lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1568884695-56789-1-git-send-email-nixiaoming@huawei.com>
Date:   Thu, 19 Sep 2019 17:18:15 +0800
From:   Xiaoming Ni <nixiaoming@...wei.com>
To:     <penberg@...helsinki.fi>, <gregkh@...uxfoundation.org>,
        <jslaby@...e.com>
CC:     <nico@...xnic.net>, <textshell@...uujin.de>, <sam@...nborg.org>,
        <daniel.vetter@...ll.ch>, <mpatocka@...hat.com>,
        <ghalat@...hat.com>, <linux-kernel@...r.kernel.org>,
        <yangyingliang@...wei.com>, <yuehaibing@...wei.com>,
        <zengweilin@...wei.com>
Subject: [PATCH] tty:vt: Add check the return value of kzalloc to avoid oops

Using kzalloc() to allocate memory in function con_init(), but not
checking the return value, there is a risk of null pointer references
oops.

Signed-off-by: Xiaoming Ni <nixiaoming@...wei.com>
---
 drivers/tty/vt/vt.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index 34aa39d..db83e52 100644
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -3357,15 +3357,33 @@ static int __init con_init(void)
 
 	for (currcons = 0; currcons < MIN_NR_CONSOLES; currcons++) {
 		vc_cons[currcons].d = vc = kzalloc(sizeof(struct vc_data), GFP_NOWAIT);
+		if (unlikely(!vc)) {
+			pr_warn("%s:failed to allocate memory for the %u vc\n",
+					__func__, currcons);
+			break;
+		}
 		INIT_WORK(&vc_cons[currcons].SAK_work, vc_SAK);
 		tty_port_init(&vc->port);
 		visual_init(vc, currcons, 1);
 		vc->vc_screenbuf = kzalloc(vc->vc_screenbuf_size, GFP_NOWAIT);
+		if (unlikely(!vc->vc_screenbuf)) {
+			pr_warn("%s:failed to allocate memory for the %u vc_screenbuf\n",
+					__func__, currcons);
+			visual_deinit(vc);
+			tty_port_destroy(&vc->port);
+			kfree(vc);
+			vc_cons[currcons].d = NULL;
+			break;
+		}
 		vc_init(vc, vc->vc_rows, vc->vc_cols,
 			currcons || !vc->vc_sw->con_save_screen);
 	}
 	currcons = fg_console = 0;
 	master_display_fg = vc = vc_cons[currcons].d;
+	if (unlikely(!vc)) {
+		console_unlock();
+		return 0;
+	}
 	set_origin(vc);
 	save_screen(vc);
 	gotoxy(vc, vc->vc_x, vc->vc_y);
-- 
1.8.5.6

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ