Netdev Archive on
help / color / mirror / Atom feed
* [BUG] ipw2x00: possible null-pointer dereference in libipw_wx_set_encode()
@ 2021-08-10 13:50 Tuo Li
  0 siblings, 0 replies; only message in thread
From: Tuo Li @ 2021-08-10 13:50 UTC (permalink / raw)
  To: stas.yakovlev, kvalo, davem, kuba
  Cc: baijiaju1990, linux-wireless, netdev, linux-kernel


Our static analysis tool finds a possible null-pointer dereference in 
the ipw2x00 driver in Linux 5.14.0-rc3:

The variable (*crypt)->ops is checked in:
360:    if (*crypt != NULL && (*crypt)->ops != NULL && 
strcmp((*crypt)->ops->name, "WEP") != 0)

This indicates that (*crypt)->ops can be NULL. If so, some possible 
null-pointer dereferences will occur:
407:    (*crypt)->ops->set_key(sec.keys[key], len, NULL, (*crypt)->priv);
417:    len = (*crypt)->ops->get_key(sec.keys[key], WEP_KEY_LEN, ...)

I am not quite sure whether these possible null-pointer dereferences are 
real and how to fix them if they are real.
Any feedback would be appreciated, thanks!

Reported-by: TOTE Robot <>

Best wishes,
Tuo Li

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-08-10 13:50 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-10 13:50 [BUG] ipw2x00: possible null-pointer dereference in libipw_wx_set_encode() Tuo Li

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).