lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 29 Mar 2017 20:54:46 +0200
From:   walter harms <wharms@....de>
To:     Colin King <colin.king@...onical.com>
CC:     Harry Morris <h.morris@...coda.com>, linuxdev@...coda.com,
        Alexander Aring <aar@...gutronix.de>,
        Stefan Schmidt <stefan@....samsung.com>,
        linux-wpan@...r.kernel.org, netdev@...r.kernel.org,
        kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Add checks for kmalloc allocation failures



Am 29.03.2017 17:54, schrieb Colin King:
> From: Colin Ian King <colin.king@...onical.com>
> 
> Ensure we don't end up with a null pointer dereferences by checking
> for for allocation failures.  Allocate by sizeof(*ptr) rather than
> the type to fix checkpack warnings.  Also merge multiple lines into
> one line for the kmalloc call.
> 
> Detected by CoverityScan, CID#1422435 ("Dereference null return value")
> 
> Signed-off-by: Colin Ian King <colin.king@...onical.com>
> ---
>  drivers/net/ieee802154/ca8210.c | 18 ++++++++++--------
>  1 file changed, 10 insertions(+), 8 deletions(-)
> 
> diff --git a/drivers/net/ieee802154/ca8210.c b/drivers/net/ieee802154/ca8210.c
> index 53fa87bfede0..25fd3b04b3c0 100644
> --- a/drivers/net/ieee802154/ca8210.c
> +++ b/drivers/net/ieee802154/ca8210.c
> @@ -634,6 +634,8 @@ static int ca8210_test_int_driver_write(
>  		dev_dbg(&priv->spi->dev, "%#03x\n", buf[i]);
>  
>  	fifo_buffer = kmalloc(len, GFP_KERNEL);
> +	if (!fifo_buffer)
> +		return -ENOMEM;
>  	memcpy(fifo_buffer, buf, len);


perhaps kmemdup() ist the way to go ?
by replace kamlloc()+memcpy

re,
 wh

>  	kfifo_in(&test->up_fifo, &fifo_buffer, 4);
>  	wake_up_interruptible(&priv->test.readq);
> @@ -759,10 +761,10 @@ static void ca8210_rx_done(struct cas_control *cas_ctl)
>  				&priv->spi->dev,
>  				"Resetting MAC...\n");
>  
> -			mlme_reset_wpc = kmalloc(
> -				sizeof(struct work_priv_container),
> -				GFP_KERNEL
> -			);
> +			mlme_reset_wpc = kmalloc(sizeof(*mlme_reset_wpc),
> +						 GFP_KERNEL);
> +			if (!mlme_reset_wpc)
> +				goto finish;
>  			INIT_WORK(
>  				&mlme_reset_wpc->work,
>  				ca8210_mlme_reset_worker
> @@ -925,10 +927,10 @@ static int ca8210_spi_transfer(
>  
>  	dev_dbg(&spi->dev, "ca8210_spi_transfer called\n");
>  
> -	cas_ctl = kmalloc(
> -		sizeof(struct cas_control),
> -		GFP_ATOMIC
> -	);
> +	cas_ctl = kmalloc(sizeof(*cas_ctl), GFP_ATOMIC);
> +	if (!cas_ctl)
> +		return -ENOMEM;
> +
>  	cas_ctl->priv = priv;
>  	memset(cas_ctl->tx_buf, SPI_IDLE, CA8210_SPI_BUF_SIZE);
>  	memset(cas_ctl->tx_in_buf, SPI_IDLE, CA8210_SPI_BUF_SIZE);

Powered by blists - more mailing lists