[03/10] PMKSA: Guard against NULL KCK

Message ID	20240614081351.2088185-4-benjamin@sipsolutions.net
State	New
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: benjamin@sipsolutions.net To: hostap@lists.infradead.org Cc: Benjamin Berg <benjamin.berg@intel.com> Subject: [PATCH 03/10] PMKSA: Guard against NULL KCK Date: Fri, 14 Jun 2024 10:13:44 +0200 Message-ID: <20240614081351.2088185-4-benjamin@sipsolutions.net> In-Reply-To: <20240614081351.2088185-1-benjamin@sipsolutions.net> References: <20240614081351.2088185-1-benjamin@sipsolutions.net> MIME-Version: 1.0 preview: From: Benjamin Berg <benjamin.berg@intel.com> If the kck_len is 0 then the pointer may be NULL. If that happens UBSAN complains about the NULL pointer as memcpy has the arguments declared to never be NULL. Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 T_SCC_BODY_TEXT_LINE No description available. Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	Some ASAN/UBSAN related fixes \| expand [00/10] Some ASAN/UBSAN related fixes [01/10] MLD: Ensure link BSSIDs remain on stack for ignore [02/10] MLD: Ensure link_bssid array has space for sentinel [03/10] PMKSA: Guard against NULL KCK [04/10] tests: Specify correct suite for failure [05/10] tests: Use more specific alloc_fail location [06/10] tests: Remove duplicate fail test check [07/10] tests: Use sha256_prf_bits for failure stack matching [08/10] trace: Use strncmp to match function names [09/10] trace: Only permit explicit prefix matching for functions [10/10] tests: Ignore large memory blocks when searching for keys

Message ID

20240614081351.2088185-4-benjamin@sipsolutions.net

State

New

Headers

From: benjamin@sipsolutions.net
To: hostap@lists.infradead.org
Cc: Benjamin Berg <benjamin.berg@intel.com>
Subject: [PATCH 03/10] PMKSA: Guard against NULL KCK
Date: Fri, 14 Jun 2024 10:13:44 +0200
Message-ID: <20240614081351.2088185-4-benjamin@sipsolutions.net>
In-Reply-To: <20240614081351.2088185-1-benjamin@sipsolutions.net>
References: <20240614081351.2088185-1-benjamin@sipsolutions.net>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

Some ASAN/UBSAN related fixes | expand

Commit Message

Benjamin Berg June 14, 2024, 8:13 a.m. UTC

From: Benjamin Berg <benjamin.berg@intel.com>

If the kck_len is 0 then the pointer may be NULL. If that happens UBSAN
complains about the NULL pointer as memcpy has the arguments declared to
never be NULL.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
---
 src/rsn_supp/pmksa_cache.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c
index f90dcd9b0a..5bfcbd27e8 100644
--- a/src/rsn_supp/pmksa_cache.c
+++ b/src/rsn_supp/pmksa_cache.c
@@ -253,7 +253,8 @@  pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
 		return NULL;
 	os_memcpy(entry->pmk, pmk, pmk_len);
 	entry->pmk_len = pmk_len;
-	os_memcpy(entry->kck, kck, kck_len);
+	if (kck_len > 0)
+		os_memcpy(entry->kck, kck, kck_len);
 	entry->kck_len = kck_len;
 	if (pmkid)
 		os_memcpy(entry->pmkid, pmkid, PMKID_LEN);

[03/10] PMKSA: Guard against NULL KCK

Commit Message

Patch