| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5jLAGW5ahkHs8yzwzQ6waXrDfMTjF2pyyk4w2fqQZBJb7Q@mail.gmail.com>
Date: Wed, 6 Apr 2016 15:49:20 -0700
From: Kees Cook <keescook@...omium.org>
To: Sudip Mukherjee <sudipm.mukherjee@...il.com>
Cc: Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 2/2] lkdtm: fix memory leak of base
On Tue, Apr 5, 2016 at 10:11 AM, Sudip Mukherjee
<sudipm.mukherjee@...il.com> wrote:
> This case is supposed to read from a memory after it has been freed,
> but we missed freeing base if the memory 'val' could not be allocated.
>
> Signed-off-by: Sudip Mukherjee <sudip.mukherjee@...ethink.co.uk>
Also applied. Thanks!
-Kees
> ---
> drivers/misc/lkdtm.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c
> index 2f0b022..5b3a63c 100644
> --- a/drivers/misc/lkdtm.c
> +++ b/drivers/misc/lkdtm.c
> @@ -458,8 +458,10 @@ static void lkdtm_do_action(enum ctype which)
> break;
>
> val = kmalloc(len, GFP_KERNEL);
> - if (!val)
> + if (!val) {
> + kfree(base);
> break;
> + }
>
> *val = 0x12345678;
> base[offset] = *val;
> --
> 1.9.1
>
--
Kees Cook
Chrome OS & Brillo Security
Powered by blists - more mailing lists