lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Nov 2012 10:49:21 +0100 (CET) From: Jiri Kosina <jkosina@...e.cz> To: Benjamin Tissoires <benjamin.tissoires@...il.com> Cc: Jiri Slaby <jslaby@...e.cz>, Dmitry Torokhov <dmitry.torokhov@...il.com>, Stephane Chatty <chatty@...c.fr>, fabien.andre@...il.com, scott.liu@....com.tw, Jean Delvare <khali@...ux-fr.org>, JJ Ding <jj_ding@....com.tw>, Shubhrajyoti Datta <omaplinuxkernel@...il.com>, linux-i2c@...r.kernel.org, linux-input@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2] i2c-hid: introduce HID over i2c specification implementation On Tue, 16 Oct 2012, Benjamin Tissoires wrote: > >> --- /dev/null > >> +++ b/drivers/hid/i2c-hid/i2c-hid.c > > ... > >> +static int i2c_hid_alloc_buffers(struct i2c_hid *ihid) > >> +{ > >> + /* the worst case is computed from the set_report command with a > >> + * reportID > 15 and the maximum report length */ > >> + int args_len = sizeof(__u8) + /* optional ReportID byte */ > >> + sizeof(__u16) + /* data register */ > >> + sizeof(__u16) + /* size of the report */ > >> + ihid->bufsize; /* report */ > >> + > >> + ihid->inbuf = kzalloc(ihid->bufsize, GFP_KERNEL); > >> + > >> + if (!ihid->inbuf) > >> + return -ENOMEM; > >> + > >> + ihid->argsbuf = kzalloc(args_len, GFP_KERNEL); > >> + > >> + if (!ihid->argsbuf) { > >> + kfree(ihid->inbuf); > >> + return -ENOMEM; > >> + } > >> + > >> + ihid->cmdbuf = kzalloc(sizeof(union command) + args_len, GFP_KERNEL); > >> + > >> + if (!ihid->cmdbuf) { > >> + kfree(ihid->inbuf); > >> + kfree(ihid->argsbuf); > >> + return -ENOMEM; > >> + } > >> + > >> + return 0; > > > > If this is called from hid_start and some of the latter allocation fails > > here, you free the buffers appropriately. However if another start > > occurs (e.g. by loading another module for that particular device), it > > will crash, as the buffers will remain unallocated because at this point > > ihid->bufsize == old_bufsize. You should set ihid->bufsize back to > > old_bufsize if i2c_hid_alloc_buffers fails and also set the pointers to > > NULL here. > > well spotted, thanks. > I'll change it in v3 then. Benjamin, just a quick check -- are you planning on submitting v3 eventually? Thanks, -- Jiri Kosina SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists