lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 29 May 2019 19:56:05 -0700
From:   Eduardo Valentin <eduval@...zon.com>
To:     Guenter Roeck <linux@...ck-us.net>
CC:     Eduardo Valentin <eduval@...zon.com>,
        Jean Delvare <jdelvare@...e.com>,
        <linux-hwmon@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: [PATCHv2 2/2] hwmon: core: fix potential memory leak in *hwmon_device_register*

When registering a hwmon device with HWMON_C_REGISTER_TZ flag
in place, the hwmon subsystem will attempt to register the device
also with the thermal subsystem. When the of-thermal registration
fails, __hwmon_device_register jumps to ida_remove, leaving
the locally allocated hwdev pointer.

This patch fixes the leak by jumping to a new label that
will first unregister hdev and then fall into the kfree of hwdev
to finally remove the idas and propagate the error code.

Cc: Jean Delvare <jdelvare@...e.com>
Cc: Guenter Roeck <linux@...ck-us.net>
Cc: linux-hwmon@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Signed-off-by: Eduardo Valentin <eduval@...zon.com>
---
V1->V2: removed the device_unregister() before jumping
into the new label, as suggested in the first review round.

 drivers/hwmon/hwmon.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/hwmon/hwmon.c b/drivers/hwmon/hwmon.c
index 429784edd5ff..620f05fc412a 100644
--- a/drivers/hwmon/hwmon.c
+++ b/drivers/hwmon/hwmon.c
@@ -652,10 +652,8 @@ __hwmon_device_register(struct device *dev, const char *name, void *drvdata,
 				if (info[i]->config[j] & HWMON_T_INPUT) {
 					err = hwmon_thermal_add_sensor(dev,
 								hwdev, j);
-					if (err) {
-						device_unregister(hdev);
-						goto ida_remove;
-					}
+					if (err)
+						goto device_unregister;
 				}
 			}
 		}
@@ -663,6 +661,8 @@ __hwmon_device_register(struct device *dev, const char *name, void *drvdata,
 
 	return hdev;
 
+device_unregister:
+	device_unregister(hdev);
 free_hwmon:
 	kfree(hwdev);
 ida_remove:
-- 
2.21.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ