| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 May 2019 17:18:59 +0200 From: Tomas Bortoli <tomasbortoli@...il.com> To: Steven Rostedt <rostedt@...dmis.org> Cc: mingo@...hat.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH] trace: Avoid memory leak in predicate_parse() On 5/28/19 4:44 PM, Steven Rostedt wrote: > On Tue, 28 May 2019 15:46:59 +0200 > Tomas Bortoli <tomasbortoli@...il.com> wrote: > >> In case of errors, predicate_parse() goes to the out_free label >> to free memory and to return an error code. >> >> However, predicate_parse() does not free the predicates of the >> temporary prog_stack array, thence leaking them. >> >> >> Signed-off-by: Tomas Bortoli <tomasbortoli@...il.com> >> Reported-by: syzbot+6b8e0fb820e570c59e19@...kaller.appspotmail.com >> --- >> kernel/trace/trace_events_filter.c | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c >> index d3e59312ef40..98eafad750d3 100644 >> --- a/kernel/trace/trace_events_filter.c >> +++ b/kernel/trace/trace_events_filter.c >> @@ -433,6 +433,8 @@ predicate_parse(const char *str, int nr_parens, int nr_preds, >> parse_error(pe, -ENOMEM, 0); >> goto out_free; >> } >> + memset(prog_stack, 0, nr_preds * sizeof(*prog_stack)); >> + > > Can you instead just switch the allocation of prog_stack to use > kcalloc()? kmalloc_array() is safe against arithmetic overflow of the arguments. Using kcalloc() directly we wouldn't check for that. Not really ideal in my opinion. And there's no kcalloc_array() apparently! Cheers, Tomas
Powered by blists - more mailing lists