lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20191216144306.GF22665@localhost>
Date:   Mon, 16 Dec 2019 15:43:06 +0100
From:   Johan Hovold <johan@...nel.org>
To:     Navid Emamdoost <navid.emamdoost@...il.com>
Cc:     Johan Hovold <johan@...nel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Sandhya Bankar <bankarsandhya512@...il.com>,
        Hildo Guillardi JĂșnior <hildogjr@...il.com>,
        Hariprasad Kelam <hariprasad.kelam@...il.com>,
        devel@...verdev.osuosl.org, LKML <linux-kernel@...r.kernel.org>,
        Navid Emamdoost <emamd001@....edu>
Subject: Re: [PATCH] staging: rtl8192e: rtllib_module: Fix memory leak in
 alloc_rtllib

On Sun, Dec 15, 2019 at 08:42:47PM -0600, Navid Emamdoost wrote:
> Hi Johan,
> 
> On Sun, Dec 15, 2019 at 7:23 AM Johan Hovold <johan@...nel.org> wrote:
> >
> > On Sat, Dec 14, 2019 at 05:05:58PM -0600, Navid Emamdoost wrote:
> > > In the implementation of alloc_rtllib() the allocated dev is leaked in
> > > case of ieee->pHTInfo allocation failure. Release via free_netdev(dev).
> > >
> > > Fixes: 6869a11bff1d ("Staging: rtl8192e: Use !x instead of x == NULL")
> >
> > This is not the commit that introduced this issue.
> Oops! That should be  94a799425eee8
> 
> >
> > > Signed-off-by: Navid Emamdoost <navid.emamdoost@...il.com>
> > > ---
> > >  drivers/staging/rtl8192e/rtllib_module.c | 2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/staging/rtl8192e/rtllib_module.c b/drivers/staging/rtl8192e/rtllib_module.c
> > > index 64d9feee1f39..18d898714c5c 100644
> > > --- a/drivers/staging/rtl8192e/rtllib_module.c
> > > +++ b/drivers/staging/rtl8192e/rtllib_module.c
> > > @@ -125,7 +125,7 @@ struct net_device *alloc_rtllib(int sizeof_priv)
> > >
> > >       ieee->pHTInfo = kzalloc(sizeof(struct rt_hi_throughput), GFP_KERNEL);
> > >       if (!ieee->pHTInfo)
> > > -             return NULL;
> > > +             goto failed;
> >
> > And you're still leaking ieee->networks and possibly a bunch of other
> > allocations here. You need to call at least rtllib_networks_free() in
> > the error path.
> I'm not familiar with this code, but based on your hint I believe
> there should be something like free_rtllib() here, right?

Right.

> More specifically, rtllib_softmac_free() and
> lib80211_crypt_info_free() are needed along with
> rtllib_networks_free(). If you confirm that it works I can go ahead to
> prepare patch v2 with these releases.

I can't confirm anything, that's your job. ;)

You need to trace the calls and allocations made in in alloc_rtllib()
and make sure everything is released on errors. For a well-designed
subsystem and driver this should end up looking a lot like the release
function (free_rtllib()), but that's unfortunately not always the case.

Judging from a quick look at least rtllib_softmac_free() is also needed
besides rtllib_networks_free(). And you probably want
lib80211_crypt_info_free() as well for consistency even if the
corresponding init functions doesn't seem to do any allocations
currently.

Johan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ