lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 2 Aug 2011 14:00:16 +0200
From:	Alexey ORISHKO <alexey.orishko@...ricsson.com>
To:	Josh Boyer <jwboyer@...hat.com>, Oliver Neukum <oliver@...kum.org>
Cc:	Greg Kroah-Hartman <gregkh@...e.de>,
	"linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: cdc_ncm uses stack memory for DMA

> -----Original Message-----
> From: linux-usb-owner@...r.kernel.org [mailto:linux-usb-owner@...r.kernel.org]
> On Behalf Of Josh Boyer
> Sent: Tuesday, August 02, 2011 1:02 PM

> 
> -		err = cdc_ncm_do_request(ctx, &req, &max_datagram_size, 0, NULL,
> +		err = cdc_ncm_do_request(ctx, &req, max_datagram_size, 0, NULL,
>  									1000);
> +
>  		if (err) {
>  			pr_debug("GET_MAX_DATAGRAM_SIZE failed, use size=%u\n",
>  						CDC_NCM_MIN_DATAGRAM_SIZE);

You miss to free it here.

>  		} else {
> -			ctx->max_datagram_size = le16_to_cpu(max_datagram_size);
> +			ctx->max_datagram_size = le16_to_cpu(*max_datagram_size);
>  			/* Check Eth descriptor value */
>  			if (eth_max_sz < CDC_NCM_MAX_DATAGRAM_SIZE) {
>  				if (ctx->max_datagram_size > eth_max_sz)
> @@ -401,10 +423,12 @@ static u8 cdc_ncm_setup(struct cdc_ncm_ctx *ctx)
>  			req.wValue = 0;
>  			req.wIndex = cpu_to_le16(iface_no);
>  			req.wLength = 2;
> -			max_datagram_size = cpu_to_le16(ctx->max_datagram_size);
> +			*max_datagram_size = cpu_to_le16(ctx->max_datagram_size);
> 
> -			err = cdc_ncm_do_request(ctx, &req, &max_datagram_size,
> +			err = cdc_ncm_do_request(ctx, &req, max_datagram_size,
>  								0, NULL, 1000);
> +			kfree(max_datagram_size);
> +max_dgram_err:
>  			if (err)
>  				pr_debug("SET_MAX_DATAGRAM_SIZE failed\n");
>  		}
> --


You have mem leak in case of request failure. Will you resubmit it with this change?
I have HW available and can test this patch on Ubuntu 11.04. 

FYI: There is another bug in ncm driver and I'm about to post a patch for it.

Alexey
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ