| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <535F1851.3020004@lwfinger.net>
Date: Mon, 28 Apr 2014 22:11:13 -0500
From: Larry Finger <Larry.Finger@...inger.net>
To: Christian Engelmayer <cengelma@....at>, devel@...verdev.osuosl.org
CC: gregkh@...uxfoundation.org, peter.p.waskiewicz.jr@...el.com,
oat.elena@...il.com, dan.carpenter@...cle.com,
w-lkml@...enslange-mailadresse.de, teobaluta@...il.com,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/5] staging: rtl8188eu: fix potential leak in rtw_wx_read32()
On 04/28/2014 03:56 PM, Christian Engelmayer wrote:
> Function rtw_wx_read32() dynamically allocates a temporary buffer that is not
> freed in all error paths. Use a centralized exit path and make sure that all
> memory is freed correctly. Detected by Coverity - CID 1077711.
>
> Signed-off-by: Christian Engelmayer <cengelma@....at>
Acked-by: Larry Finger <Larry.Finger@...inger.net>
This Ack is valid for all 5 patches.
Larry
> ---
> drivers/staging/rtl8188eu/os_dep/ioctl_linux.c | 15 +++++++++------
> 1 file changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
> index cf30a08..45b47e2 100644
> --- a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
> +++ b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
> @@ -2154,6 +2154,7 @@ static int rtw_wx_read32(struct net_device *dev,
> u32 bytes;
> u8 *ptmp;
> int rv;
> + int ret = 0;
>
> padapter = (struct adapter *)rtw_netdev_priv(dev);
> p = &wrqu->data;
> @@ -2163,16 +2164,16 @@ static int rtw_wx_read32(struct net_device *dev,
> return -ENOMEM;
>
> if (copy_from_user(ptmp, p->pointer, len)) {
> - kfree(ptmp);
> - return -EFAULT;
> + ret = -EFAULT;
> + goto exit;
> }
>
> bytes = 0;
> addr = 0;
> rv = sscanf(ptmp, "%d,%x", &bytes, &addr);
> if (rv != 2) {
> - kfree(ptmp);
> - return -EINVAL;
> + ret = -EINVAL;
> + goto exit;
> }
>
> switch (bytes) {
> @@ -2190,12 +2191,14 @@ static int rtw_wx_read32(struct net_device *dev,
> break;
> default:
> DBG_88E(KERN_INFO "%s: usage> read [bytes],[address(hex)]\n", __func__);
> - return -EINVAL;
> + ret = -EINVAL;
> + goto exit;
> }
> DBG_88E(KERN_INFO "%s: addr = 0x%08X data =%s\n", __func__, addr, extra);
>
> +exit:
> kfree(ptmp);
> - return 0;
> + return ret;
> }
>
> static int rtw_wx_write32(struct net_device *dev,
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists