| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Sep 2017 09:15:22 -0700
From: Douglas Anderson <dianders@...omium.org>
To: Oliver Neukum <oneukum@...e.com>
Cc: groeck@...omium.org, grundler@...omium.org,
Douglas Anderson <dianders@...omium.org>,
netdev@...r.kernel.org, linux-usb@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [RFC PATCH 3/3] usbnet: Fix memory leak when rx_submit() fails
If rx_submit() returns an error code then nobody calls usb_free_urb().
That means it's leaked.
NOTE: This problem was found solely by code inspection and not due to
any failing test cases.
Signed-off-by: Douglas Anderson <dianders@...omium.org>
---
drivers/net/usb/usbnet.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
index e72547d8d0e6..4c067aaeea5a 100644
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -1182,9 +1182,12 @@ usbnet_deferred_kevent (struct work_struct *work)
usb_free_urb(urb);
goto fail_lowmem;
}
- if (rx_submit (dev, urb, GFP_KERNEL) ==
- -ENOLINK)
- resched = 0;
+ status = rx_submit (dev, urb, GFP_KERNEL);
+ if (status) {
+ usb_free_urb(urb);
+ if (status == -ENOLINK)
+ resched = 0;
+ }
usb_autopm_put_interface(dev->intf);
fail_lowmem:
if (resched)
--
2.14.1.690.gbb1197296e-goog
Powered by blists - more mailing lists