src/common/dpp_crypto.c : fix uninitialised variable

Message ID	CAAnZQXMTSsOtTRofB=FTE3HB9bdVxmnEbDTa8WPw-XeYVMb8GQ@mail.gmail.com
State	Accepted
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> MIME-Version: 1.0 From: Alasdair Mackintosh <alasdair@google.com> Date: Wed, 9 Mar 2022 13:24:49 -0800 Message-ID: <CAAnZQXMTSsOtTRofB=FTE3HB9bdVxmnEbDTa8WPw-XeYVMb8GQ@mail.gmail.com> Subject: [PATCH] src/common/dpp_crypto.c : fix uninitialised variable To: hostap@lists.infradead.org preview: The current code generates a warning when compiled by Clang, because if we goto 'fail:', pasword_len can be uninitialised when we pass it in to bin_clear_free(). Note that the actual usage is safe, because bin_clear_free() ignores the second argument if the first argument is NULL, but it still seems worth cleaning up. Content analysis details: (-15.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:32f listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -7.5 USER_IN_DEF_DKIM_WL From: address is in the default DKIM white-list -7.5 USER_IN_DEF_SPF_WL From: address is in the default SPF white-list -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.5 ENV_AND_HDR_SPF_MATCH Env and Hdr From used in default SPF WL Match -0.0 DKIMWL_WL_MED DKIMwl.org - Medium trust sender Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	src/common/dpp_crypto.c : fix uninitialised variable \| expand src/common/dpp_crypto.c : fix uninitialised variable

Message ID

CAAnZQXMTSsOtTRofB=FTE3HB9bdVxmnEbDTa8WPw-XeYVMb8GQ@mail.gmail.com

State

Accepted

Headers

MIME-Version: 1.0
From: Alasdair Mackintosh <alasdair@google.com>
Date: Wed, 9 Mar 2022 13:24:49 -0800
Message-ID: 
 <CAAnZQXMTSsOtTRofB=FTE3HB9bdVxmnEbDTa8WPw-XeYVMb8GQ@mail.gmail.com>
Subject: [PATCH] src/common/dpp_crypto.c : fix uninitialised variable
To: hostap@lists.infradead.org
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

src/common/dpp_crypto.c : fix uninitialised variable | expand

Commit Message

Alasdair Mackintosh March 9, 2022, 9:24 p.m. UTC

The current code generates a warning when compiled by Clang, because
if we goto 'fail:', pasword_len  can be uninitialised when we pass it
in to bin_clear_free().

Note that the actual usage is safe, because bin_clear_free() ignores
the second argument if the first argument is NULL, but it still seems
worth cleaning up.

Signed-off-by: Alasdair Mackintosh <alasdair at google.com>
---
 src/common/dpp_crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

  /* TODO: use auth->csrattrs */
--
2.35.1.723.g4982287a31-goog

Comments

Jan Ceuleers March 10, 2022, 4:24 p.m. UTC | #1

On 09/03/2022 22:24, Alasdair Mackintosh wrote:
> The current code generates a warning when compiled by Clang, because
> if we goto 'fail:', pasword_len  can be uninitialised when we pass it
> in to bin_clear_free().
> 
> Note that the actual usage is safe, because bin_clear_free() ignores
> the second argument if the first argument is NULL, but it still seems
> worth cleaning up.
> 
> Signed-off-by: Alasdair Mackintosh <alasdair at google.com>

I'm not familiar with the toolchain Jouni uses, but I suspect an actual
email address is needed in the Signed-off-by line rather than a
part-obfuscated-one.

HTH, Jan

Jouni Malinen March 12, 2022, 5:05 p.m. UTC | #2

On Wed, Mar 09, 2022 at 01:24:49PM -0800, Alasdair Mackintosh wrote:
> The current code generates a warning when compiled by Clang, because
> if we goto 'fail:', pasword_len  can be uninitialised when we pass it
> in to bin_clear_free().
> 
> Note that the actual usage is safe, because bin_clear_free() ignores
> the second argument if the first argument is NULL, but it still seems
> worth cleaning up.

Thanks, applied.

diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index 300416fb1..4fac7de8a 100644
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -2059,7 +2059,7 @@  struct wpabuf * dpp_build_csr(struct
dpp_authentication *auth, const char *name)
  struct wpabuf *priv_key;
  u8 cp[DPP_CP_LEN];
  char *password = NULL;
- size_t password_len;
+ size_t password_len = 0;
  int hash_sign_algo;

src/common/dpp_crypto.c : fix uninitialised variable

Commit Message

Comments

Patch