Hello Johannes Berg,
The patch fdf7cb4185b6: "mac80211: accept key reinstall without
changing anything" from Sep 5, 2017 (linux-next), leads to the
following Smatch static checker warning:
net/mac80211/key.c:1385 ieee80211_gtk_rekey_add()
warn: 'key' was already freed.
net/mac80211/key.c
899
900 /*
901 * Silently accept key re-installation without really installing the
902 * new version of the key to avoid nonce reuse or replay issues.
903 */
904 if (ieee80211_key_identical(sdata, old_key, key)) {
905 ieee80211_key_free_unused(key);
^^^
key is freed here.
906 return 0;
907 }
908
net/mac80211/key.c
1375 return ERR_CAST(key);
1376
1377 if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
1378 key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
1379
1380 /* FIXME: this function needs to get a link ID */
1381 err = ieee80211_key_link(key, &sdata->deflink, NULL);
1382 if (err)
1383 return ERR_PTR(err);
1384
--> 1385 return &key->conf;
^^^^^^^^^^
Use after free.
1386 }
regards,
dan carpenter
