All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dan Carpenter <dan.carpenter@oracle.com>
To: marcel@holtmann.org
Cc: linux-bluetooth@vger.kernel.org
Subject: re: Bluetooth: Create SMP device structure for local crypto context
Date: Tue, 17 Mar 2015 21:29:58 +0300	[thread overview]
Message-ID: <20150317182958.GC30354@mwanda> (raw)

Hello Marcel Holtmann,

The patch 88a479d9507e: "Bluetooth: Create SMP device structure for
local crypto context" from Mar 16, 2015, leads to the following
static checker warning:

	net/bluetooth/smp.c:3068 smp_add_cid()
	error: potential NULL dereference 'smp'.

net/bluetooth/smp.c
  3031  static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
  3032  {
  3033          struct l2cap_chan *chan;
  3034          struct smp_dev *smp;
  3035          struct crypto_blkcipher *tfm_aes;
  3036          struct crypto_hash *tfm_cmac;
  3037  
  3038          if (cid == L2CAP_CID_SMP_BREDR) {
  3039                  smp = NULL;
                        ^^^^^^^^^^
Sets "smp" to NULL.

  3040                  goto create_chan;
  3041          }
  3042  
  3043          smp = kzalloc(sizeof(*smp), GFP_KERNEL);
  3044          if (!smp)
  3045                  return ERR_PTR(-ENOMEM);
  3046  
  3047          tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
  3048          if (IS_ERR(tfm_aes)) {
  3049                  BT_ERR("Unable to create ECB crypto context");
  3050                  kzfree(smp);
  3051                  return ERR_CAST(tfm_aes);
  3052          }
  3053  
  3054          tfm_cmac = crypto_alloc_hash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
  3055          if (IS_ERR(tfm_cmac)) {
  3056                  BT_ERR("Unable to create CMAC crypto context");
  3057                  crypto_free_blkcipher(tfm_aes);
  3058                  kzfree(smp);
  3059                  return ERR_CAST(tfm_cmac);
  3060          }
  3061  
  3062          smp->tfm_aes = tfm_aes;
  3063          smp->tfm_cmac = tfm_cmac;
  3064  
  3065  create_chan:
  3066          chan = l2cap_chan_create();
  3067          if (!chan) {
  3068                  crypto_free_blkcipher(smp->tfm_aes);
                                              ^^^^^^^^^^^^
If the "chan" allocation fails then this will Oops.

  3069                  crypto_free_hash(smp->tfm_cmac);
                                         ^^^^^^^^^^^^^
  3070                  kzfree(smp);
  3071                  return ERR_PTR(-ENOMEM);
  3072          }

regards,
dan carpenter

                 reply	other threads:[~2015-03-17 18:29 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150317182958.GC30354@mwanda \
    --to=dan.carpenter@oracle.com \
    --cc=linux-bluetooth@vger.kernel.org \
    --cc=marcel@holtmann.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.