From 52c6a6b8ea8c360f548b5b5cfb24bd355408e0da Mon Sep 17 00:00:00 2001 From: Denis Kenzior Date: Tue, 27 Feb 2024 15:25:12 -0600 Subject: [PATCH] eap-wsc: Zero authenticator bytes to fix static analysis warning static analysis complains that authenticator is used uninitialized. This isn't strictly true as memory region is reserved for the authenticator using the contents of the passed in structure. This region is then overwritten once the authenticator is actually computed by authenticator_put(). Silence this warning by explicitly setting authenticator bytes to 0. Reviewed-by: Paul Menzel --- src/eap-wsc.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/eap-wsc.c b/src/eap-wsc.c index 65a97da4..789a20f0 100644 --- a/src/eap-wsc.c +++ b/src/eap-wsc.c @@ -695,6 +695,8 @@ static void eap_wsc_send_m5(struct eap_state *eap, size_t encrypted_len; bool r; + memset(m5.authenticator, 0, sizeof(m5.authenticator)); + memcpy(m5es.e_snonce1, wsc->local_snonce1, sizeof(wsc->local_snonce1)); pdu = wsc_build_m5_encrypted_settings(&m5es, &pdu_len); explicit_bzero(m5es.e_snonce1, sizeof(wsc->local_snonce1)); @@ -797,6 +799,8 @@ static void eap_wsc_send_m3(struct eap_state *eap, uint8_t *pdu; size_t pdu_len; + memset(m3.authenticator, 0, sizeof(m3.authenticator)); + len = strlen(wsc->device_password); /* WSC 2.0.5, Section 7.4: @@ -975,6 +979,8 @@ static void eap_wsc_r_send_m8(struct eap_state *eap, unsigned int auth_types = wsc->m1->auth_type_flags & wsc->m2->auth_type_flags; + memset(m8.authenticator, 0, sizeof(m8.authenticator)); + if (auth_types & WSC_AUTHENTICATION_TYPE_OPEN) memcpy(&creds[creds_cnt++], &wsc->open_cred, sizeof(struct wsc_credential)); @@ -1022,6 +1028,9 @@ static void eap_wsc_r_handle_m7(struct eap_state *eap, struct wsc_m7_encrypted_settings m7es; enum wsc_configuration_error error = WSC_CONFIGURATION_ERROR_NO_ERROR; + memset(m7es.authenticator, 0, sizeof(m7es.authenticator)); + memset(m7.authenticator, 0, sizeof(m7.authenticator)); + /* Spec unclear what to do here, see comments in eap_wsc_send_nack */ if (wsc_parse_m7(pdu, len, &m7, &encrypted) != 0) goto send_nack; @@ -1084,6 +1093,9 @@ static void eap_wsc_r_send_m6(struct eap_state *eap, size_t encrypted_len; bool r; + memset(m6es.authenticator, 0, sizeof(m6es.authenticator)); + memset(m6.authenticator, 0, sizeof(m6.authenticator)); + memcpy(m6es.r_snonce2, wsc->local_snonce2, sizeof(wsc->local_snonce2)); pdu = wsc_build_m6_encrypted_settings(&m6es, &pdu_len); explicit_bzero(m6es.r_snonce2, sizeof(wsc->local_snonce2)); @@ -1123,6 +1135,8 @@ static void eap_wsc_r_handle_m5(struct eap_state *eap, struct wsc_m5_encrypted_settings m5es; enum wsc_configuration_error error = WSC_CONFIGURATION_ERROR_NO_ERROR; + memset(m5es.authenticator, 0, sizeof(m5es.authenticator)); + /* Spec unclear what to do here, see comments in eap_wsc_send_nack */ if (wsc_parse_m5(pdu, len, &m5, &encrypted) != 0) goto send_nack; @@ -1188,6 +1202,9 @@ static void eap_wsc_r_send_m4(struct eap_state *eap, size_t len_half1; struct iovec iov[4]; + memset(m4es.authenticator, 0, sizeof(m4es.authenticator)); + memset(m4.authenticator, 0, sizeof(m4.authenticator)); + memcpy(m4es.r_snonce1, wsc->local_snonce1, sizeof(wsc->local_snonce1)); pdu = wsc_build_m4_encrypted_settings(&m4es, &pdu_len); explicit_bzero(m4es.r_snonce1, sizeof(wsc->local_snonce1));