diff mbox series

net: wireless: cisco: Fix possible uninit bug

Message ID CA+UBctBLWF14TsgT4OfanmnxTqbm9mNxyHhjJqpFo7c+kdjDsw@mail.gmail.com
State New
Headers show
Series net: wireless: cisco: Fix possible uninit bug | expand

Commit Message

Yu Hao July 4, 2023, 11:50 p.m. UTC 
The struct cap_rid should be initialized by function readCapabilityRid.
However, there is not return value check. Iit is possible that
the function readCapabilityRid returns error code and cap_rid.softCap
is not initialized. But there is a read later for this field.

Signed-off-by: Yu Hao <yhao016@ucr.edu>
---
 drivers/net/wireless/cisco/airo.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

Paolo Abeni July 6, 2023, 7:53 a.m. UTC | #1 
On Tue, 2023-07-04 at 16:50 -0700, Yu Hao wrote:
> The struct cap_rid should be initialized by function readCapabilityRid.
> However, there is not return value check. Iit is possible that
> the function readCapabilityRid returns error code and cap_rid.softCap
> is not initialized. But there is a read later for this field.
> 
> Signed-off-by: Yu Hao <yhao016@ucr.edu>
> ---
>  drivers/net/wireless/cisco/airo.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/net/wireless/cisco/airo.c
> b/drivers/net/wireless/cisco/airo.c
> index 7c4cc5f5e1eb..b3736d76a5d5 100644
> --- a/drivers/net/wireless/cisco/airo.c
> +++ b/drivers/net/wireless/cisco/airo.c
> @@ -6950,8 +6950,11 @@ static int airo_get_range(struct net_device *dev,
>     CapabilityRid cap_rid;      /* Card capability info */
>     int     i;
>     int     k;
> +   int     status;
> 
> -   readCapabilityRid(local, &cap_rid, 1);
> +   status = readCapabilityRid(local, &cap_rid, 1);
> +   if (status != SUCCESS)
> +       return ERROR;

This value is returned directly to the network stack, you must use a
standard error code instead (e.g. -EINVAL).

Also, please add a suitable 'Fixes' tag, thanks!

Paolo
Yu Hao July 10, 2023, 2:52 a.m. UTC | #2 
Sure.

I found that the related code is from Linux-2.6.12-rc2.
In this situation, the 'Fixes' tag should be 'Fixes: 1da177e4c3f4
("Linux-2.6.12-rc2")'?

Yu Hao

On Thu, Jul 6, 2023 at 12:54 AM Paolo Abeni <pabeni@redhat.com> wrote:
>
> On Tue, 2023-07-04 at 16:50 -0700, Yu Hao wrote:
> > The struct cap_rid should be initialized by function readCapabilityRid.
> > However, there is not return value check. Iit is possible that
> > the function readCapabilityRid returns error code and cap_rid.softCap
> > is not initialized. But there is a read later for this field.
> >
> > Signed-off-by: Yu Hao <yhao016@ucr.edu>
> > ---
> >  drivers/net/wireless/cisco/airo.c | 5 ++++-
> >  1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/net/wireless/cisco/airo.c
> > b/drivers/net/wireless/cisco/airo.c
> > index 7c4cc5f5e1eb..b3736d76a5d5 100644
> > --- a/drivers/net/wireless/cisco/airo.c
> > +++ b/drivers/net/wireless/cisco/airo.c
> > @@ -6950,8 +6950,11 @@ static int airo_get_range(struct net_device *dev,
> >     CapabilityRid cap_rid;      /* Card capability info */
> >     int     i;
> >     int     k;
> > +   int     status;
> >
> > -   readCapabilityRid(local, &cap_rid, 1);
> > +   status = readCapabilityRid(local, &cap_rid, 1);
> > +   if (status != SUCCESS)
> > +       return ERROR;
>
> This value is returned directly to the network stack, you must use a
> standard error code instead (e.g. -EINVAL).
>
> Also, please add a suitable 'Fixes' tag, thanks!
>
> Paolo
>
Paolo Abeni July 10, 2023, 4:19 p.m. UTC | #3 
On Sun, 2023-07-09 at 19:52 -0700, Yu Hao wrote:
> I found that the related code is from Linux-2.6.12-rc2.
> In this situation, the 'Fixes' tag should be 'Fixes: 1da177e4c3f4
> ("Linux-2.6.12-rc2")'?

Exactly!

Cheers,

Paolo
Yu Hao July 11, 2023, 5:17 a.m. UTC | #4 
Got it. Let me do this.

Yu Hao

On Mon, Jul 10, 2023 at 9:20 AM Paolo Abeni <pabeni@redhat.com> wrote:
>
> On Sun, 2023-07-09 at 19:52 -0700, Yu Hao wrote:
> > I found that the related code is from Linux-2.6.12-rc2.
> > In this situation, the 'Fixes' tag should be 'Fixes: 1da177e4c3f4
> > ("Linux-2.6.12-rc2")'?
>
> Exactly!
>
> Cheers,
>
> Paolo
>
diff mbox series

Patch

diff --git a/drivers/net/wireless/cisco/airo.c
b/drivers/net/wireless/cisco/airo.c
index 7c4cc5f5e1eb..b3736d76a5d5 100644
--- a/drivers/net/wireless/cisco/airo.c
+++ b/drivers/net/wireless/cisco/airo.c
@@ -6950,8 +6950,11 @@  static int airo_get_range(struct net_device *dev,
    CapabilityRid cap_rid;      /* Card capability info */
    int     i;
    int     k;
+   int     status;

-   readCapabilityRid(local, &cap_rid, 1);
+   status = readCapabilityRid(local, &cap_rid, 1);
+   if (status != SUCCESS)
+       return ERROR;

    dwrq->length = sizeof(struct iw_range);
    memset(range, 0, sizeof(*range));