Hi,
On Wed, 2022-06-22 at 10:06 +0300, Dan Carpenter wrote:
> The patch 325839da9581: "wifi: cfg80211: simplify
> cfg80211_mlme_auth() prototype" from Jun 1, 2022, leads to the
> following Smatch static checker warning:
>
> net/wireless/nl80211.c:10310 nl80211_authenticate()
> warn: assigning signed to unsigned: 'req.key_idx = key.idx' '(-1)-3'
Hmm, ok. What does "(-1)-3" mean? Oh, it's a range: [-1, 3].
> 10217 err = nl80211_parse_key(info, &key);
> 10218 if (err)
> 10219 return err;
> 10220
> 10221 if (key.idx >= 0) {
> 10222 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
> 10223 return -EINVAL;
> 10224 if (!key.p.key || !key.p.key_len)
> 10225 return -EINVAL;
> 10226 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
> 10227 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
> 10228 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
> 10229 key.p.key_len != WLAN_KEY_LEN_WEP104))
> 10230 return -EINVAL;
> 10231 if (key.idx > 3)
> 10232 return -EINVAL;
> 10233 } else {
> 10234 key.p.key_len = 0;
> 10235 key.p.key = NULL;
>
> Apparently key.idx can be -1 on this path
Yeah that's plausible.
> 10307 req.auth_type = auth_type;
> 10308 req.key = key.p.key;
> 10309 req.key_len = key.p.key_len;
> --> 10310 req.key_idx = key.idx;
>
> So do we really want to set "req.key_idx to (u8)-1" here?
Well, key will be NULL, so the key_idx fundamentally cannot be used...
But I guess I can make that an s8 to make this issue go away.
johannes
