lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 15 Apr 2016 11:35:48 -0600
From:	Sathya Prakash Veerichetty <sathya.prakash@...adcom.com>
To:	"Martin K. Petersen" <martin.petersen@...cle.com>,
	Sudip Mukherjee <sudipm.mukherjee@...il.com>
Cc:	Chaitra Basappa <chaitra.basappa@...adcom.com>,
	Suganath Prabu Subramani 
	<suganath-prabu.subramani@...adcom.com>,
	"James E.J. Bottomley" <jejb@...ux.vnet.ibm.com>,
	linux-kernel@...r.kernel.org,
	PDL-MPT-FUSIONLINUX <mpt-fusionlinux.pdl@...adcom.com>,
	linux-scsi@...r.kernel.org
Subject: RE: [PATCH] mpt3sas: fix possible NULL dereference

We need to do some more changes in this.  The concept is first pool alloc
and then memory alloc in the pool, so the memory has to be freed if the
memory is allocated in the pool and irrespective of memory allocated or
not the pool has to be destroyed if it is created.  We will work
internally and provide a complete patch.

Thanks
Sathya

-----Original Message-----
From: Martin K. Petersen [mailto:martin.petersen@...cle.com]
Sent: Thursday, April 14, 2016 8:44 PM
To: Sudip Mukherjee
Cc: Sathya Prakash; Chaitra P B; Suganath Prabu Subramani; James E.J.
Bottomley; Martin K. Petersen; linux-kernel@...r.kernel.org;
MPT-FusionLinux.pdl@...adcom.com; linux-scsi@...r.kernel.org
Subject: Re: [PATCH] mpt3sas: fix possible NULL dereference

>>>>> "Sudip" == Sudip Mukherjee <sudipm.mukherjee@...il.com> writes:

Sudip> We are dereferencing ioc->sense_dma_pool in pci_pool_free() and
Sudip> after that we are checking if it is NULL, before calling
Sudip> pci_pool_destroy().  Lets check if it is NULL before calling both
Sudip> pci_pool_free() and pci_pool_destroy().

Broadcom folks, please review.

-- 
Martin K. Petersen	Oracle Linux Engineering

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ