lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180328083337.GA15316@kroah.com>
Date:   Wed, 28 Mar 2018 10:33:37 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Ji-Hun Kim <ji_hun.kim@...sung.com>
Cc:     forest@...ttletooquiet.net, devel@...verdev.osuosl.org,
        y.k.oh@...sung.com, kernel-janitors@...r.kernel.org,
        linux-kernel@...r.kernel.org, julia.lawall@...6.fr,
        baijiaju1990@...il.com, santhameena13@...il.com
Subject: Re: [PATCH] staging: vt6655: check for memory allocation failures

On Wed, Mar 28, 2018 at 03:31:31PM +0900, Ji-Hun Kim wrote:
> There are no null pointer checking on rd_info and td_info values which
> are allocated by kzalloc. It has potential null pointer dereferencing
> issues. Add return when allocation is failed.
> 
> Signed-off-by: Ji-Hun Kim <ji_hun.kim@...sung.com>
> ---
>  drivers/staging/vt6655/device_main.c | 12 ++++++++----
>  1 file changed, 8 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/staging/vt6655/device_main.c b/drivers/staging/vt6655/device_main.c
> index fbc4bc6..5d0ba94 100644
> --- a/drivers/staging/vt6655/device_main.c
> +++ b/drivers/staging/vt6655/device_main.c
> @@ -539,7 +539,8 @@ static void device_init_rd0_ring(struct vnt_private *priv)
>  	     i ++, curr += sizeof(struct vnt_rx_desc)) {
>  		desc = &priv->aRD0Ring[i];
>  		desc->rd_info = kzalloc(sizeof(*desc->rd_info), GFP_KERNEL);
> -
> +		if (WARN_ON(!desc->rd_info))
> +			return;

Eeek, no, this crashes any machine that runs with "panic on warn".  You
don't crash if you can not allocate any memory, you recover and move on.
You don't even need to print anything out, as the call itself will do
that if this happens.

So this patch isn't ok at all, sorry.

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ