| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 6 Nov 2021 14:05:12 +0300
From: Pavel Skripkin <paskripkin@...il.com>
To: Ajay Garg <ajaygargnsit@...il.com>, linux-serial@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] tty: vt: keyboard: initialize "kbs" so that kfree(kbs)
runs fine even if kbs is not kmalloced.
Hi, Ajay!
On 11/6/21 13:40, Ajay Garg wrote:
>
> v1 patch at :
> https://lore.kernel.org/linux-serial/YYZN30qfaKMskVwE@kroah.com/T/#t
>
>
> Changes in v2 :
>
> * Changes as required by scripts/checkpatch.pl
>
> * Checking whether kbs is not NULL before kfree is not required,
> as kfree(NULL) is safe. So, dropped the check.
>
>
> For brevity, here is the background :
>
>
Please, don't put change log into commit message. It should go under ---
> In "vt_do_kdgkb_ioctl", kbs is kmalloced, if cmd is one of KDGKBSENT or
> KDSKBSENT.
>
> If cmd is none of the above, kbs is not kmalloced, and runs
> direct to kfree(kbs).
>
> Values of local-variables on the stack can take indeterminate values,
> so we initialize kbs to NULL. Then, if kbs is not kmalloced, we have
> kfree(NULL) at the last.
>
> Note that kfree(NULL) is safe.
>
>
These is only one caller of vt_do_kdgkb_ioctl, which simple does:
case KDGKBSENT:
case KDSKBSENT:
return vt_do_kdgkb_ioctl(cmd, up, perm);
It means, that cmd can not be different from KDGKBSENT and KDSKBSENT.
I guess, you found this "issue" via static analysis tool like smatch or
smth similar, but this bug is impossible right now.
>
> Signed-off-by: Ajay Garg <ajaygargnsit@...il.com>
> ---
<--- here
> drivers/tty/vt/keyboard.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c
> index dfef7de8a057..54155fc91cd2 100644
> --- a/drivers/tty/vt/keyboard.c
> +++ b/drivers/tty/vt/keyboard.c
> @@ -2049,7 +2049,7 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm)
> {
> unsigned char kb_func;
> unsigned long flags;
> - char *kbs;
> + char *kbs = NULL;
> int ret;
>
> if (get_user(kb_func, &user_kdgkb->kb_func))
>
With regards,
Pavel Skripkin
Powered by blists - more mailing lists