lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <25a38254-f0e3-1f4e-de46-688d9fd1b736@cogentembedded.com>
Date:   Fri, 30 Sep 2016 15:56:45 +0300
From:   Sergei Shtylyov <sergei.shtylyov@...entembedded.com>
To:     Johannes Thumshirn <jthumshirn@...e.de>,
        Solomon Peachy <pizza@...ftnet.org>,
        Kalle Valo <kvalo@...eaurora.org>
Cc:     linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/3] cw1200: Don't leak memory if krealloc failes

Hello.

On 9/30/2016 3:11 PM, Johannes Thumshirn wrote:

> The call to krealloc() in wsm_buf_reserve() directly assigns the newly
> returned memory to buf->begin. This is all fine except when krealloc()
> failes we loose the ability to free the old memory pointed to by

    Fails.

> buf->begin. If we just create a temporary variable to assign memory to
> and assign the memory to it we can mitigate the memory leak.
>
> Signed-off-by: Johannes Thumshirn <jthumshirn@...e.de>
> ---
>  drivers/net/wireless/st/cw1200/wsm.c | 16 +++++++++-------
>  1 file changed, 9 insertions(+), 7 deletions(-)
>
> diff --git a/drivers/net/wireless/st/cw1200/wsm.c b/drivers/net/wireless/st/cw1200/wsm.c
> index 680d60e..12fad99 100644
> --- a/drivers/net/wireless/st/cw1200/wsm.c
> +++ b/drivers/net/wireless/st/cw1200/wsm.c
> @@ -1807,16 +1807,18 @@ static int wsm_buf_reserve(struct wsm_buf *buf, size_t extra_size)
>  {
>  	size_t pos = buf->data - buf->begin;
>  	size_t size = pos + extra_size;
> +	u8 *tmp;
>
>  	size = round_up(size, FWLOAD_BLOCK_SIZE);
>
> -	buf->begin = krealloc(buf->begin, size, GFP_KERNEL | GFP_DMA);
> -	if (buf->begin) {
> -		buf->data = &buf->begin[pos];
> -		buf->end = &buf->begin[size];
> -		return 0;
> -	} else {
> -		buf->end = buf->data = buf->begin;
> +	tmp = krealloc(buf->begin, size, GFP_KERNEL | GFP_DMA);
> +	if (tmp) {

    !tmp, you mean?

> +		wsm_buf_deinit(buf);
>  		return -ENOMEM;
>  	}
> +
> +	buf->begin = tmp;
> +	buf->data = &buf->begin[pos];
> +	buf->end = &buf->begin[size];
> +	return 0;
>  }

MBR, Sergei

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ