lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 16 Feb 2022 12:56:14 +0100
From:   Jérôme Pouiller <jerome.pouiller@...abs.com>
To:     gregkh@...uxfoundation.org, linux-staging@...ts.linux.dev,
        Xiaoke Wang <xkernel.wang@...mail.com>
Cc:     linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: wfx: check the return value of devm_kmalloc()

On Wednesday 16 February 2022 12:29:50 CET xkernel.wang@...mail.com wrote:
> From: Xiaoke Wang <xkernel.wang@...mail.com>
> 
> devm_kmalloc() returns a pointer to allocated memory on success, NULL
> on failure. While there is a memory allocation of devm_kmalloc()
> without proper check. It is better to check the return value of it to
> prevent wrong memory access.
> 
> Signed-off-by: Xiaoke Wang <xkernel.wang@...mail.com>
> ---
>  drivers/staging/wfx/main.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/staging/wfx/main.c b/drivers/staging/wfx/main.c
> index 4b9fdf9..0ef9225 100644
> --- a/drivers/staging/wfx/main.c
> +++ b/drivers/staging/wfx/main.c
> @@ -294,6 +294,8 @@ struct wfx_dev *wfx_init_common(struct device *dev,
>         hw->wiphy->n_iface_combinations = ARRAY_SIZE(wfx_iface_combinations);
>         hw->wiphy->iface_combinations = wfx_iface_combinations;
>         hw->wiphy->bands[NL80211_BAND_2GHZ] = devm_kmalloc(dev, sizeof(wfx_band_2ghz), GFP_KERNEL);
> +       if (!hw->wiphy->bands[NL80211_BAND_2GHZ])
> +               return NULL;
>         // FIXME: also copy wfx_rates and wfx_2ghz_chantable
>         memcpy(hw->wiphy->bands[NL80211_BAND_2GHZ], &wfx_band_2ghz,
>                sizeof(wfx_band_2ghz));
> --
> 

Good catch! However, I think you should call ieee80211_free_hw(hw)
before to return.

While reviewing your code, I have noticed that all the error handlers
of this function return without calling ieee80211_free_hw(hw).

-- 
Jérôme Pouiller

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ