lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Aug 2021 21:50:26 +0800 From: Tuo Li <islituo@...il.com> To: stas.yakovlev@...il.com, kvalo@...eaurora.org, davem@...emloft.net, kuba@...nel.org Cc: "baijiaju1990@...il.com" <baijiaju1990@...il.com>, linux-wireless@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: [BUG] ipw2x00: possible null-pointer dereference in libipw_wx_set_encode() Hello, Our static analysis tool finds a possible null-pointer dereference in the ipw2x00 driver in Linux 5.14.0-rc3: The variable (*crypt)->ops is checked in: 360: if (*crypt != NULL && (*crypt)->ops != NULL && strcmp((*crypt)->ops->name, "WEP") != 0) This indicates that (*crypt)->ops can be NULL. If so, some possible null-pointer dereferences will occur: 407: (*crypt)->ops->set_key(sec.keys[key], len, NULL, (*crypt)->priv); 417: len = (*crypt)->ops->get_key(sec.keys[key], WEP_KEY_LEN, ...) I am not quite sure whether these possible null-pointer dereferences are real and how to fix them if they are real. Any feedback would be appreciated, thanks! Reported-by: TOTE Robot <oslab@...nghua.edu.cn> Best wishes, Tuo Li
Powered by blists - more mailing lists