Re: New Defects reported by Coverity Scan for linux-next weekly scan

Muhammad Usama Anjum <musamaanjum@xxxxxxxxx> · Fri, 09 Apr 2021 19:04:41 +0500

On Thu, 2021-04-08 at 17:13 +0000, scan-admin@xxxxxxxxxxxx wrote:
> ** CID 1503714:    (DEADCODE)
> /drivers/staging/rtl8723bs/os_dep/ioctl_linux.c: 367 in wpa_set_auth_algs()
> /drivers/staging/rtl8723bs/os_dep/ioctl_linux.c: 357 in wpa_set_auth_algs()
> 
> 
> ________________________________________________________________________________________________________
> *** CID 1503714:    (DEADCODE)
> /drivers/staging/rtl8723bs/os_dep/ioctl_linux.c: 367 in wpa_set_auth_algs()
> 361     		padapter->securitypriv.ndisencryptstatus = Ndis802_11Encryption1Enabled;
> 362     
> 363     		padapter->securitypriv.ndisauthtype = Ndis802_11AuthModeShared;
> 364     		padapter->securitypriv.dot11AuthAlgrthm = dot11AuthAlgrthm_Shared;
> 365     	} else if (value & WLAN_AUTH_OPEN) {
> 366     		/* padapter->securitypriv.ndisencryptstatus = Ndis802_11EncryptionDisabled; */
> > > >     CID 1503714:    (DEADCODE)
> > > >     Execution cannot reach this statement: "if (padapter->securitypriv....".
> 367     		if (padapter->securitypriv.ndisauthtype < Ndis802_11AuthModeWPAPSK) {
> 368     			padapter->securitypriv.ndisauthtype = Ndis802_11AuthModeOpen;
> 369     			padapter->securitypriv.dot11AuthAlgrthm = dot11AuthAlgrthm_Open;
> 370     		}
> 371     	} else {
> 372     		ret = -EINVAL;
> /drivers/staging/rtl8723bs/os_dep/ioctl_linux.c: 357 in wpa_set_auth_algs()
> 351     static int wpa_set_auth_algs(struct net_device *dev, u32 value)
> 352     {
> 353     	struct adapter *padapter = rtw_netdev_priv(dev);
> 354     	int ret = 0;
> 355     
> 356     	if ((value & WLAN_AUTH_SHARED_KEY) && (value & WLAN_AUTH_OPEN)) {

The value of WLAN_AUTH_OPEN macro is 0 and it is being treated as if
is a bit number. Two conditions in this function never execute. It
seems like a crucial bug. Anyone looking into it?

> > > >     CID 1503714:    (DEADCODE)
> > > >     Execution cannot reach this statement: "padapter->securitypriv.ndis...".
> 357     		padapter->securitypriv.ndisencryptstatus = Ndis802_11Encryption1Enabled;
> 358     		padapter->securitypriv.ndisauthtype = Ndis802_11AuthModeAutoSwitch;
> 359     		padapter->securitypriv.dot11AuthAlgrthm = dot11AuthAlgrthm_Auto;
> 360     	} else if (value & WLAN_AUTH_SHARED_KEY)	{
> 361     		padapter->securitypriv.ndisencryptstatus = Ndis802_11Encryption1Enabled;
> 362     
> 
> ** CID 1487894:  Null pointer dereferences  (FORWARD_NULL)
> /net/ipv6/route.c: 5209 in ip6_route_multipath_add()