lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20180412162351.GA6043@embeddedor.com>
Date:   Thu, 12 Apr 2018 11:23:51 -0500
From:   "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Dan Carpenter <dan.carpenter@...cle.com>
Cc:     devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org,
        "Gustavo A. R. Silva" <gustavo@...eddedor.com>
Subject: [PATCH v3] staging: ks7010_sdio: fix NULL pointer dereference and
 memory leak

priv is being explicitly dereferenced when it is still null, when
jumping to goto label err_free_netdev, before it is properly
updated with a valid memory address.

Also, when this happens, memory allocated for netdev at line 854:
netdev = alloc_etherdev(sizeof(*priv)) is not being free'd before
return, hence there is a memory leak.

The current code looks a bit too complicated and can be replaced
by just directly freeing netdev before return.

Notice that card->priv = NULL isn't required because the next thing
we do to card is kfree(card).

Addresses-Coverity-ID: 1467844 ("Explicit null dereferenced")
Suggested-by: Dan Carpenter <dan.carpenter@...cle.com>
Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
---
Changes in v3:
 - Update subject and improve changelog.
 - Add Suggested-by: Dan Carpenter <dan.carpenter@...cle.com>

Changes in v2:
 - Update subject and commit changelog.
 - Just directly free netdev. Thanks to Dan Carpenter for the feedback.

 drivers/staging/ks7010/ks7010_sdio.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/staging/ks7010/ks7010_sdio.c b/drivers/staging/ks7010/ks7010_sdio.c
index b8f55a1..2c9b92c 100644
--- a/drivers/staging/ks7010/ks7010_sdio.c
+++ b/drivers/staging/ks7010/ks7010_sdio.c
@@ -932,8 +932,7 @@ static int ks7010_sdio_probe(struct sdio_func *func,
 	return 0;
 
  err_free_netdev:
-	free_netdev(priv->net_dev);
-	card->priv = NULL;
+	free_netdev(netdev);
  err_release_irq:
 	sdio_claim_host(func);
 	sdio_release_irq(func);
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ