| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1321775251-3274-1-git-send-email-namhyung@gmail.com> Date: Sun, 20 Nov 2011 16:47:31 +0900 From: Namhyung Kim <namhyung@...il.com> To: Andrew Morton <akpm@...ux-foundation.org> Cc: linux-kernel@...r.kernel.org, Albin Tonnerre <albin.tonnerre@...e-electrons.com>, Lasse Collin <lasse.collin@...aani.org> Subject: [PATCH] lib: fix potential memory free failure on unlzo() in_buf is dynamically allocated if @input is not given, and adjusted as processing data on every loop. However if block metadata is corrupted it will bail out the loop in the middle, thus in_buf will point out wrong memory. Fix it by freeing in_buf_save instead. Signed-off-by: Namhyung Kim <namhyung@...il.com> Cc: Albin Tonnerre <albin.tonnerre@...e-electrons.com> Cc: Lasse Collin <lasse.collin@...aani.org> --- lib/decompress_unlzo.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/lib/decompress_unlzo.c b/lib/decompress_unlzo.c index 5a7a2adf4c4c..4531294fa62f 100644 --- a/lib/decompress_unlzo.c +++ b/lib/decompress_unlzo.c @@ -279,7 +279,7 @@ STATIC inline int INIT unlzo(u8 *input, int in_len, ret = 0; exit_2: if (!input) - free(in_buf); + free(in_buf_save); exit_1: if (!output) free(out_buf); -- 1.7.6 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists