| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180328112014.GA11484@himanshu-Vostro-3559>
Date: Wed, 28 Mar 2018 16:50:14 +0530
From: Himanshu Jha <himanshujha199640@...il.com>
To: arend.vanspriel@...adcom.com, franky.lin@...adcom.com,
hante.meuleman@...adcom.com, chi-hsien.lin@...ress.com,
wright.feng@...ress.com
Cc: kvalo@...eaurora.org, johannes.berg@...el.com,
linux-wireless@...r.kernel.org,
brcm80211-dev-list.pdl@...adcom.com,
brcm80211-dev-list@...ress.com, netdev@...r.kernel.org
Subject: Passing uninitialised local variable
Hello everyone,
I recently found that a local variable in passed uninitialised to the
function at
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:2950
u32 var;
err = brcmf_fil_iovar_int_get(ifp, "dtim_assoc", &var);
if (err) {
brcmf_err("wl dtim_assoc failed (%d)\n", err);
goto update_bss_info_out;
}
dtim_period = (u8)var;
Now, the brcmf_fil_iovar_int_get() is defined as:
s32
brcmf_fil_iovar_int_get(struct brcmf_if *ifp, char *name, u32 *data)
{
__le32 data_le = cpu_to_le32(*data);
s32 err;
err = brcmf_fil_iovar_data_get(ifp, name, &data_le, sizeof(data_le));
if (err == 0)
*data = le32_to_cpu(data_le);
return err;
}
We can cleary see that 'var' in used uninitialised in the very first line
which is an undefined behavior.
So, what could be a possible fix for the above ?
I'm not sure initialising 'var' to 0 would be the correct solution.
--
Thanks
Himanshu Jha
Powered by blists - more mailing lists