter->securitypriv.ndisauthtype = Ndis802_11AuthModeAutoSwitch;
> 359     		padapter->securitypriv.dot11AuthAlgrthm = dot11AuthAlgrthm_Auto;
> 360     	} else if (value & WLAN_AUTH_SHARED_KEY)	{
> 361     		padapter->securitypriv.ndisencryptstatus = Ndis802_11Encryption1Enabled;
> 362     
> 
> ** CID 1487894:  Null pointer dereferences  (FORWARD_NULL)
> /net/ipv6/route.c: 5209 in ip6_route_multipath_add()

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ