| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Aug 2021 21:50:26 +0800
From: Tuo Li <islituo@...il.com>
To: stas.yakovlev@...il.com, kvalo@...eaurora.org, davem@...emloft.net,
kuba@...nel.org
Cc: "baijiaju1990@...il.com" <baijiaju1990@...il.com>,
linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [BUG] ipw2x00: possible null-pointer dereference in
libipw_wx_set_encode()
Hello,
Our static analysis tool finds a possible null-pointer dereference in
the ipw2x00 driver in Linux 5.14.0-rc3:
The variable (*crypt)->ops is checked in:
360: if (*crypt != NULL && (*crypt)->ops != NULL &&
strcmp((*crypt)->ops->name, "WEP") != 0)
This indicates that (*crypt)->ops can be NULL. If so, some possible
null-pointer dereferences will occur:
407: (*crypt)->ops->set_key(sec.keys[key], len, NULL, (*crypt)->priv);
417: len = (*crypt)->ops->get_key(sec.keys[key], WEP_KEY_LEN, ...)
I am not quite sure whether these possible null-pointer dereferences are
real and how to fix them if they are real.
Any feedback would be appreciated, thanks!
Reported-by: TOTE Robot <oslab@...nghua.edu.cn>
Best wishes,
Tuo Li
Powered by blists - more mailing lists