| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <49A70134.4070700@gmail.com>
Date: Thu, 26 Feb 2009 21:53:08 +0100
From: Jiri Slaby <jirislaby@...il.com>
To: Bob Copeland <me@...copeland.com>
CC: Sitsofe Wheeler <sitsofe@...oo.com>,
Jiri Slaby <jirislaby@...il.com>,
Nick Kossifidis <mickflemm@...il.com>,
Frederic Weisbecker <fweisbec@...il.com>,
linux-kernel@...r.kernel.org, linux-wireless@...r.kernel.org,
ath5k-devel@...ema.h4ckr.net,
"Luis R. Rodriguez" <lrodriguez@...eros.com>
Subject: Re: [TIP] BUG kmalloc-4096: Poison overwritten (ath5k_rx_skb_alloc)
On 26.2.2009 02:06, Bob Copeland wrote:
> --- a/drivers/net/wireless/ath5k/base.c
> +++ b/drivers/net/wireless/ath5k/base.c
> @@ -1140,12 +1140,14 @@ ath5k_rxbuf_setup(struct ath5k_softc *sc, struct ath5k_buf *bf)
> struct ath5k_hw *ah = sc->ah;
> struct sk_buff *skb = bf->skb;
> struct ath5k_desc *ds;
> + dma_addr_t dma_addr;
>
> if (!skb) {
> - skb = ath5k_rx_skb_alloc(sc,&bf->skbaddr);
> + skb = ath5k_rx_skb_alloc(sc,&dma_addr);
> if (!skb)
> return -ENOMEM;
> bf->skb = skb;
> + bf->skbaddr = dma_addr;
Hmm, rather than the caller, ath5k_rx_skb_alloc is wrong here in my
eyes. It shouldn't touch the second parameter unless it knows it won't
fail anymore.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists