| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190528154338.29976-1-tomasbortoli@gmail.com>
Date: Tue, 28 May 2019 17:43:38 +0200
From: Tomas Bortoli <tomasbortoli@...il.com>
To: rostedt@...dmis.org
Cc: linux-kernel@...r.kernel.org, mingo@...hat.com,
Tomas Bortoli <tomasbortoli@...il.com>
Subject: [PATCH] trace: Avoid memory leak in predicate_parse()
In case of errors, predicate_parse() goes to the out_free label
to free memory and to return an error code.
However, predicate_parse() does not free the predicates of the
temporary prog_stack array, thence leaking them.
Signed-off-by: Tomas Bortoli <tomasbortoli@...il.com>
Reported-by: syzbot+6b8e0fb820e570c59e19@...kaller.appspotmail.com
---
kernel/trace/trace_events_filter.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
index 05a66493a164..ecfa6f0f1c7e 100644
--- a/kernel/trace/trace_events_filter.c
+++ b/kernel/trace/trace_events_filter.c
@@ -427,7 +427,7 @@ predicate_parse(const char *str, int nr_parens, int nr_preds,
op_stack = kmalloc_array(nr_parens, sizeof(*op_stack), GFP_KERNEL);
if (!op_stack)
return ERR_PTR(-ENOMEM);
- prog_stack = kmalloc_array(nr_preds, sizeof(*prog_stack), GFP_KERNEL);
+ prog_stack = kcalloc(nr_preds, sizeof(*prog_stack), GFP_KERNEL);
if (!prog_stack) {
parse_error(pe, -ENOMEM, 0);
goto out_free;
@@ -578,6 +578,8 @@ predicate_parse(const char *str, int nr_parens, int nr_preds,
out_free:
kfree(op_stack);
kfree(inverts);
+ for (i = 0; prog_stack[i].pred; i++)
+ kfree(prog_stack[i].pred);
kfree(prog_stack);
return ERR_PTR(ret);
}
--
2.11.0
Powered by blists - more mailing lists