lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e3852062-0872-1cea-ec0d-a03d4c77ddd9@users.sourceforge.net>
Date:   Mon, 12 Sep 2016 20:51:45 +0200
From:   SF Markus Elfring <elfring@...rs.sourceforge.net>
To:     ceph-devel@...r.kernel.org, Alex Elder <elder@...nel.org>,
        Ilya Dryomov <idryomov@...il.com>, Sage Weil <sage@...hat.com>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        kernel-janitors@...r.kernel.org,
        Julia Lawall <julia.lawall@...6.fr>
Subject: [PATCH 10/47] block-rbd: One function call less in
 rbd_dev_image_name() after error detection

From: Markus Elfring <elfring@...rs.sourceforge.net>
Date: Mon, 12 Sep 2016 18:00:18 +0200

The kfree() function was called in one case by the rbd_dev_image_name()
function during error handling even if the passed variable "reply_buf"
contained a null pointer.

Adjust jump targets according to the Linux coding style convention.

Signed-off-by: Markus Elfring <elfring@...rs.sourceforge.net>
---
 drivers/block/rbd.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
index aac51a1..145bbcc 100644
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -5276,14 +5276,14 @@ static char *rbd_dev_image_name(struct rbd_device *rbd_dev)
 	size = sizeof (__le32) + RBD_IMAGE_NAME_LEN_MAX;
 	reply_buf = kmalloc(size, GFP_KERNEL);
 	if (!reply_buf)
-		goto out;
+		goto free_id;
 
 	ret = rbd_obj_method_sync(rbd_dev, RBD_DIRECTORY,
 				"rbd", "dir_get_name",
 				image_id, image_id_size,
 				reply_buf, size);
 	if (ret < 0)
-		goto out;
+		goto free_buffer;
 	p = reply_buf;
 	end = reply_buf + ret;
 
@@ -5292,8 +5292,9 @@ static char *rbd_dev_image_name(struct rbd_device *rbd_dev)
 		image_name = NULL;
 	else
 		dout("%s: name is %s len is %zd\n", __func__, image_name, len);
-out:
+ free_buffer:
 	kfree(reply_buf);
+ free_id:
 	kfree(image_id);
 
 	return image_name;
-- 
2.10.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ