lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 22 Jun 2012 19:56:17 +0300
From:	Dan Carpenter <dan.carpenter@...cle.com>
To:	Bjørn Mork <bjorn@...k.no>
Cc:	netdev@...r.kernel.org
Subject: Re: net: qmi_wwan: bind to both control and data interface

On Fri, Jun 22, 2012 at 06:27:17PM +0200, Bjørn Mork wrote:
> Dan Carpenter <dan.carpenter@...cle.com> writes:
> 
> > The patch 230718bda1be: "net: qmi_wwan: bind to both control and data 
> > interface" from Jun 19, 2012, leads to the following Smatch warning:
> > drivers/net/usb/qmi_wwan.c:206 qmi_wwan_bind()
> > 	 error: potential NULL dereference 'cdc_union'.
> >
> > drivers/net/usb/qmi_wwan.c
> >    205          /* verify CDC Union */
> >    206          if (desc->bInterfaceNumber != cdc_union->bMasterInterface0) {
> >                                               ^^^^^^^^^
> >
> > cdc_union is only non-NULL for USB_CDC_UNION_TYPE.  We used to check for
> > NULL here but your patch removes the check.  I just want to verify that
> > that was intended.
> >
> >    207                  dev_err(&intf->dev, "bogus CDC Union: master=%u\n", cdc_union->bMasterInterface0);
> >    208                  goto err;
> >    209          }
> >    210  
> 
> Thanks for the notification, but this was intentional while touching the
> code anyway.  The test always was redundant because the parsing code
> ensure that cdc_union cannot be NULL at that point.
> 

Yeah.  I see that now.  I think it would be more readable if the
check were rewritten like this.  That way you can see immediately
that it's checking for USB_CDC_UNION_TYPE without scrolling back and
forth in the code.

diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
index f1e7791..23cb13c 100644
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -129,7 +129,6 @@ static int qmi_wwan_bind(struct usbnet *dev, struct usb_interface *intf)
 	struct usb_interface_descriptor *desc = &intf->cur_altsetting->desc;
 	struct usb_cdc_union_desc *cdc_union = NULL;
 	struct usb_cdc_ether_desc *cdc_ether = NULL;
-	u32 required = 1 << USB_CDC_HEADER_TYPE | 1 << USB_CDC_UNION_TYPE;
 	u32 found = 0;
 	struct usb_driver *driver = driver_of(intf);
 	struct qmi_wwan_state *info = (void *)&dev->data;
@@ -197,7 +196,8 @@ next_desc:
 	}
 
 	/* did we find all the required ones? */
-	if ((found & required) != required) {
+	if (!(found & (1 << USB_CDC_HEADER_TYPE)) ||
+	    !(found & (1 << USB_CDC_UNION_TYPE))) {
 		dev_err(&intf->dev, "CDC functional descriptors missing\n");
 		goto err;
 	}
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ