| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_72848F2829FCD381DC30F3E7DA737050880A@qq.com>
Date: Fri, 4 Mar 2022 23:55:35 +0800
From: "Xiaoke Wang" <xkernel.wang@...mail.com>
To: "Greg KH" <gregkh@...uxfoundation.org>
Cc: "linux" <linux@...inikbrodowski.net>,
"akpm" <akpm@...ux-foundation.org>,
"pombredanne" <pombredanne@...b.com>,
"arnd" <arnd@...db.de>,
"luc.vanoostenryck"
<luc.vanoostenryck@...il.com>,
"linux-kernel" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] init/initramfs.c: check the return value of kstrdup()
On Fri, 04 Mar 2022 22:14:21 +0800, Greg KH <gregkh@...uxfoundation.org> wrote:
>> struct dir_entry *de = kmalloc(sizeof(struct dir_entry), GFP_KERNEL);
>> if (!de)
>> panic_show_mem("can't allocate dir_entry buffer");
>> - INIT_LIST_HEAD(&de->list);
>> de->name = kstrdup(name, GFP_KERNEL);
>> + if (!de->name) {
>
> How can this fail? Have you ever hit this in real life?
>
>> +kfree(de);
>> +panic_show_mem("can't duplicate dir name");
>
> Why are you freeing memory if you are panicing?
>
> How was this tested?
Thank you for taking the time.
I found this with a static tool, without dynamic testing.
kstrdup() allocates memory for copying the string and I noticed all the
other allocation functions in this file have the check for their return
value such as `de` on the above code. So I suppose this is also needed
to be checked and I intuitively add kfree() on the error path.
I'm sorry to bother you if this is actually unnecessary.
Regards,
Xiaoke Wang
Powered by blists - more mailing lists