lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 2 Jun 2017 10:32:42 -0700
From:   Igor Mitsyanko <igor.mitsyanko.os@...ntenna.com>
To:     Colin King <colin.king@...onical.com>,
        Avinash Patil <avinashp@...ntenna.com>,
        Sergey Matyukevich <smatyukevich@...ntenna.com>,
        Kalle Valo <kvalo@...eaurora.org>,
        Dmitrii Lebed <dlebed@...ntenna.com>,
        Huizhao Wang <hwang@...ntenna.com>,
        linux-wireless@...r.kernel.org, netdev@...r.kernel.org
Cc:     kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH][wireless-next] qtnfmac: check band before allocating
 cmd_skb to avoid resource leak

On 06/02/2017 08:40 AM, Colin King wrote:
> External Email
>
>
> From: Colin Ian King <colin.king@...onical.com>
>
> The current code allocates cmd_skb and then will leak this if band->band
> is an illegal value. It is simpler to sanity check the band first before
> allocating cmd_skb so that we don't have to free cmd_skb if an invalid
> band occurs.
>
> Detected by CoverityScan, CID#1437561 ("Resource Leak")
>
> Signed-off-by: Colin Ian King <colin.king@...onical.com>
> ---
>   drivers/net/wireless/quantenna/qtnfmac/commands.c | 12 ++++++------
>   1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/net/wireless/quantenna/qtnfmac/commands.c b/drivers/net/wireless/quantenna/qtnfmac/commands.c
> index f0a0cfa7d8a1..cce62f39edaf 100644
> --- a/drivers/net/wireless/quantenna/qtnfmac/commands.c
> +++ b/drivers/net/wireless/quantenna/qtnfmac/commands.c
> @@ -1300,12 +1300,6 @@ int qtnf_cmd_get_mac_chan_info(struct qtnf_wmac *mac,
>          int ret = 0;
>          u8 qband;
>
> -       cmd_skb = qtnf_cmd_alloc_new_cmdskb(mac->macid, 0,
> -                                           QLINK_CMD_CHANS_INFO_GET,
> -                                           sizeof(*cmd));
> -       if (!cmd_skb)
> -               return -ENOMEM;
> -
>          switch (band->band) {
>          case NL80211_BAND_2GHZ:
>                  qband = QLINK_BAND_2GHZ;
> @@ -1320,6 +1314,12 @@ int qtnf_cmd_get_mac_chan_info(struct qtnf_wmac *mac,
>                  return -EINVAL;
>          }
>
> +       cmd_skb = qtnf_cmd_alloc_new_cmdskb(mac->macid, 0,
> +                                           QLINK_CMD_CHANS_INFO_GET,
> +                                           sizeof(*cmd));
> +       if (!cmd_skb)
> +               return -ENOMEM;
> +
>          cmd = (struct qlink_cmd_chans_info_get *)cmd_skb->data;
>          cmd->band = qband;
>          ret = qtnf_cmd_send_with_reply(mac->bus, cmd_skb, &resp_skb, &res_code,
> --
> 2.11.0
>
Reviewed-by: Igor Mitsyanko <igor.mitsyanko.os@...ntenna.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ