[PATCH] nfx: llcp: fix possible use of uninitialized variable in nfc_llcp_send

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] nfx: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
@ 2023-05-13 11:49 Krzysztof Kozlowski
  2023-05-13 11:51 ` Krzysztof Kozlowski
  2023-05-14  8:35 ` Simon Horman
  0 siblings, 2 replies; 6+ messages in thread
From: Krzysztof Kozlowski @ 2023-05-13 11:49 UTC (permalink / raw)
  To: Krzysztof Kozlowski, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, Samuel Ortiz, Thierry Escande,
	netdev, linux-kernel

If sock->service_name is NULL, the local variable
service_name_tlv_length will not be assigned by nfc_llcp_build_tlv(),
later leading to using value frmo the stack.  Smatch warning:

  net/nfc/llcp_commands.c:442 nfc_llcp_send_connect() error: uninitialized symbol 'service_name_tlv_length'.

Fixes: de9e5aeb4f40 ("NFC: llcp: Fix usage of llcp_add_tlv()")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
---
 net/nfc/llcp_commands.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/nfc/llcp_commands.c b/net/nfc/llcp_commands.c
index 41e3a20c8935..cdb001de0692 100644
--- a/net/nfc/llcp_commands.c
+++ b/net/nfc/llcp_commands.c
@@ -390,7 +390,8 @@ int nfc_llcp_send_connect(struct nfc_llcp_sock *sock)
 	const u8 *service_name_tlv = NULL;
 	const u8 *miux_tlv = NULL;
 	const u8 *rw_tlv = NULL;
-	u8 service_name_tlv_length, miux_tlv_length,  rw_tlv_length, rw;
+	u8 service_name_tlv_length = 0;
+	u8 miux_tlv_length,  rw_tlv_length, rw;
 	int err;
 	u16 size = 0;
 	__be16 miux;
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] nfx: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
  2023-05-13 11:49 [PATCH] nfx: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect() Krzysztof Kozlowski
@ 2023-05-13 11:51 ` Krzysztof Kozlowski
  2023-05-14  8:29   ` Simon Horman
  2023-05-14  8:35 ` Simon Horman
  1 sibling, 1 reply; 6+ messages in thread
From: Krzysztof Kozlowski @ 2023-05-13 11:51 UTC (permalink / raw)
  To: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
	Samuel Ortiz, Thierry Escande, netdev, linux-kernel

On 13/05/2023 13:49, Krzysztof Kozlowski wrote:
> If sock->service_name is NULL, the local variable
> service_name_tlv_length will not be assigned by nfc_llcp_build_tlv(),
> later leading to using value frmo the stack.  Smatch warning:
> 
>   net/nfc/llcp_commands.c:442 nfc_llcp_send_connect() error: uninitialized symbol 'service_name_tlv_length'.

Eh, typo in subject prefix. V2 in shortly...


Best regards,
Krzysztof


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] nfx: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
  2023-05-13 11:51 ` Krzysztof Kozlowski
@ 2023-05-14  8:29   ` Simon Horman
  2023-05-14  9:15     ` Krzysztof Kozlowski
  0 siblings, 1 reply; 6+ messages in thread
From: Simon Horman @ 2023-05-14  8:29 UTC (permalink / raw)
  To: Krzysztof Kozlowski
  Cc: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
	Samuel Ortiz, Thierry Escande, netdev, linux-kernel

On Sat, May 13, 2023 at 01:51:12PM +0200, Krzysztof Kozlowski wrote:
> On 13/05/2023 13:49, Krzysztof Kozlowski wrote:
> > If sock->service_name is NULL, the local variable
> > service_name_tlv_length will not be assigned by nfc_llcp_build_tlv(),
> > later leading to using value frmo the stack.  Smatch warning:
> > 
> >   net/nfc/llcp_commands.c:442 nfc_llcp_send_connect() error: uninitialized symbol 'service_name_tlv_length'.
> 
> Eh, typo in subject prefix. V2 in shortly...

Also, s/frmo/from/

And please consider moving local variables towards reverse xmas tree -
longest line to shortest - order for networking code.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] nfx: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
  2023-05-14  8:29   ` Simon Horman
@ 2023-05-14  9:15     ` Krzysztof Kozlowski
  2023-05-15 11:40       ` Simon Horman
  0 siblings, 1 reply; 6+ messages in thread
From: Krzysztof Kozlowski @ 2023-05-14  9:15 UTC (permalink / raw)
  To: Simon Horman
  Cc: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
	Samuel Ortiz, Thierry Escande, netdev, linux-kernel

On 14/05/2023 10:29, Simon Horman wrote:
> On Sat, May 13, 2023 at 01:51:12PM +0200, Krzysztof Kozlowski wrote:
>> On 13/05/2023 13:49, Krzysztof Kozlowski wrote:
>>> If sock->service_name is NULL, the local variable
>>> service_name_tlv_length will not be assigned by nfc_llcp_build_tlv(),
>>> later leading to using value frmo the stack.  Smatch warning:
>>>
>>>   net/nfc/llcp_commands.c:442 nfc_llcp_send_connect() error: uninitialized symbol 'service_name_tlv_length'.
>>
>> Eh, typo in subject prefix. V2 in shortly...
> 
> Also, s/frmo/from/
> 
> And please consider moving local variables towards reverse xmas tree -
> longest line to shortest - order for networking code.

They were not ordered in the first place, so you prefer me to re-shuffle
all of them (a bit independent change)?

Best regards,
Krzysztof


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] nfx: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
  2023-05-14  9:15     ` Krzysztof Kozlowski
@ 2023-05-15 11:40       ` Simon Horman
  0 siblings, 0 replies; 6+ messages in thread
From: Simon Horman @ 2023-05-15 11:40 UTC (permalink / raw)
  To: Krzysztof Kozlowski
  Cc: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
	Samuel Ortiz, Thierry Escande, netdev, linux-kernel

On Sun, May 14, 2023 at 11:15:40AM +0200, Krzysztof Kozlowski wrote:
> On 14/05/2023 10:29, Simon Horman wrote:
> > On Sat, May 13, 2023 at 01:51:12PM +0200, Krzysztof Kozlowski wrote:
> >> On 13/05/2023 13:49, Krzysztof Kozlowski wrote:
> >>> If sock->service_name is NULL, the local variable
> >>> service_name_tlv_length will not be assigned by nfc_llcp_build_tlv(),
> >>> later leading to using value frmo the stack.  Smatch warning:
> >>>
> >>>   net/nfc/llcp_commands.c:442 nfc_llcp_send_connect() error: uninitialized symbol 'service_name_tlv_length'.
> >>
> >> Eh, typo in subject prefix. V2 in shortly...
> > 
> > Also, s/frmo/from/
> > 
> > And please consider moving local variables towards reverse xmas tree -
> > longest line to shortest - order for networking code.
> 
> They were not ordered in the first place, so you prefer me to re-shuffle
> all of them (a bit independent change)?

My slight preference is to move them towards being ordered.
Maybe that is not practical in this case.

As you point out, they are currently out of order.
And if you think re-shuffling can be done, without excess churn,
I think that would be fine.

Given the current state of the code, reverse xmas tree is much more of a
suggestion than a requirement form my side.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] nfx: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
  2023-05-13 11:49 [PATCH] nfx: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect() Krzysztof Kozlowski
  2023-05-13 11:51 ` Krzysztof Kozlowski
@ 2023-05-14  8:35 ` Simon Horman
  1 sibling, 0 replies; 6+ messages in thread
From: Simon Horman @ 2023-05-14  8:35 UTC (permalink / raw)
  To: Krzysztof Kozlowski
  Cc: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
	Samuel Ortiz, Thierry Escande, netdev, linux-kernel

On Sat, May 13, 2023 at 01:49:38PM +0200, Krzysztof Kozlowski wrote:
> If sock->service_name is NULL, the local variable
> service_name_tlv_length will not be assigned by nfc_llcp_build_tlv(),
> later leading to using value frmo the stack.  Smatch warning:
> 
>   net/nfc/llcp_commands.c:442 nfc_llcp_send_connect() error: uninitialized symbol 'service_name_tlv_length'.
> 
> Fixes: de9e5aeb4f40 ("NFC: llcp: Fix usage of llcp_add_tlv()")
> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
> ---
>  net/nfc/llcp_commands.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/net/nfc/llcp_commands.c b/net/nfc/llcp_commands.c
> index 41e3a20c8935..cdb001de0692 100644
> --- a/net/nfc/llcp_commands.c
> +++ b/net/nfc/llcp_commands.c
> @@ -390,7 +390,8 @@ int nfc_llcp_send_connect(struct nfc_llcp_sock *sock)
>  	const u8 *service_name_tlv = NULL;
>  	const u8 *miux_tlv = NULL;
>  	const u8 *rw_tlv = NULL;
> -	u8 service_name_tlv_length, miux_tlv_length,  rw_tlv_length, rw;
> +	u8 service_name_tlv_length = 0;
> +	u8 miux_tlv_length,  rw_tlv_length, rw;

While moving this around, can reduce the number of spaces before rw_tlv_length?

>  	int err;
>  	u16 size = 0;
>  	__be16 miux;
> -- 
> 2.34.1
> 
> 

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2023-05-15 11:41 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-05-13 11:49 [PATCH] nfx: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect() Krzysztof Kozlowski
2023-05-13 11:51 ` Krzysztof Kozlowski
2023-05-14  8:29   ` Simon Horman
2023-05-14  9:15     ` Krzysztof Kozlowski
2023-05-15 11:40       ` Simon Horman
2023-05-14  8:35 ` Simon Horman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).