[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAMi1Hd36LbWSTsnxiLY0CAgW_CaAbTJNRrUQ07Qb4OiSmuC5sw@mail.gmail.com>
Date: Mon, 23 Apr 2018 22:51:35 +0530
From: Amit Pundir <amit.pundir@...aro.org>
To: Mark Greer <mgreer@...malcreek.com>
Cc: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
lkml <linux-kernel@...r.kernel.org>,
linux-wireless@...r.kernel.org,
Samuel Ortiz <sameo@...ux.intel.com>,
Christophe Ricard <christophe.ricard@...il.com>,
Greg KH <gregkh@...uxfoundation.org>,
John Stultz <john.stultz@...aro.org>,
Dmitry Shmidt <dimitrysh@...gle.com>,
Todd Kjos <tkjos@...gle.com>,
Android Kernel Team <kernel-team@...roid.com>,
Suren Baghdasaryan <surenb@...gle.com>
Subject: Re: [RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues
in connectivity events handler
On 20 April 2018 at 22:15, Mark Greer <mgreer@...malcreek.com> wrote:
> On Fri, Apr 20, 2018 at 03:39:46PM +0300, Andy Shevchenko wrote:
>> On Wed, 2018-04-18 at 15:35 +0530, Amit Pundir wrote:
>>
>> > if (skb->data[transaction->aid_len + 2] !=
>> > - NFC_EVT_TRANSACTION_PARAMS_TAG)
>> > + NFC_EVT_TRANSACTION_PARAMS_TAG ||
>> > + skb->len < transaction->aid_len + transaction-
>> > >params_len + 4) {
>>
>> > + devm_kfree(dev, transaction);
>>
>> Oh, no.
>>
>> This is not memory leak per se, this is bad choice of devm_ API where it
>> should use plain kmalloc() / kfree().
>
> Also, there is no check to see if the allocation worked at all.
Ack. I'll add that in v2.
Thanks.
Regards,
Amit Pundir
>
> Mark
> --
Powered by blists - more mailing lists