lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b3be8653-ea3f-bc3a-c38e-e3ec290695ea@wanadoo.fr>
Date:   Mon, 25 Sep 2023 22:54:50 +0200
From:   Christophe JAILLET <christophe.jaillet@...adoo.fr>
To:     quic_jjohnson@...cinc.com
Cc:     christophe.jaillet@...adoo.fr, kernel-janitors@...r.kernel.org,
        kvalo@...nel.org, linux-kernel@...r.kernel.org,
        linux-wireless@...r.kernel.org, quic_kvalo@...cinc.com
Subject: Re: [PATCH wireless 1/2] ath: dfs_pattern_detector: Fix a memory
 initialization issue

Le 25/09/2023 à 20:46, Jeff Johnson a écrit :
> On 9/23/2023 11:57 PM, Christophe JAILLET wrote:
>> If an error occurs and channel_detector_exit() is called, it relies on
>> entries of the 'detectors' array to be NULL.
>> Otherwise, it may access to un-initialized memory.
>>
>> Fix it and initialize the memory, as what was done before the commit in
>> Fixes.
>>
>> Fixes: a063b650ce5d ("ath: dfs_pattern_detector: Avoid open coded 
>> arithmetic in memory allocation")
>> Signed-off-by: Christophe JAILLET 
>> <christophe.jaillet-39ZsbGIQGT5GWvitb5QawA@...lic.gmane.org>
>> ---
>> Patch #1/2 is a fix, for for wireless.
>> Patch #2/2 is for wireless-next I guess, but depnds on #1
>>
>> Not sure if we can mix different target in the same serie. Let me know.
>>
>> BTW, sorry for messing up things with a063b650ce5d :(
>> ---
>>   drivers/net/wireless/ath/dfs_pattern_detector.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/net/wireless/ath/dfs_pattern_detector.c 
>> b/drivers/net/wireless/ath/dfs_pattern_detector.c
>> index 27f4d74a41c8..2788a1b06c17 100644
>> --- a/drivers/net/wireless/ath/dfs_pattern_detector.c
>> +++ b/drivers/net/wireless/ath/dfs_pattern_detector.c
>> @@ -206,7 +206,7 @@ channel_detector_create(struct 
>> dfs_pattern_detector *dpd, u16 freq)
>>       INIT_LIST_HEAD(&cd->head);
>>       cd->freq = freq;
>> -    cd->detectors = kmalloc_array(dpd->num_radar_types,
>> +    cd->detectors = kcalloc(dpd->num_radar_types,
>>                         sizeof(*cd->detectors), GFP_ATOMIC);
> 
> nit: align descendant on (

Agreed, but as the code is removed in patch 2/2, I thought that having a 
smaller diff was a better option.

Let me know if I should resend the serie.

CJ

> 
>>       if (cd->detectors == NULL)
>>           goto fail;
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ