lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 29 Mar 2022 17:57:03 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     xkernel.wang@...mail.com
Cc:     Larry.Finger@...inger.net, phil@...lpotter.co.uk,
        linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: r8188eu: check the return value of kzalloc()

On Fri, Mar 25, 2022 at 02:53:30PM +0800, xkernel.wang@...mail.com wrote:
> From: Xiaoke Wang <xkernel.wang@...mail.com>
> 
> kzalloc() is a memory allocation function which can return NULL when
> some internal memory errors happen. So it is better to check the return
> of it to prevent potential wrong memory access.
> 
> Signed-off-by: Xiaoke Wang <xkernel.wang@...mail.com>
> ---
>  drivers/staging/r8188eu/core/rtw_p2p.c  | 2 ++
>  drivers/staging/r8188eu/core/rtw_xmit.c | 6 ++++++
>  2 files changed, 8 insertions(+)
> 
> diff --git a/drivers/staging/r8188eu/core/rtw_p2p.c b/drivers/staging/r8188eu/core/rtw_p2p.c
> index e2b6cf2..503c4a5 100644
> --- a/drivers/staging/r8188eu/core/rtw_p2p.c
> +++ b/drivers/staging/r8188eu/core/rtw_p2p.c
> @@ -35,6 +35,8 @@ static u32 go_add_group_info_attr(struct wifidirect_info *pwdinfo, u8 *pbuf)
>  	DBG_88E("%s\n", __func__);
>  
>  	pdata_attr = kzalloc(MAX_P2P_IE_LEN, GFP_KERNEL);
> +	if (!pdata_attr)
> +		return 0;

0 is not an error.  Please propagate this error backwards properly.

>  
>  	pstart = pdata_attr;
>  	pcur = pdata_attr;
> diff --git a/drivers/staging/r8188eu/core/rtw_xmit.c b/drivers/staging/r8188eu/core/rtw_xmit.c
> index 46fe62c..1696272 100644
> --- a/drivers/staging/r8188eu/core/rtw_xmit.c
> +++ b/drivers/staging/r8188eu/core/rtw_xmit.c
> @@ -180,6 +180,10 @@ s32	_rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct adapter *padapter)
>  	pxmitpriv->free_xmit_extbuf_cnt = num_xmit_extbuf;
>  
>  	rtw_alloc_hwxmits(padapter);
> +	if (!pxmitpriv->hwxmits) {
> +		res = _FAIL;
> +		goto exit;
> +	}

You just leaked memory resources :(

How did you test this?


>  	rtw_init_hwxmits(pxmitpriv->hwxmits, pxmitpriv->hwxmit_entry);
>  
>  	for (i = 0; i < 4; i++)
> @@ -1524,6 +1528,8 @@ void rtw_alloc_hwxmits(struct adapter *padapter)
>  	pxmitpriv->hwxmit_entry = HWXMIT_ENTRY;
>  
>  	pxmitpriv->hwxmits = kzalloc(sizeof(struct hw_xmit) * pxmitpriv->hwxmit_entry, GFP_KERNEL);
> +	if (!pxmitpriv->hwxmits)
> +		return;

You have to return an error, you can not keep going as if all is well.

Please always be VERY careful with these types of fixes.  Especially if
you have not tested them.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ