lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 31 May 2016 17:27:20 +0000
From:	Jake Oshins <jakeo@...rosoft.com>
To:	Vitaly Kuznetsov <vkuznets@...hat.com>,
	"linux-pci@...r.kernel.org" <linux-pci@...r.kernel.org>
CC:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"devel@...uxdriverproject.org" <devel@...uxdriverproject.org>,
	Bjorn Helgaas <bhelgaas@...gle.com>,
	Haiyang Zhang <haiyangz@...rosoft.com>,
	KY Srinivasan <kys@...rosoft.com>
Subject: RE: [PATCH 1/2] PCI: hv: don't leak buffer in
 hv_pci_onchannelcallback()

> -----Original Message-----
> From: Vitaly Kuznetsov [mailto:vkuznets@...hat.com]
> Sent: Monday, May 30, 2016 7:18 AM
> To: linux-pci@...r.kernel.org
> Cc: linux-kernel@...r.kernel.org; devel@...uxdriverproject.org; Bjorn
> Helgaas <bhelgaas@...gle.com>; Haiyang Zhang
> <haiyangz@...rosoft.com>; KY Srinivasan <kys@...rosoft.com>; Jake
> Oshins <jakeo@...rosoft.com>
> Subject: [PATCH 1/2] PCI: hv: don't leak buffer in hv_pci_onchannelcallback()
> 
> We don't free buffer on several code paths in hv_pci_onchannelcallback(),
> put kfree() to the end of the function to fix the issue. Direct { kfree();
> return; } can now be replaced with a simple 'break';
> 
> Signed-off-by: Vitaly Kuznetsov <vkuznets@...hat.com>
Acked-by: Jake Oshins <jakeo@...rosoft.com>

> ---
>  drivers/pci/host/pci-hyperv.c | 11 +++++------
>  1 file changed, 5 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c
> index 7e9b2de..a68ec49 100644
> --- a/drivers/pci/host/pci-hyperv.c
> +++ b/drivers/pci/host/pci-hyperv.c
> @@ -1661,10 +1661,8 @@ static void hv_pci_onchannelcallback(void
> *context)
>  		 * All incoming packets must be at least as large as a
>  		 * response.
>  		 */
> -		if (bytes_recvd <= sizeof(struct pci_response)) {
> -			kfree(buffer);
> -			return;
> -		}
> +		if (bytes_recvd <= sizeof(struct pci_response))
> +			break;
>  		desc = (struct vmpacket_descriptor *)buffer;
> 
>  		switch (desc->type) {
> @@ -1679,8 +1677,7 @@ static void hv_pci_onchannelcallback(void
> *context)
>  			comp_packet->completion_func(comp_packet-
> >compl_ctxt,
>  						     response,
>  						     bytes_recvd);
> -			kfree(buffer);
> -			return;
> +			break;
> 
>  		case VM_PKT_DATA_INBAND:
> 
> @@ -1729,6 +1726,8 @@ static void hv_pci_onchannelcallback(void
> *context)
>  		}
>  		break;
>  	}
> +
> +	kfree(buffer);
>  }
> 
>  /**
> --
> 2.5.5

This is a good fix.  Thanks.

-- Jake Oshins

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ