lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20230823154723.75483-1-jerry.liu@technexion.com>
Date:   Wed, 23 Aug 2023 08:47:23 -0700
From:   Jerry Liu <jerry.liu@...hnexion.com>
To:     laurent.pinchart@...asonboard.com, mchehab@...nel.org
Cc:     linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
        Jerry Liu <jerry.liu@...hnexion.com>
Subject: [RFC PATCH] media: uvcvideo: Modified uvc_ctrl_fill_xu_info 'kmalloc' to 'kzalloc'

If the length of UVC XU Control is 1 (even though this is illegal), due
to the non-zero value of data, UVC_GET_LEN could potentially result in a
length that is not 1. In order to ensure that 2-byte data array is set
to 0, 'kmalloc' is modified to 'kzalloc'.

Signed-off-by: Jerry Liu <jerry.liu@...hnexion.com>
---
 drivers/media/usb/uvc/uvc_ctrl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c
index 5e9d3da862dd..054bc14f7a58 100644
--- a/drivers/media/usb/uvc/uvc_ctrl.c
+++ b/drivers/media/usb/uvc/uvc_ctrl.c
@@ -2088,7 +2088,7 @@ static int uvc_ctrl_fill_xu_info(struct uvc_device *dev,
 	u8 *data;
 	int ret;
 
-	data = kmalloc(2, GFP_KERNEL);
+	data = kzalloc(2, GFP_KERNEL);
 	if (data == NULL)
 		return -ENOMEM;
 
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ