lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 16 Sep 2013 18:31:52 -0700
From:	Brian Norris <computersforpeace@...il.com>
To:	David Woodhouse <dwmw2@...radead.org>
Cc:	Artem Bityutskiy <dedekind1@...il.com>,
	Brian Norris <computersforpeace@...il.com>,
	<linux-mtd@...ts.infradead.org>,
	Linux Kernel <linux-kernel@...r.kernel.org>,
	Huang Shijie <b32955@...escale.com>
Subject: [PATCH] mtd: nand: fix memory leak in ONFI extended parameter page

This fixes a memory leak in the ONFI support code for detecting the
required ECC levels from this commit:

  commit 6dcbe0cdd83fb5f77be4f44c9e06c535281c375a
  Author: Huang Shijie <b32955@...escale.com>
  Date:   Wed May 22 10:28:27 2013 +0800

      mtd: get the ECC info from the Extended Parameter Page

In the success case, we never freed the 'ep' buffer.

Also, this fixes an oversight in the same commit where we (harmlessly)
freed the NULL pointer.

Signed-off-by: Brian Norris <computersforpeace@...il.com>
Cc: Huang Shijie <b32955@...escale.com>
---
David, if there are no objections, can you send this to Linus for 3.12?

If this doesn't make it into 3.12, then it will be -stable material.

 drivers/mtd/nand/nand_base.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
index d4578a1..00022b4 100644
--- a/drivers/mtd/nand/nand_base.c
+++ b/drivers/mtd/nand/nand_base.c
@@ -2869,10 +2869,8 @@ static int nand_flash_detect_ext_param_page(struct mtd_info *mtd,
 
 	len = le16_to_cpu(p->ext_param_page_length) * 16;
 	ep = kmalloc(len, GFP_KERNEL);
-	if (!ep) {
-		ret = -ENOMEM;
-		goto ext_out;
-	}
+	if (!ep)
+		return -ENOMEM;
 
 	/* Send our own NAND_CMD_PARAM. */
 	chip->cmdfunc(mtd, NAND_CMD_PARAM, 0, -1);
@@ -2920,7 +2918,7 @@ static int nand_flash_detect_ext_param_page(struct mtd_info *mtd,
 	}
 
 	pr_info("ONFI extended param page detected.\n");
-	return 0;
+	ret = 0;
 
 ext_out:
 	kfree(ep);
-- 
1.8.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ