Thanks Dan,
This is however expected, the function will be shortly returned at line 1727
i.e. the '-ENOKEY' case, so never be dereferenced inside the
tipc_crypto_rcv_complete()!
BR/Tuong
-----Original Message-----
From: Dan Carpenter <dan...@or...>
Sent: Thursday, November 14, 2019 1:33 AM
To: tuo...@de...
Cc: tip...@li...
Subject: [bug report] tipc: introduce TIPC encryption & authentication
Hello Tuong Lien,
This is a semi-automatic email about new static checker warnings.
The patch fc1b6d6de220: "tipc: introduce TIPC encryption &
authentication" from Nov 8, 2019, leads to the following Smatch
complaint:
net/tipc/crypto.c:1734 tipc_crypto_rcv()
error: we previously assumed 'aead' could be null (see line 1697)
net/tipc/crypto.c
1696 aead = tipc_crypto_key_pick_tx(tx, rx, *skb);
1697 if (aead)
1698 goto decrypt;
1699 goto exit;
^^^^^^^^^^
"aead" is NULL here.
1700
1701 decrypt:
1702 rcu_read_lock();
1703 if (!aead)
1704 aead = tipc_aead_get(rx->aead[tx_key]);
1705 rc = tipc_aead_decrypt(net, aead, *skb, b);
1706 rcu_read_unlock();
1707
1708 exit:
1709 stats = ((rx) ?: tx)->stats;
1710 switch (rc) {
1711 case 0:
1712 this_cpu_inc(stats->stat[STAT_OK]);
1713 break;
1714 case -EINPROGRESS:
1715 case -EBUSY:
1716 this_cpu_inc(stats->stat[STAT_ASYNC]);
1717 *skb = NULL;
1718 return rc;
1719 default:
1720 this_cpu_inc(stats->stat[STAT_NOK]);
1721 if (rc == -ENOKEY) {
1722 kfree_skb(*skb);
1723 *skb = NULL;
1724 if (rx)
1725 tipc_node_put(rx->node);
1726 this_cpu_inc(stats->stat[STAT_NOKEYS]);
1727 return rc;
1728 } else if (rc == -EBADMSG) {
1729 this_cpu_inc(stats->stat[STAT_BADMSGS]);
1730 }
1731 break;
1732 }
1733
1734 tipc_crypto_rcv_complete(net, aead, b, skb, rc);
^^^^
Dereferenced inside function.
1735 return rc;
1736 }
regards,
dan carpenter
|
