lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 03 May 2017 17:58:25 +0200
From:   walter harms <wharms@....de>
To:     Colin King <colin.king@...onical.com>
CC:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Wei-Ning Huang <wnhuang@...gle.com>,
        Thierry Escande <thierry.escande@...labora.com>,
        Wei Yongjun <weiyongjun1@...wei.com>,
        kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] firmware: Google VPD: fix error handling on allocation
 failures



Am 03.05.2017 17:49, schrieb Colin King:
> From: Colin Ian King <colin.king@...onical.com>
> 
> Fix two allocation failure checks. Firstly, ensure info is checked
> for a failed allocation; this fixes a potential null pointer
> dereference issue on info->key.  Secondly, free info is info->key
> fails to allocate to fix a memory leak.
> 
> Detected by CoverityScan, CID#1430064 ("Resource Leak")
> 
> Signed-off-by: Colin Ian King <colin.king@...onical.com>
> ---
>  drivers/firmware/google/vpd.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/firmware/google/vpd.c b/drivers/firmware/google/vpd.c
> index 3ce813110d5e..2eb15b1dabcc 100644
> --- a/drivers/firmware/google/vpd.c
> +++ b/drivers/firmware/google/vpd.c
> @@ -116,9 +116,13 @@ static int vpd_section_attrib_add(const u8 *key, s32 key_len,
>  		return VPD_OK;
>  
>  	info = kzalloc(sizeof(*info), GFP_KERNEL);
> +	if (!info)
> +		return -ENOMEM;
>  	info->key = kzalloc(key_len + 1, GFP_KERNEL);
> -	if (!info->key)
> +	if (!info->key) {
> +		kfree(info);
>  		return -ENOMEM;
> +	}
>  
>  	memcpy(info->key, key, key_len);
>  


the use of key_len+1 looks like preparing space for a string.
so kstrdup() seems more fitting. If this is not a string
there is also a kmemdup().


re,
 wh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ