lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20211106104053.98761-1-ajaygargnsit@gmail.com>
Date:   Sat,  6 Nov 2021 16:10:53 +0530
From:   Ajay Garg <ajaygargnsit@...il.com>
To:     linux-serial@...r.kernel.org, linux-kernel@...r.kernel.org
Cc:     Ajay Garg <ajaygargnsit@...il.com>
Subject: [PATCH v2] tty: vt: keyboard: initialize "kbs" so that kfree(kbs) runs fine even if kbs is not kmalloced.


v1 patch at :
https://lore.kernel.org/linux-serial/YYZN30qfaKMskVwE@kroah.com/T/#t


Changes in v2 :

        * Changes as required by scripts/checkpatch.pl

        * Checking whether kbs is not NULL before kfree is not required,
          as kfree(NULL) is safe. So, dropped the check.


For brevity, here is the background :


In "vt_do_kdgkb_ioctl", kbs is kmalloced, if cmd is one of KDGKBSENT or 
KDSKBSENT. 

If cmd is none of the above, kbs is not kmalloced, and runs
direct to kfree(kbs).

Values of local-variables on the stack can take indeterminate values,
so we initialize kbs to NULL. Then, if kbs is not kmalloced, we have 
kfree(NULL) at the last.

Note that kfree(NULL) is safe.



Signed-off-by: Ajay Garg <ajaygargnsit@...il.com>
---
 drivers/tty/vt/keyboard.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c
index dfef7de8a057..54155fc91cd2 100644
--- a/drivers/tty/vt/keyboard.c
+++ b/drivers/tty/vt/keyboard.c
@@ -2049,7 +2049,7 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm)
 {
 	unsigned char kb_func;
 	unsigned long flags;
-	char *kbs;
+	char *kbs = NULL;
 	int ret;
 
 	if (get_user(kb_func, &user_kdgkb->kb_func))
-- 
2.30.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ