Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

eap-wsc: Zero authenticator bytes to fix static analysis warning 

static analysis complains that authenticator is used uninitialized.
This isn't strictly true as memory region is reserved for the
authenticator using the contents of the passed in structure.  This
region is then overwritten once the authenticator is actually computed
by authenticator_put().  Silence this warning by explicitly setting
authenticator bytes to 0.

Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
This commit is contained in:
Denis Kenzior 2024-02-27 15:25:12 -06:00
parent 42273fd122
commit 52c6a6b8ea
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/eap-wsc.c
View File

@ -695,6 +695,8 @@ static void eap_wsc_send_m5(struct eap_state *eap,
size_t encrypted_len;
bool r;
memset(m5.authenticator, 0, sizeof(m5.authenticator));
memcpy(m5es.e_snonce1, wsc->local_snonce1, sizeof(wsc->local_snonce1));
pdu = wsc_build_m5_encrypted_settings(&m5es, &pdu_len);
explicit_bzero(m5es.e_snonce1, sizeof(wsc->local_snonce1));
@ -797,6 +799,8 @@ static void eap_wsc_send_m3(struct eap_state *eap,
uint8_t *pdu;
size_t pdu_len;
memset(m3.authenticator, 0, sizeof(m3.authenticator));
len = strlen(wsc->device_password);
/* WSC 2.0.5, Section 7.4:
@ -975,6 +979,8 @@ static void eap_wsc_r_send_m8(struct eap_state *eap,
unsigned int auth_types =
wsc->m1->auth_type_flags & wsc->m2->auth_type_flags;
memset(m8.authenticator, 0, sizeof(m8.authenticator));
if (auth_types & WSC_AUTHENTICATION_TYPE_OPEN)
memcpy(&creds[creds_cnt++], &wsc->open_cred,
sizeof(struct wsc_credential));
@ -1022,6 +1028,9 @@ static void eap_wsc_r_handle_m7(struct eap_state *eap,
struct wsc_m7_encrypted_settings m7es;
enum wsc_configuration_error error = WSC_CONFIGURATION_ERROR_NO_ERROR;
memset(m7es.authenticator, 0, sizeof(m7es.authenticator));
memset(m7.authenticator, 0, sizeof(m7.authenticator));
/* Spec unclear what to do here, see comments in eap_wsc_send_nack */
if (wsc_parse_m7(pdu, len, &m7, &encrypted) != 0)
goto send_nack;
@ -1084,6 +1093,9 @@ static void eap_wsc_r_send_m6(struct eap_state *eap,
size_t encrypted_len;
bool r;
memset(m6es.authenticator, 0, sizeof(m6es.authenticator));
memset(m6.authenticator, 0, sizeof(m6.authenticator));
memcpy(m6es.r_snonce2, wsc->local_snonce2, sizeof(wsc->local_snonce2));
pdu = wsc_build_m6_encrypted_settings(&m6es, &pdu_len);
explicit_bzero(m6es.r_snonce2, sizeof(wsc->local_snonce2));
@ -1123,6 +1135,8 @@ static void eap_wsc_r_handle_m5(struct eap_state *eap,
struct wsc_m5_encrypted_settings m5es;
enum wsc_configuration_error error = WSC_CONFIGURATION_ERROR_NO_ERROR;
memset(m5es.authenticator, 0, sizeof(m5es.authenticator));
/* Spec unclear what to do here, see comments in eap_wsc_send_nack */
if (wsc_parse_m5(pdu, len, &m5, &encrypted) != 0)
goto send_nack;
@ -1188,6 +1202,9 @@ static void eap_wsc_r_send_m4(struct eap_state *eap,
size_t len_half1;
struct iovec iov[4];
memset(m4es.authenticator, 0, sizeof(m4es.authenticator));
memset(m4.authenticator, 0, sizeof(m4.authenticator));
memcpy(m4es.r_snonce1, wsc->local_snonce1, sizeof(wsc->local_snonce1));
pdu = wsc_build_m4_encrypted_settings(&m4es, &pdu_len);
explicit_bzero(m4es.r_snonce1, sizeof(wsc->local_snonce1));