[BUG] ipw2x00: possible null-pointer dereference in libipw_wx_set_encode()

From: Tuo Li
Date: Tue Aug 10 2021 - 09:50:33 EST

Next message: Will Deacon: "Re: [PATCH] arm64: clean vdso files"
Previous message: Pavel Machek: "Re: [RFC PATCH v2 01/10] docs: Add block device LED trigger documentation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Our static analysis tool finds a possible null-pointer dereference in the ipw2x00 driver in Linux 5.14.0-rc3:

The variable (*crypt)->ops is checked in:
360:    if (*crypt != NULL && (*crypt)->ops != NULL && strcmp((*crypt)->ops->name, "WEP") != 0)

This indicates that (*crypt)->ops can be NULL. If so, some possible null-pointer dereferences will occur:
407:    (*crypt)->ops->set_key(sec.keys[key], len, NULL, (*crypt)->priv);
417:    len = (*crypt)->ops->get_key(sec.keys[key], WEP_KEY_LEN, ...)

I am not quite sure whether these possible null-pointer dereferences are real and how to fix them if they are real.
Any feedback would be appreciated, thanks!

Reported-by: TOTE Robot <oslab@xxxxxxxxxxxxxxx>

Best wishes,
Tuo Li

Next message: Will Deacon: "Re: [PATCH] arm64: clean vdso files"
Previous message: Pavel Machek: "Re: [RFC PATCH v2 01/10] docs: Add block device LED trigger documentation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]