| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 28 Apr 2019 01:42:32 -0500
From: Wenwen Wang <wang6495@....edu>
To: Wenwen Wang <wang6495@....edu>
Cc: Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.com>,
Kees Cook <keescook@...omium.org>,
alsa-devel@...a-project.org (moderated list:SOUND),
linux-kernel@...r.kernel.org (open list)
Subject: [PATCH] ALSA: usx2y: fix a memory leak bug
In usX2Y_In04_init(), a new urb is firstly created through usb_alloc_urb()
and saved to 'usX2Y->In04urb'. Then, a buffer is allocated through
kmalloc() and saved to 'usX2Y->In04Buf'. After the urb is initialized, a
sanity check is performed for the endpoint in the urb by invoking
usb_urb_ep_type_check(). If the check fails, the error code EINVAL will be
returned. In that case, however, the created urb and the allocated buffer
are not freed, leading to memory leaks.
To fix the above issue, free the urb and the buffer if the check fails.
Signed-off-by: Wenwen Wang <wang6495@....edu>
---
sound/usb/usx2y/usbusx2y.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/sound/usb/usx2y/usbusx2y.c b/sound/usb/usx2y/usbusx2y.c
index da4a5a5..0817018 100644
--- a/sound/usb/usx2y/usbusx2y.c
+++ b/sound/usb/usx2y/usbusx2y.c
@@ -303,8 +303,11 @@ int usX2Y_In04_init(struct usX2Ydev *usX2Y)
usX2Y->In04Buf, 21,
i_usX2Y_In04Int, usX2Y,
10);
- if (usb_urb_ep_type_check(usX2Y->In04urb))
+ if (usb_urb_ep_type_check(usX2Y->In04urb)) {
+ kfree(usX2Y->In04Buf);
+ usb_put_urb(usX2Y->In04urb);
return -EINVAL;
+ }
return usb_submit_urb(usX2Y->In04urb, GFP_KERNEL);
}
--
2.7.4
Powered by blists - more mailing lists