| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190927230421.20837-1-navid.emamdoost@gmail.com>
Date: Fri, 27 Sep 2019 18:04:20 -0500
From: Navid Emamdoost <navid.emamdoost@...il.com>
To: unlisted-recipients:; (no To-header on input)
Cc: emamd001@....edu, kjlu@....edu, smccaman@....edu,
Navid Emamdoost <navid.emamdoost@...il.com>,
Hans de Goede <hdegoede@...hat.com>,
Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org
Subject: [PATCH] virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr
In hgcm_call_preprocess_linaddr memory is allocated for bounce_buf but
is not released if copy_form_user fails. The release is added.
Fixes: 579db9d45cb4 ("virt: Add vboxguest VMMDEV communication code")
Signed-off-by: Navid Emamdoost <navid.emamdoost@...il.com>
---
drivers/virt/vboxguest/vboxguest_utils.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/virt/vboxguest/vboxguest_utils.c b/drivers/virt/vboxguest/vboxguest_utils.c
index 75fd140b02ff..7965885a50fa 100644
--- a/drivers/virt/vboxguest/vboxguest_utils.c
+++ b/drivers/virt/vboxguest/vboxguest_utils.c
@@ -222,8 +222,10 @@ static int hgcm_call_preprocess_linaddr(
if (copy_in) {
ret = copy_from_user(bounce_buf, (void __user *)buf, len);
- if (ret)
+ if (ret) {
+ kvfree(bounce_buf);
return -EFAULT;
+ }
} else {
memset(bounce_buf, 0, len);
}
--
2.17.1
Powered by blists - more mailing lists