lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 09 May 2016 00:06:34 -0600 From: "Jan Beulich" <jbeulich@...e.com> To: <xypron.glpk@....de> Cc: <david.vrabel@...rix.com>, <xen-devel@...ts.xenproject.org>, <boris.ostrovsky@...cle.com>, "Juergen Gross" <JGross@...e.com>, <linux-kernel@...r.kernel.org> Subject: Re: [Xen-devel] [PATCH 1/1] xen/gntdev: kmalloc structure gntdev_copy_batch >>> Heinrich Schuchardt <xypron.glpk@....de> 05/08/16 8:13 AM >>> >--- a/drivers/xen/gntdev.c >+++ b/drivers/xen/gntdev.c >@@ -915,36 +915,43 @@ static int gntdev_grant_copy_seg(struct gntdev_copy_batch *batch, >static long gntdev_ioctl_grant_copy(struct gntdev_priv *priv, void __user *u) >{ >struct ioctl_gntdev_grant_copy copy; >- struct gntdev_copy_batch batch; >+ struct gntdev_copy_batch *batch; >unsigned int i; >int ret = 0; > >+ batch = kmalloc(sizeof(struct gntdev_copy_batch), GFP_KERNEL); >+ if (!batch) >+ return -ENOMEM; >+ >if (copy_from_user(©, u, sizeof(copy))) >return -EFAULT; You carefully fix up all other error return paths below, but not the one above, resulting in a memory leak. >- out: >- gntdev_put_pages(&batch); >+failed: >+ gntdev_put_pages(batch); >+out: >+ kfree(batch); I'm not sure what the conventions are for label placement in the kernel sources, but "out" having been indented by one space (which you ditch) avoided diff's -p option picking up the label instead of the function head as context. Jan
Powered by blists - more mailing lists