lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <2959663.zb4mtM3Vnv@donald.sf-tec.de>
Date:	Thu, 24 Mar 2011 08:02:10 +0100
From:	Rolf Eike Beer <eike@...mail.de>
To:	Jesper Juhl <jj@...osbits.net>
Cc:	linux-kernel@...r.kernel.org, Jing Huang <huangj@...cade.com>,
	linux-scsi@...r.kernel.org, James.Bottomley@...e.de
Subject: Re: [PATCH][RESEND] SCSI, Brocade FC HBA: Remember to always release_firmware() so we don't leak memory.

Am Donnerstag, 24. M�rz 2011, 00:00:39 schrieb Jesper Juhl:
> Once we've called request_firmware() we must remember to call
> release_firmware() to free memory. We don't currently do this in
> bfad_read_firmware(); causing a memory leak.
> 
> Signed-off-by: Jesper Juhl <jj@...osbits.net>
> Acked-by: Jing Huang <huangj@...cade.com>
> ---
>  bfad.c |   11 +++++------
>  1 file changed, 5 insertions(+), 6 deletions(-)
> 
>  Could someone merge this please?
> 
> diff --git a/drivers/scsi/bfa/bfad.c b/drivers/scsi/bfa/bfad.c
> index 44524cf..d7bafeb 100644
> --- a/drivers/scsi/bfa/bfad.c
> +++ b/drivers/scsi/bfa/bfad.c
> @@ -1558,23 +1558,22 @@ bfad_read_firmware(struct pci_dev *pdev, u32
> **bfi_image,
> 
>  	if (request_firmware(&fw, fw_name, &pdev->dev)) {
>  		printk(KERN_ALERT "Can't locate firmware %s\n", fw_name);
> -		goto error;
> +		*bfi_image = NULL;
> +		goto out;
>  	}

A simple "return NULL;" here is enough, there is nothing that could be freed 
later on.

Looking a bit deeper I think the interface of this function is totally b0rked:
-it has a return value that is always the same as one of the arguments 
(+dereference)
-noone ever checks this return value
-at least in my tree it is never called from anywhere outside this file but is 
still exported and not static

Eike
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ