Received: by 2002:ab2:2997:0:b0:1ec:cbc4:63fb with SMTP id n23csp505514lqb;
        Thu, 29 Feb 2024 07:13:32 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCXQgr0Ieg1X/z5ErImsU0c0GWDrmlUEKn1OQUYeov9MCnSBHVdL38TmjiZ0GWJtR1+XndhB7owouz6nuGrOKKK8Gawb1eJTuWYuUPPkVQ==
X-Google-Smtp-Source: AGHT+IGOLOkcjqQ/lN06utDgqvC00VVJvGPvijJGeAAF3GohN3AQK7b1yyUN2uE+wQoljUZGCBd7
X-Received: by 2002:a05:6e02:13e2:b0:365:aaca:d171 with SMTP id w2-20020a056e0213e200b00365aacad171mr2323736ilj.31.1709219612434;
        Thu, 29 Feb 2024 07:13:32 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1709219612; cv=pass;
        d=google.com; s=arc-20160816;
        b=Z+wmR+vuY9aRLNXfO8I+xTB/qEyVJ9pO5QPzpqdMBXQLtu/S4RMRD1DeLJOPiv1Uyt
         SuxvJOk5ZwPhBquViJS4yul+tw0gKmKifNIGO3wa7TkxkuXGCRW7ls2F1RVc2OmG7sgK
         1m640sEDQoPcSN8aN+QnpB0EqC+C5zJQLQxBl39T8FblnQFg0YVDcLebhRv4UCHDpIiA
         AfPpJRVhiof8mmvZYXAcZwGwD5UmSfqwtUvqrB4keoO8szRqJ1EeSqmAsZQAKdHf2DwN
         ENdHwjpOUJwCATecpZ2LJnuuMNKyo9oIdeo8IzWGS+hTeb+NetQ6QITXru3Kpv0g1t1Q
         z8Og==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence
         :user-agent:content-transfer-encoding:references:in-reply-to:date:cc
         :to:from:subject:message-id:dkim-signature;
        bh=8AwHBpIhsbCVDBv4ZXb4xrIi8IWIlMVmsji29a4pTG8=;
        fh=KnQw8LOK/pwqb3mJMdtuz32IIlYyWLc0LyzNtRgdMBc=;
        b=0Mwr9OH7P9XtxBNYTS8b3otRb+O+RZLVH6jQ1LXFEvD0jdtoDzVAa2as5P4jxTk4LB
         fmI7t1bo11Pre95mIev8SednJ69XlNqtSifB9+5uvHv0CtmQYrG287C5Odt+22VtLUeh
         VsKgPERXw+dIzB6WRXlj7wTeh62ob7sauvHPs6PxUSEwZ/6KNQXIupsqLgwIL2LU6c8W
         jgVbIeitp9yU7EKFg7qy3BjOvOkSGp1h9ZeuU/hSUzqUyLmKPS5/Vsh/r1g/dh0/gybZ
         cy1r5cPrqBt4HBbZ0o855tlkydhllwLwbZlVKFlw63n5Tbo6hh41k7Z+ZVC5VRoX/oS2
         v03A==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@sipsolutions.net header.s=mail header.b=aFbJz4bz;
       arc=pass (i=1 spf=pass spfdomain=sipsolutions.net dkim=pass dkdomain=sipsolutions.net dmarc=pass fromdomain=sipsolutions.net);
       spf=pass (google.com: domain of linux-wireless+bounces-4257-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-wireless+bounces-4257-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net
Return-Path: <linux-wireless+bounces-4257-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1])
        by mx.google.com with ESMTPS id l2-20020a656802000000b005e43cb66c1asi1480746pgt.329.2024.02.29.07.13.31
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 29 Feb 2024 07:13:32 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-wireless+bounces-4257-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@sipsolutions.net header.s=mail header.b=aFbJz4bz;
       arc=pass (i=1 spf=pass spfdomain=sipsolutions.net dkim=pass dkdomain=sipsolutions.net dmarc=pass fromdomain=sipsolutions.net);
       spf=pass (google.com: domain of linux-wireless+bounces-4257-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-wireless+bounces-4257-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 84514B25C72
	for <linux.lists.archive@gmail.com>; Thu, 29 Feb 2024 15:08:31 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id D5B0A13776F;
	Thu, 29 Feb 2024 15:08:27 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=sipsolutions.net header.i=@sipsolutions.net header.b="aFbJz4bz"
X-Original-To: linux-wireless@vger.kernel.org
Received: from sipsolutions.net (s3.sipsolutions.net [168.119.38.16])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 46EE3137762
	for <linux-wireless@vger.kernel.org>; Thu, 29 Feb 2024 15:08:25 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.38.16
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1709219307; cv=none; b=UMRY62Z/sgFDx7Z44VK4xSMuci+mePQjJjGRLKAu988kYq8G0MjrBXWJYmBDBRoOmyVoGxLzYNuM7JcyOvKO2UzLF5qLMEgCsUzIzkMFuIhk3m8hnXR+m/KKBm4CnpCSzhw7OdSlQVrZpZ4hmlIq8rr5SuBlUBwv97aT/CA5/B8=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1709219307; c=relaxed/simple;
	bh=Dn8Y2E1Kimci8BsMyH73MKQB0vEtWFq6zwqrC7rvVRY=;
	h=Message-ID:Subject:From:To:Cc:Date:In-Reply-To:References:
	 Content-Type:MIME-Version; b=acpHfkE3Zfbt9K2FTUxbZbXV2YXDChm1bfsS6ZkwuBvF+Mdgk+MceR0hCIifBBNkShP5Zc0f4lwWxb4PzZMDJ/LEEZqK6Qg2938rx58+mJWJmbr/SITKMlgAwS6rw/Qs8RVOY6Jyg94Dep3ORJGwTY7De7oFiG27Y8dfCeWN7ms=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sipsolutions.net; spf=pass smtp.mailfrom=sipsolutions.net; dkim=pass (2048-bit key) header.d=sipsolutions.net header.i=@sipsolutions.net header.b=aFbJz4bz; arc=none smtp.client-ip=168.119.38.16
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sipsolutions.net
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sipsolutions.net
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=sipsolutions.net; s=mail; h=MIME-Version:Content-Transfer-Encoding:
	Content-Type:References:In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Sender
	:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-To:
	Resent-Cc:Resent-Message-ID; bh=8AwHBpIhsbCVDBv4ZXb4xrIi8IWIlMVmsji29a4pTG8=;
	t=1709219305; x=1710428905; b=aFbJz4bzMjBk98HXPjNGS3F5PrhCCStzpR2J4lMjnD9Jac4
	5Ad2Ps539pBqaYWJFLWpTlMDcrweXC5MMpcml/zi47opT3gJWcq+mQlHzR/c0SkgG1G+y/f+B/ucK
	1ZKsZ+jncmoG7UNinT8cyuhjkDFC4MZrt4YCfLPO8gP0yllFSceC0B7nZoVdqyNUJPWUCyusuQde1
	kV0wjI01b2CA99DhzMWjqkIEvFNT6rMopskTY05elyLwEUcbxIOgU7DQj1gxAOqzm2Jb3TrFhoTj9
	6ciNbvil7pLgqyRpEqRgwp6NS/EfEg/4U77fhf6LJNuDuwDxj75Sjy5D/Q4jCDYA==;
Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
	(Exim 4.97)
	(envelope-from <johannes@sipsolutions.net>)
	id 1rfi1H-0000000Dejt-07Cu;
	Thu, 29 Feb 2024 16:08:23 +0100
Message-ID: <7e38b0496e8f2b8ef18d69e4e07db8fdc29f303b.camel@sipsolutions.net>
Subject: Re: [bug report] wifi: mac80211: clean up connection process
From: Johannes Berg <johannes@sipsolutions.net>
To: Dan Carpenter <dan.carpenter@linaro.org>
Cc: linux-wireless@vger.kernel.org
Date: Thu, 29 Feb 2024 16:08:22 +0100
In-Reply-To: <3151f5d0-c18f-413d-b34b-b94f095b947c@moroto.mountain>
References: <3151f5d0-c18f-413d-b34b-b94f095b947c@moroto.mountain>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.50.4 (3.50.4-1.fc39) 
Precedence: bulk
X-Mailing-List: linux-wireless@vger.kernel.org
List-Id: <linux-wireless.vger.kernel.org>
List-Subscribe: <mailto:linux-wireless+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-wireless+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-malware-bazaar: not-scanned

Hi Dan,

> net/mac80211/mlme.c:8176 ieee80211_mgd_assoc() error: uninitialized symbo=
l 'match_auth'.
> net/mac80211/mlme.c:8220 ieee80211_mgd_assoc() error: uninitialized symbo=
l 'match_auth'.

Huh, that's interesting, how did we not notice this ... I'll fix it, but
I think I'll just make the assignment unconditional and add the part of
"ifmgd->auth_data &&" to the statement, rather than having the if.

> net/mac80211/mlme.c:8177 ieee80211_mgd_assoc() error: we previously assum=
ed 'link' could be null (see line 8169)

>     8168                         link =3D sdata_dereference(sdata->link[i=
], sdata);
>     8169                         if (link)
>                                      ^^^^
> link checked for NULL

Right.


> --> 8176                         if (match_auth && i =3D=3D assoc_link_id=
)
>                                      ^^^^^^^^^^
> Potentially uninitialized
>=20
>     8177                                 assoc_data->link[i].conn =3D lin=
k->u.mgd.conn;
>                                                                     ^^^^^=
^
> Unchecked dereference.  This one is probably a false positive, but I
> just thought I would report it for completeness.

Yeah, hm. It's a bit tricky. I was going to say the link must be there,
but actually, that's not even entirely guaranteed; we could have been
doing FT-OTA without previous auth, and then the link might only be
assigned later in this code, in

        if (req->ap_mld_addr) {
                /* if there was no authentication, set up the link */
                err =3D ieee80211_vif_set_links(sdata, BIT(assoc_link_id), =
0);



So I'll add a && link there, otherwise we anyway don't have data yet and
need to use the unlimited thing.

Thanks!

johannes