From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Wed, 2 Nov 2022 09:56:46 +0000 (+0200)
Subject: MLD STA: Fully clear MLO info to avoid use of uninitialized members
X-Git-Tag: hostap_2_11~1619
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=90cef4f2116a36afa1297db2f4d2941069f841e9;p=thirdparty%2Fhostap.git

MLD STA: Fully clear MLO info to avoid use of uninitialized members

The initial wpa_drv_get_mlo_info() implementation cleared only the
valid_links information within struct driver_sta_mlo_info before trying
to fetch the information from the driver. While this is likely going to
work fine in practice, this can result in static analyzer warnings on
use of uninitialized memory (e.g., mlo.assoc_link_id could have been
read if wpa_s->valid_links was set to a nonzero value). In any case, it
is better to avoid such unnecessary warnings by clearing the full data
structure before using it.

Fixes: 7784964cbe88 ("MLD STA: Fetch MLO connection info into core wpa_supplicant")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index f277e2163..89e0b09ea 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -3360,7 +3360,7 @@ static int wpa_drv_get_mlo_info(struct wpa_supplicant *wpa_s)
 	struct driver_sta_mlo_info mlo;
 	int i;
 
-	mlo.valid_links = 0;
+	os_memset(&mlo, 0, sizeof(mlo));
 	if (wpas_drv_get_sta_mlo_info(wpa_s, &mlo)) {
 		wpa_dbg(wpa_s, MSG_ERROR, "Failed to get MLO link info");
 		wpa_supplicant_deauthenticate(wpa_s,