lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 08 Aug 2011 14:11:54 -0700
From:	"Nicholas A. Bellinger" <nab@...ux-iscsi.org>
To:	Julia Lawall <julia@...u.dk>
Cc:	kernel-janitors@...r.kernel.org, Andy Grover <agrover@...hat.com>,
	Roland Dreier <roland@...nel.org>,
	Christoph Hellwig <hch@....de>, linux-scsi@...r.kernel.org,
	target-devel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 7/9] drivers/target/iscsi/iscsi_target_parameters.c:
	add missing kfree

On Mon, 2011-08-08 at 13:18 +0200, Julia Lawall wrote:
> From: Julia Lawall <julia@...u.dk>
> 
> At this point, the new_param that has just been allocated has not been
> stored in the list, so it and new_param->name, once it is defined, have to
> be freed separately.
> 
> A simplified version of the semantic match that finds this problem is as
> follows: (http://coccinelle.lip6.fr/)
> 
> // <smpl>
> @exists@
> local idexpression x;
> statement S,S1;
> expression E;
> identifier fl;
> expression *ptr != NULL;
> @@
> 
> x = \(kmalloc\|kzalloc\|kcalloc\)(...);
> ...
> if (x == NULL) S
> <... when != x
>      when != if (...) { <+...kfree(x)...+> }
>      when any
>      when != true x == NULL
> x->fl
> ...>
> (
> if (x == NULL) S1
> |
> if (...) { ... when != x
>                when forall
> (
>  return \(0\|<+...x...+>\|ptr\);
> |
> * return ...;
> )
> }
> )
> // </smpl>
> 
> Signed-off-by: Julia Lawall <julia@...u.dk>
> 
> ---
>  drivers/target/iscsi/iscsi_target_parameters.c |    3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/target/iscsi/iscsi_target_parameters.c b/drivers/target/iscsi/iscsi_target_parameters.c
> index 252e246..b8dbe44 100644
> --- a/drivers/target/iscsi/iscsi_target_parameters.c
> +++ b/drivers/target/iscsi/iscsi_target_parameters.c
> @@ -584,6 +584,7 @@ int iscsi_copy_param_list(
>  		if (!new_param->name) {
>  			pr_err("Unable to allocate memory for"
>  				" parameter name.\n");
> +			kfree(new_param);
>  			goto err_out;
>  		}
>  
> @@ -592,6 +593,8 @@ int iscsi_copy_param_list(
>  		if (!new_param->value) {
>  			pr_err("Unable to allocate memory for"
>  				" parameter value.\n");
> +			kfree(new_param->name);
> +			kfree(new_param);
>  			goto err_out;
>  		}
>  
> 

Hi Julia,

Jesper and Dan already caught this one last week, and has been resolved
with the following patch in lio-core-2.6.git:

commit 83f8b803171751082174162cd1fa058c67d579ab
Author: Jesper Juhl <jj@...osbits.net>
Date:   Tue Aug 2 10:26:36 2011 +0200

    iscsi-target: Fix leak on failure in iscsi_copy_param_list()

This one is being queued for the next round of target fixes for
mainline.

Thanks for reporting!

--nab

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ