| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190528134659.4041-1-tomasbortoli@gmail.com>
Date: Tue, 28 May 2019 15:46:59 +0200
From: Tomas Bortoli <tomasbortoli@...il.com>
To: rostedt@...dmis.org, mingo@...hat.com
Cc: linux-kernel@...r.kernel.org,
Tomas Bortoli <tomasbortoli@...il.com>
Subject: [PATCH] trace: Avoid memory leak in predicate_parse()
In case of errors, predicate_parse() goes to the out_free label
to free memory and to return an error code.
However, predicate_parse() does not free the predicates of the
temporary prog_stack array, thence leaking them.
Signed-off-by: Tomas Bortoli <tomasbortoli@...il.com>
Reported-by: syzbot+6b8e0fb820e570c59e19@...kaller.appspotmail.com
---
kernel/trace/trace_events_filter.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
index d3e59312ef40..98eafad750d3 100644
--- a/kernel/trace/trace_events_filter.c
+++ b/kernel/trace/trace_events_filter.c
@@ -433,6 +433,8 @@ predicate_parse(const char *str, int nr_parens, int nr_preds,
parse_error(pe, -ENOMEM, 0);
goto out_free;
}
+ memset(prog_stack, 0, nr_preds * sizeof(*prog_stack));
+
inverts = kmalloc_array(nr_preds, sizeof(*inverts), GFP_KERNEL);
if (!inverts) {
parse_error(pe, -ENOMEM, 0);
@@ -579,6 +581,8 @@ predicate_parse(const char *str, int nr_parens, int nr_preds,
out_free:
kfree(op_stack);
kfree(inverts);
+ for (i = 0; prog_stack[i].pred; i++)
+ kfree(prog_stack[i].pred);
kfree(prog_stack);
return ERR_PTR(ret);
}
--
2.11.0
Powered by blists - more mailing lists