* [PATCH 1/5] ap: check that the last band_freq_attrs was set
@ 2024-02-29 18:12 James Prestwood
2024-02-29 18:12 ` [PATCH 2/5] ap: allow va_end to get called in ap_handshake_event James Prestwood
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: James Prestwood @ 2024-02-29 18:12 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
Static analysis complains that 'last' could be NULL which is true.
This really could only happen if every frequency was disabled which
likely is impossible but in any case, check before dereferencing
the pointer.
---
src/ap.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/ap.c b/src/ap.c
index bce389d3..ee3c4dca 100644
--- a/src/ap.c
+++ b/src/ap.c
@@ -1247,8 +1247,10 @@ static size_t ap_build_country_ie(struct ap_state *ap, uint8_t *out_buf,
}
/* finish final group */
- *pos++ = nchans;
- *pos++ = last->tx_power;
+ if (last) {
+ *pos++ = nchans;
+ *pos++ = last->tx_power;
+ }
len = pos - out_buf - 2;
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/5] ap: allow va_end to get called in ap_handshake_event
2024-02-29 18:12 [PATCH 1/5] ap: check that the last band_freq_attrs was set James Prestwood
@ 2024-02-29 18:12 ` James Prestwood
2024-02-29 18:12 ` [PATCH 3/5] nl80211util: check l_genl_attr_recurse return in extract_nested James Prestwood
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: James Prestwood @ 2024-02-29 18:12 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
Caught by static analysis, va_end was never being called since the
REKEY_COMPLETE event was returning early.
---
src/ap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ap.c b/src/ap.c
index ee3c4dca..25d1b8a3 100644
--- a/src/ap.c
+++ b/src/ap.c
@@ -1484,7 +1484,7 @@ static void ap_handshake_event(struct handshake_state *hs,
}
case HANDSHAKE_EVENT_REKEY_COMPLETE:
ap_set_sta_rekey_timer(ap, sta);
- return;
+ break;
default:
break;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 3/5] nl80211util: check l_genl_attr_recurse return in extract_nested
2024-02-29 18:12 [PATCH 1/5] ap: check that the last band_freq_attrs was set James Prestwood
2024-02-29 18:12 ` [PATCH 2/5] ap: allow va_end to get called in ap_handshake_event James Prestwood
@ 2024-02-29 18:12 ` James Prestwood
2024-02-29 18:12 ` [PATCH 4/5] ap: verify ATTR_MAC exists in NEW_STATION James Prestwood
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: James Prestwood @ 2024-02-29 18:12 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
Caught by static analysis, the recurse operation return was not being
checked.
---
src/nl80211util.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/nl80211util.c b/src/nl80211util.c
index 0f45c905..3f9a43ac 100644
--- a/src/nl80211util.c
+++ b/src/nl80211util.c
@@ -136,9 +136,7 @@ static bool extract_nested(const void *data, uint16_t len, void *o)
const struct l_genl_attr *outer = data;
struct l_genl_attr *nested = o;
- l_genl_attr_recurse(outer, nested);
-
- return true;
+ return l_genl_attr_recurse(outer, nested);
}
static bool extract_u8(const void *data, uint16_t len, void *o)
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 4/5] ap: verify ATTR_MAC exists in NEW_STATION
2024-02-29 18:12 [PATCH 1/5] ap: check that the last band_freq_attrs was set James Prestwood
2024-02-29 18:12 ` [PATCH 2/5] ap: allow va_end to get called in ap_handshake_event James Prestwood
2024-02-29 18:12 ` [PATCH 3/5] nl80211util: check l_genl_attr_recurse return in extract_nested James Prestwood
@ 2024-02-29 18:12 ` James Prestwood
2024-02-29 18:12 ` [PATCH 5/5] ap: bail in ap_del_station if AP is going down James Prestwood
2024-02-29 20:38 ` [PATCH 1/5] ap: check that the last band_freq_attrs was set Denis Kenzior
4 siblings, 0 replies; 6+ messages in thread
From: James Prestwood @ 2024-02-29 18:12 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
Caught by static analysis, if ATTR_MAC was not in the message there
would be a memcpy with uninitialized bytes. In addition there is no
reason to memcpy twice. Instead 'mac' can be a const pointer which
both verifies it exists and removes the need for a second memcpy.
---
src/ap.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/ap.c b/src/ap.c
index 25d1b8a3..a6f8f306 100644
--- a/src/ap.c
+++ b/src/ap.c
@@ -2963,7 +2963,7 @@ static void ap_handle_new_station(struct ap_state *ap, struct l_genl_msg *msg)
uint16_t type;
uint16_t len;
const void *data;
- uint8_t mac[6];
+ const uint8_t *mac = NULL;
uint8_t *assoc_rsne = NULL;
if (!l_genl_attr_init(&attr, msg))
@@ -2983,12 +2983,12 @@ static void ap_handle_new_station(struct ap_state *ap, struct l_genl_msg *msg)
if (len != 6)
goto cleanup;
- memcpy(mac, data, 6);
+ mac = data;
break;
}
}
- if (!assoc_rsne)
+ if (!assoc_rsne || !mac)
goto cleanup;
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 5/5] ap: bail in ap_del_station if AP is going down
2024-02-29 18:12 [PATCH 1/5] ap: check that the last band_freq_attrs was set James Prestwood
` (2 preceding siblings ...)
2024-02-29 18:12 ` [PATCH 4/5] ap: verify ATTR_MAC exists in NEW_STATION James Prestwood
@ 2024-02-29 18:12 ` James Prestwood
2024-02-29 20:38 ` [PATCH 1/5] ap: check that the last band_freq_attrs was set Denis Kenzior
4 siblings, 0 replies; 6+ messages in thread
From: James Prestwood @ 2024-02-29 18:12 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
Caught by static analysis, if this condition is met the AP is going
down so we cannot continue further accessing the ap object.
---
src/ap.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/ap.c b/src/ap.c
index a6f8f306..b4e7593e 100644
--- a/src/ap.c
+++ b/src/ap.c
@@ -455,7 +455,8 @@ static void ap_del_station(struct sta_state *sta, uint16_t reason,
sta->ip_alloc_lease = NULL;
l_dhcp_server_expire_by_mac(ap->netconfig_dhcp, sta->addr);
- ap_event_done(ap, prev);
+ if (ap_event_done(ap, prev))
+ return;
}
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/5] ap: check that the last band_freq_attrs was set
2024-02-29 18:12 [PATCH 1/5] ap: check that the last band_freq_attrs was set James Prestwood
` (3 preceding siblings ...)
2024-02-29 18:12 ` [PATCH 5/5] ap: bail in ap_del_station if AP is going down James Prestwood
@ 2024-02-29 20:38 ` Denis Kenzior
4 siblings, 0 replies; 6+ messages in thread
From: Denis Kenzior @ 2024-02-29 20:38 UTC (permalink / raw)
To: James Prestwood, iwd
Hi James,
On 2/29/24 12:12, James Prestwood wrote:
> Static analysis complains that 'last' could be NULL which is true.
> This really could only happen if every frequency was disabled which
> likely is impossible but in any case, check before dereferencing
> the pointer.
> ---
> src/ap.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
All applied, thanks.
Regards,
-Denis
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-02-29 20:38 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-29 18:12 [PATCH 1/5] ap: check that the last band_freq_attrs was set James Prestwood
2024-02-29 18:12 ` [PATCH 2/5] ap: allow va_end to get called in ap_handshake_event James Prestwood
2024-02-29 18:12 ` [PATCH 3/5] nl80211util: check l_genl_attr_recurse return in extract_nested James Prestwood
2024-02-29 18:12 ` [PATCH 4/5] ap: verify ATTR_MAC exists in NEW_STATION James Prestwood
2024-02-29 18:12 ` [PATCH 5/5] ap: bail in ap_del_station if AP is going down James Prestwood
2024-02-29 20:38 ` [PATCH 1/5] ap: check that the last band_freq_attrs was set Denis Kenzior
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox