| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMi1Hd1Hxgo=_1CMDJ8_mnzfcEm97=aiYoxgf42rK_oXp17arQ@mail.gmail.com>
Date: Mon, 23 Apr 2018 22:50:19 +0530
From: Amit Pundir <amit.pundir@...aro.org>
To: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Cc: lkml <linux-kernel@...r.kernel.org>,
linux-wireless@...r.kernel.org,
Samuel Ortiz <sameo@...ux.intel.com>,
Christophe Ricard <christophe.ricard@...il.com>,
Greg KH <gregkh@...uxfoundation.org>,
John Stultz <john.stultz@...aro.org>,
Dmitry Shmidt <dimitrysh@...gle.com>,
Todd Kjos <tkjos@...gle.com>,
Android Kernel Team <kernel-team@...roid.com>,
Suren Baghdasaryan <surenb@...gle.com>
Subject: Re: [RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues
in connectivity events handler
On 20 April 2018 at 18:09, Andy Shevchenko
<andriy.shevchenko@...ux.intel.com> wrote:
> On Wed, 2018-04-18 at 15:35 +0530, Amit Pundir wrote:
>
>> if (skb->data[transaction->aid_len + 2] !=
>> - NFC_EVT_TRANSACTION_PARAMS_TAG)
>> + NFC_EVT_TRANSACTION_PARAMS_TAG ||
>> + skb->len < transaction->aid_len + transaction-
>> >params_len + 4) {
>
>> + devm_kfree(dev, transaction);
>
> Oh, no.
>
> This is not memory leak per se, this is bad choice of devm_ API where it
> should use plain kmalloc() / kfree().
>
Hi, If I switch to kmalloc()/kfree() with allocation and may be
pre-usage checks along the way up to nfc_genl_se_transaction() would
that suffice? I believe, I still be needing the additional aid_len and
params_len checks regardless, right?
Regards,
Amit Pundir
>> return -EPROTO;
>> + }
>
> --
> Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
> Intel Finland Oy
Powered by blists - more mailing lists