lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <wrfjtx99w4ry.fsf@ultrasam.lan.trained-monkey.org>
Date:	Thu, 01 May 2014 23:46:57 +0200
From:	Jes Sorensen <Jes.Sorensen@...hat.com>
To:	Christian Engelmayer <cengelma@....at>
Cc:	Mateusz Guzik <mguzik@...hat.com>, devel@...verdev.osuosl.org,
	Larry.Finger@...inger.net, gregkh@...uxfoundation.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: rtl8723au: fix potential leak in update_bcn_wps_ie()

Christian Engelmayer <cengelma@....at> writes:
> On Thu, 1 May 2014 14:22:17 +0200, Mateusz Guzik <mguzik@...hat.com> wrote:
>> On Thu, May 01, 2014 at 01:57:27PM +0200, Christian Engelmayer wrote:
>> > Fix a potential leak in the error path of function update_bcn_wps_ie().
>> > Make sure that allocated memory for 'pbackup_remainder_ie' is freed
>> > upon return. Detected by Coverity - CID 1077718.
>> > 
>> 
>>         if (remainder_ielen > 0) {
>>                 pbackup_remainder_ie = kmalloc(remainder_ielen, GFP_ATOMIC);
>>                 if (pbackup_remainder_ie)
>>                         memcpy(pbackup_remainder_ie, premainder_ie,
>>                                remainder_ielen);
>>         }
>> 
>>         pwps_ie_src = pmlmepriv->wps_beacon_ie;
>>         if (pwps_ie_src == NULL)
>>                 return;
>> 
>> 
>> Maybe just check pwps_ie_src earlier?
>> 
>
> You are right, I see no reason why this cannot be done early in the function.

Looks good to me - if you send me a patch with a commit message and a
Signed-off-by, I'll add it to the rtl8723au driver tree and push it to
Greg with my next set of changes.

Cheers,
Jes
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ