On Wed, Aug 11, 2021 at 11:33:57AM +0800, Tuo Li wrote: > Hello, > > Our static analysis tool finds a possible null-pointer dereference in > rtllib_wx.c in Linux 5.14.0-rc3: > > The variable (*crypt)->ops is checked in: > 342: if (*crypt && (*crypt)->ops && strcmp((*crypt)->ops->name, "R-WEP") > != 0) > > This indicates that it can be NULL. If so, null-pointer dereferences will > occur: > 389: (*crypt)->ops->set_key() > 400: len = (*crypt)->ops->get_key() > > I am not quite sure whether this possible null-pointer dereference is real > and how to fix it if it is real. > Any feedback would be appreciated, thanks! > > Reported-by: TOTE Robot <oslab@xxxxxxxxxxxxxxx> I don't *think* the check is required. The data in ieee->crypt_info.crypt[idx] is set in rtllib_wx_set_encode() and rtllib_wx_set_encode_ext() when we do "*crypt = new_crypt;". (The line is the same in both functions). And in both cases ->ops is non-NULL. So probably the check should be removed. On the other hand, I don't know the code very well and it's possible I missed something. regards, dan carpenter
