From patchwork Wed Mar 9 21:24:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alasdair Mackintosh X-Patchwork-Id: 1603579 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=3MGBNe1p; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256 header.s=20210112 header.b=aC2kWn3E; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KDQHf3hWRz9sG2 for ; Thu, 10 Mar 2022 08:26:37 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:To:Subject:Message-ID:Date:From: MIME-Version:Reply-To:Cc:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=R2v+HRnF7Fa74dNSTWOF4VUDnv8MXW6RkV4/tG3KCZ0=; b=3MG BNe1pa853fme3oB9d1QlqAwh1F8V7pqXr4DtpdUAmnVKnVP3TbuJzpgIFwWl4zYA4l73toXFIa3kM Q1LStrkksbF5K28IkbGqsCKJIrT1i6xDH4B7c+qoE8bTH+N5BtPl8qU6uBjHzj5BWBLgxBggbZCjk u7GSAG7HQ2gvG5w1cbFp123x6JYkNKKrEo3Wkq1dVDVYc8mA1H47RnNosRlJBqs6/4tLiRfgp9URI uJHhaIpqp6AnpyNj5ua4DriLdcFXVF9dv9MYtw3EHmdMcEMOkSvN3W8jB0uCyaqnGFKVO5tNWCutP bTWJAS5GmBhrj20KFTBjzyr2q4R1aZg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nS3o2-00AXKA-Ko; Wed, 09 Mar 2022 21:25:14 +0000 Received: from mail-wm1-x32f.google.com ([2a00:1450:4864:20::32f]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nS3nx-00AXJd-6E for hostap@lists.infradead.org; Wed, 09 Mar 2022 21:25:10 +0000 Received: by mail-wm1-x32f.google.com with SMTP id i205-20020a1c3bd6000000b00389d0a5c511so157998wma.5 for ; Wed, 09 Mar 2022 13:25:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=Tm5Sa1qRGtTFEKgnzP9HttBPRHdfSFIsHx3U2MGypJc=; b=aC2kWn3ErZ6Nu8ArQB/YClEtwQ70aOStEGxA/hbZoJHK+mxQUlNax/CN4fRdZv1C9t kv7XyV7NbjY3/cdOV8d5WVXa3sJr85aQC18nSxE+0fRRgiP0/WJTZoaV5E+zgSa2s+RX u4u8As1KdXTv9lvMzxNmIRWdTb3k1vDAHZ7ITcmoNi/fpdJ0tESvJmTXBX7sOtGBcHhy HLwlhUjtNAGvNUt2vPzxg0DC21DhJQ2eI1GXkh2/nGFtdD5FwQ5Ncb/olRRhecjfd2t3 mS0yRVQ8Q4wiGJo+f5duEo6UzwkAV/HNEEdNm4zg91yP1v6o+5QJfozyJhS93uKiwNI8 wtfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Tm5Sa1qRGtTFEKgnzP9HttBPRHdfSFIsHx3U2MGypJc=; b=B8oavmhRR+IPZQzHG72NMKU3pzjJeVaL1pwGamhrD/4M8rgxTZ4CMAWvt2+QuSejru hwjieQK51IrpAIiQXARdTRWAP0BhV5UGChN5wyBH9OtmWxMh/af5GDmplNgQ5kxt2rZG jzR/T7DR7yrt06y2wEUaBP0Fssfk6XOfIE0/fMWZdQSpQbQtgm7NBgcKuJH1ktU/C/OO 5WjTNGIACiOAsL7OvYf+CDndEks4jvcTzeVTAwEF6szvWAHQLt90630iPyqY+rIB8xHa Rkl27ms+j5lrYHUA5SM3qsabn/aRVSXYyUHTl3BkvAUWJ4Wwz4/Kc0qQNREySKj76wsV OOAA== X-Gm-Message-State: AOAM533GnGCa7MxksRrcSgIdpOmvwtaP6vlaDSqHC95yNCFKNTisaecZ 898/yfKwX6aSAT7QjTu22eOMJfMCNZoSKwY7YEwgiPPTcNlvZw== X-Google-Smtp-Source: ABdhPJwV2UquHpuQZSUkemJnnQQItXyWHz2N7SFQofXFbZN4OpFQ7p+CsHHwUYkumnCa3NWpp5IodSZe3etEuGftsMI= X-Received: by 2002:a1c:6a01:0:b0:37f:1b18:6b17 with SMTP id f1-20020a1c6a01000000b0037f1b186b17mr8962800wmc.146.1646861102529; Wed, 09 Mar 2022 13:25:02 -0800 (PST) MIME-Version: 1.0 From: Alasdair Mackintosh Date: Wed, 9 Mar 2022 13:24:49 -0800 Message-ID: Subject: [PATCH] src/common/dpp_crypto.c : fix uninitialised variable To: hostap@lists.infradead.org X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220309_132509_258580_CD705BA4 X-CRM114-Status: GOOD ( 12.84 ) X-Spam-Score: -15.7 (---------------) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The current code generates a warning when compiled by Clang, because if we goto 'fail:', pasword_len can be uninitialised when we pass it in to bin_clear_free(). Note that the actual usage is safe, because bin_clear_free() ignores the second argument if the first argument is NULL, but it still seems worth cleaning up. Content analysis details: (-15.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:32f listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -7.5 USER_IN_DEF_DKIM_WL From: address is in the default DKIM white-list -7.5 USER_IN_DEF_SPF_WL From: address is in the default SPF white-list -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.5 ENV_AND_HDR_SPF_MATCH Env and Hdr From used in default SPF WL Match -0.0 DKIMWL_WL_MED DKIMwl.org - Medium trust sender X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org The current code generates a warning when compiled by Clang, because if we goto 'fail:', pasword_len can be uninitialised when we pass it in to bin_clear_free(). Note that the actual usage is safe, because bin_clear_free() ignores the second argument if the first argument is NULL, but it still seems worth cleaning up. Signed-off-by: Alasdair Mackintosh --- src/common/dpp_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) /* TODO: use auth->csrattrs */ -- 2.35.1.723.g4982287a31-goog diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c index 300416fb1..4fac7de8a 100644 --- a/src/common/dpp_crypto.c +++ b/src/common/dpp_crypto.c @@ -2059,7 +2059,7 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, const char *name) struct wpabuf *priv_key; u8 cp[DPP_CP_LEN]; char *password = NULL; - size_t password_len; + size_t password_len = 0; int hash_sign_algo;