lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140602002822.39fe7c9e@spike>
Date:	Mon, 2 Jun 2014 00:28:22 +0200
From:	Christian Engelmayer <cengelma@....at>
To:	Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se>
Cc:	Larry Finger <Larry.Finger@...inger.net>,
	Florian Schilhabel <florian.c.schilhabel@...glemail.com>,
	devel@...verdev.osuosl.org,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-kernel@...r.kernel.org,
	Paul Gortmaker <paul.gortmaker@...driver.com>,
	Thomas Cort <linuxgeek@...il.com>,
	Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Subject: Re: [PATCH] staging: rtl8712: rtl871x_ioctl_linux.c: Cleaning up
 memory leak

On Sun,  1 Jun 2014 13:30:43 +0200, Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se> wrote:
> There is a risk for memory leak in when something unexpected happens
> and the function returns.
> 
> This was largely found by using a static code analysis program called cppcheck.
> 
> Signed-off-by: Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se>
> ---
>  drivers/staging/rtl8712/rtl871x_ioctl_linux.c |    1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
> index 23d539d..27e0243 100644
> --- a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
> +++ b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
> @@ -1822,6 +1822,7 @@ static int r871x_wx_set_enc_ext(struct net_device *dev,
>  		alg_name = "CCMP";
>  		break;
>  	default:
> +		kfree(param);
>  		return -EINVAL;
>  	}
>  	strncpy((char *)param->u.crypt.alg, alg_name, IEEE_CRYPT_ALG_NAME_LEN);

Hi Rickard,

This one doesn't apply either. Commit 55d4f6cc (staging: rtl8712: fix potential
leak in r871x_wx_set_enc_ext()) moved the input verification to the beginning
of the function so that the direct return no longer hurt. This change was also
already in flight at the time of Your first version of the patch in May.

Please check that Your patches are based on linux-next.

Best Regards,
Christian
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ