| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1480761625-4773-1-git-send-email-bianpan2016@163.com>
Date: Sat, 3 Dec 2016 18:40:25 +0800
From: Pan Bian <bianpan2016@....com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Jiri Slaby <jslaby@...e.com>, linux-serial@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, Pan Bian <bianpan2016@....com>
Subject: [PATCH 1/1] tty: serial: set error code when kasprintf fails
When the call to kasprintf() returns a NULL pointer, function
sci_request_irq() frees the preallocated memory and returns 0 is
returned. Because 0 means no error, the caller of sci_request_irq()
will keep going, and the freed memory may be used or freed again. To
avoid the above issue, this patch assigns "-ENOMEM" to the return
variable ret.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188691
Signed-off-by: Pan Bian <bianpan2016@....com>
---
drivers/tty/serial/sh-sci.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c
index 4b26252..69471bf 100644
--- a/drivers/tty/serial/sh-sci.c
+++ b/drivers/tty/serial/sh-sci.c
@@ -1753,8 +1753,10 @@ static int sci_request_irq(struct sci_port *port)
desc = sci_irq_desc + i;
port->irqstr[j] = kasprintf(GFP_KERNEL, "%s:%s",
dev_name(up->dev), desc->desc);
- if (!port->irqstr[j])
+ if (!port->irqstr[j]) {
+ ret = -ENOMEM;
goto out_nomem;
+ }
ret = request_irq(irq, desc->handler, up->irqflags,
port->irqstr[j], port);
--
1.9.1
Powered by blists - more mailing lists