lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Mar 2022 20:09:37 +0200 From: Andy Shevchenko <andriy.shevchenko@...ux.intel.com> To: Clément Léger <clement.leger@...tlin.com> Cc: Daniel Scally <djrscally@...il.com>, Heikki Krogerus <heikki.krogerus@...ux.intel.com>, Sakari Ailus <sakari.ailus@...ux.intel.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "'Rafael J . Wysocki '" <rafael@...nel.org>, Wolfram Sang <wsa@...nel.org>, Peter Rosin <peda@...ntia.se>, Russell King <linux@...linux.org.uk>, Andrew Lunn <andrew@...n.ch>, Heiner Kallweit <hkallweit1@...il.com>, "David S . Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Hans de Goede <hdegoede@...hat.com>, Thomas Petazzoni <thomas.petazzoni@...tlin.com>, Alexandre Belloni <alexandre.belloni@...tlin.com>, Allan Nielsen <allan.nielsen@...rochip.com>, linux-kernel@...r.kernel.org, linux-acpi@...r.kernel.org, linux-i2c@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH 1/6] property: add fwnode_property_read_string_index() On Fri, Mar 18, 2022 at 05:49:12PM +0100, Clément Léger wrote: > Le Fri, 18 Mar 2022 18:26:00 +0200, > Andy Shevchenko <andriy.shevchenko@...ux.intel.com> a écrit : > > On Fri, Mar 18, 2022 at 05:00:47PM +0100, Clément Léger wrote: > > > Add fwnode_property_read_string_index() function which allows to > > > retrieve a string from an array by its index. This function is the > > > equivalent of of_property_read_string_index() but for fwnode support. ... > > > + values = kcalloc(nval, sizeof(*values), GFP_KERNEL); > > > + if (!values) > > > + return -ENOMEM; > > > + > > > + ret = fwnode_property_read_string_array(fwnode, propname, values, nval); > > > + if (ret < 0) > > > + goto out; > > > + > > > + *string = values[index]; > > > +out: > > > + kfree(values); > > > > Here is UAF (use after free). How is it supposed to work? > > values is an array of pointers. I'm only retrieving a pointer out of > it. I see, thanks for pointing out. Nevertheless, I don't like the idea of allocating memory in this case. Can we rather add a new callback that will provide us the necessary property directly? -- With Best Regards, Andy Shevchenko
Powered by blists - more mailing lists