lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1a9137e1-bcc3-787f-267c-8b76dea41fbb@gmail.com>
Date:   Tue, 28 May 2019 17:18:59 +0200
From:   Tomas Bortoli <tomasbortoli@...il.com>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     mingo@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] trace: Avoid memory leak in predicate_parse()

On 5/28/19 4:44 PM, Steven Rostedt wrote:
> On Tue, 28 May 2019 15:46:59 +0200
> Tomas Bortoli <tomasbortoli@...il.com> wrote:
> 
>> In case of errors, predicate_parse() goes to the out_free label
>> to free memory and to return an error code.
>>
>> However, predicate_parse() does not free the predicates of the
>> temporary prog_stack array, thence leaking them.
>>
>>
>> Signed-off-by: Tomas Bortoli <tomasbortoli@...il.com>
>> Reported-by: syzbot+6b8e0fb820e570c59e19@...kaller.appspotmail.com
>> ---
>>  kernel/trace/trace_events_filter.c | 4 ++++
>>  1 file changed, 4 insertions(+)
>>
>> diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
>> index d3e59312ef40..98eafad750d3 100644
>> --- a/kernel/trace/trace_events_filter.c
>> +++ b/kernel/trace/trace_events_filter.c
>> @@ -433,6 +433,8 @@ predicate_parse(const char *str, int nr_parens, int nr_preds,
>>  		parse_error(pe, -ENOMEM, 0);
>>  		goto out_free;
>>  	}
>> +	memset(prog_stack, 0, nr_preds * sizeof(*prog_stack));
>> +
> 
> Can you instead just switch the allocation of prog_stack to use
> kcalloc()?

kmalloc_array() is safe against arithmetic overflow of the arguments.
Using kcalloc() directly we wouldn't check for that. Not really ideal in
my opinion. And there's no kcalloc_array() apparently!

Cheers,
Tomas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ