| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Apr 2016 15:53:13 -0700
From: Kees Cook <keescook@...omium.org>
To: Sudip Mukherjee <sudipm.mukherjee@...il.com>
Cc: Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 1/2] lkdtm: fix memory leak of val
On Tue, Apr 5, 2016 at 10:11 AM, Sudip Mukherjee
<sudipm.mukherjee@...il.com> wrote:
> This case is supposed to read from a page after after it is freed, but
> it missed freeing val if we are not able to get a free page.
>
> Signed-off-by: Sudip Mukherjee <sudip.mukherjee@...ethink.co.uk>
> ---
> drivers/misc/lkdtm.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c
> index 5f1a36b..2f0b022 100644
> --- a/drivers/misc/lkdtm.c
> +++ b/drivers/misc/lkdtm.c
> @@ -498,12 +498,13 @@ static void lkdtm_do_action(enum ctype which)
> }
> case CT_READ_BUDDY_AFTER_FREE: {
> unsigned long p = __get_free_page(GFP_KERNEL);
> - int saw, *val = kmalloc(1024, GFP_KERNEL);
> + int saw, *val;
> int *base;
>
> if (!p)
> break;
>
> + val = kmalloc(1024, GFP_KERNEL);
There's actually still a leak of "p" here, but I've fix that now too. Thanks!
-Kees
> if (!val)
> break;
>
> --
> 1.9.1
>
--
Kees Cook
Chrome OS & Brillo Security
Powered by blists - more mailing lists