lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20060725012453.5765d1f6.akpm@osdl.org>
Date:	Tue, 25 Jul 2006 01:24:53 -0700
From:	Andrew Morton <akpm@...l.org>
To:	takis@...umba.uhasselt.be (Panagiotis Issaris)
Cc:	linux-kernel@...r.kernel.org, paulus@...ba.org,
	linux-ppp@...r.kernel.org
Subject: Re: [PATCH] Missing failure handling

On Thu, 20 Jul 2006 21:16:29 +0200
takis@...umba.uhasselt.be (Panagiotis Issaris) wrote:

> From: Panagiotis Issaris <takis@...aris.org>
> 
> The PPP code contains two kmalloc()s followed by memset()s without
> handling a possible memory allocation failure. (Suggested by 
> Joe Perches).
> 
> And furthermore, conversions from kmalloc+memset to kzalloc.

OK...

> -			struct cardmap *np = kmalloc(sizeof(*np), GFP_KERNEL);
> -			memset(np, 0, sizeof(*np));
> +			struct cardmap *np = kzalloc(sizeof(*np), GFP_KERNEL);
> +			if (!np) {
> +				printk(KERN_ERR "PPP: no memory (cardmap)\n");
> +				return -ENOMEM;
> +			}
>  			np->ptr[0] = p;
>  			if (p != NULL) {
>  				np->shift = p->shift + CARDMAP_ORDER;
> @@ -2719,8 +2727,11 @@ static void cardmap_set(struct cardmap *
>  	while (p->shift > 0) {
>  		i = (nr >> p->shift) & CARDMAP_MASK;
>  		if (p->ptr[i] == NULL) {
> -			struct cardmap *np = kmalloc(sizeof(*np), GFP_KERNEL);
> -			memset(np, 0, sizeof(*np));
> +			struct cardmap *np = kzalloc(sizeof(*np), GFP_KERNEL);
> +			if (!np) {
> +				printk(KERN_ERR "PPP: no memory (cardmap)\n");
> +				return -ENOMEM;
> +			}
>  			np->shift = p->shift - CARDMAP_ORDER;

But this leaks memory on errors.

It looks like cardmap_destroy() will handle a partially-constructed map,
so..

--- a/drivers/net/ppp_generic.c~ppp-handle-kmalloc-failures-leak-fix
+++ a/drivers/net/ppp_generic.c
@@ -2710,10 +2710,8 @@ static int cardmap_set(struct cardmap **
 		do {
 			/* need a new top level */
 			struct cardmap *np = kzalloc(sizeof(*np), GFP_KERNEL);
-			if (!np) {
-				printk(KERN_ERR "PPP: no memory (cardmap)\n");
-				return -ENOMEM;
-			}
+			if (!np)
+				goto enomem;
 			np->ptr[0] = p;
 			if (p != NULL) {
 				np->shift = p->shift + CARDMAP_ORDER;
@@ -2728,10 +2726,8 @@ static int cardmap_set(struct cardmap **
 		i = (nr >> p->shift) & CARDMAP_MASK;
 		if (p->ptr[i] == NULL) {
 			struct cardmap *np = kzalloc(sizeof(*np), GFP_KERNEL);
-			if (!np) {
-				printk(KERN_ERR "PPP: no memory (cardmap)\n");
-				return -ENOMEM;
-			}
+			if (!np)
+				goto enomem;
 			np->shift = p->shift - CARDMAP_ORDER;
 			np->parent = p;
 			p->ptr[i] = np;
@@ -2747,6 +2743,10 @@ static int cardmap_set(struct cardmap **
 	else
 		clear_bit(i, &p->inuse);
 	return 0;
+enomem:
+	printk(KERN_ERR "PPP: no memory (cardmap)\n");
+	cardmap_destroy(pmap);
+	return -ENOMEM;
 }
 
 static unsigned int cardmap_find_first_free(struct cardmap *map)
_

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ