| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Aug 2021 10:33:11 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Tuo Li <islituo@...il.com>
Cc: gregkh@...uxfoundation.org, will+git@...d.me,
davidsondfgl@...il.com, zhaoxiao@...ontech.com,
linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org,
"baijiaju1990@...il.com" <baijiaju1990@...il.com>
Subject: Re: [BUG] staging: rtl8192e: possible null-pointer dereference in
rtllib_wx_set_encode()
On Wed, Aug 11, 2021 at 11:33:57AM +0800, Tuo Li wrote:
> Hello,
>
> Our static analysis tool finds a possible null-pointer dereference in
> rtllib_wx.c in Linux 5.14.0-rc3:
>
> The variable (*crypt)->ops is checked in:
> 342: if (*crypt && (*crypt)->ops && strcmp((*crypt)->ops->name, "R-WEP")
> != 0)
>
> This indicates that it can be NULL. If so, null-pointer dereferences will
> occur:
> 389: (*crypt)->ops->set_key()
> 400: len = (*crypt)->ops->get_key()
>
> I am not quite sure whether this possible null-pointer dereference is real
> and how to fix it if it is real.
> Any feedback would be appreciated, thanks!
>
> Reported-by: TOTE Robot <oslab@...nghua.edu.cn>
I don't *think* the check is required.
The data in ieee->crypt_info.crypt[idx] is set in rtllib_wx_set_encode()
and rtllib_wx_set_encode_ext() when we do "*crypt = new_crypt;". (The
line is the same in both functions). And in both cases ->ops is
non-NULL.
So probably the check should be removed.
On the other hand, I don't know the code very well and it's possible I
missed something.
regards,
dan carpenter
Powered by blists - more mailing lists