lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <200611161650.26989.m.kozlowski@tuxland.pl>
Date:	Thu, 16 Nov 2006 16:50:25 +0100
From:	Mariusz Kozlowski <m.kozlowski@...land.pl>
To:	Torrey Hoffman <thoffman@...or.net>, Greg KH <greg@...ah.com>,
	linux-usb-devel@...ts.sourceforge.net, linux-kernel@...r.kernel.org
Subject: [PATCH] usb: ati remote memleak fix

Hello,

	This is a bug. When checking for ati_remote->outbuf we free
freeing ati_remote->inbuf so we end up freeing ati_remote->inbuf twice.
Also the checks for 'ati_remote->inbuf != NULL' and
'ati_remote->outbuf != NULL' are redundant as usb_buffer_free() does
this.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@...land.pl>

 drivers/usb/input/ati_remote.c |   12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff -up linux-2.6.19-rc5-mm2-a/drivers/usb/input/ati_remote.c linux-2.6.19-rc5-mm2-b/drivers/usb/input/ati_remote.c
--- linux-2.6.19-rc5-mm2-a/drivers/usb/input/ati_remote.c	2006-11-15 11:24:24.000000000 +0100
+++ linux-2.6.19-rc5-mm2-b/drivers/usb/input/ati_remote.c	2006-11-15 16:33:02.000000000 +0100
@@ -633,13 +633,11 @@ static void ati_remote_free_buffers(stru
 	usb_free_urb(ati_remote->irq_urb);
 	usb_free_urb(ati_remote->out_urb);

-	if (ati_remote->inbuf)
-		usb_buffer_free(ati_remote->udev, DATA_BUFSIZE,
-				ati_remote->inbuf, ati_remote->inbuf_dma);
-
-	if (ati_remote->outbuf)
-		usb_buffer_free(ati_remote->udev, DATA_BUFSIZE,
-				ati_remote->inbuf, ati_remote->outbuf_dma);
+	usb_buffer_free(ati_remote->udev, DATA_BUFSIZE,
+		ati_remote->inbuf, ati_remote->inbuf_dma);
+
+	usb_buffer_free(ati_remote->udev, DATA_BUFSIZE,
+		ati_remote->outbuf, ati_remote->outbuf_dma);
 }



-- 
Regards,

	Mariusz Kozlowski
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ