| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Sep 2023 22:54:50 +0200
From: Christophe JAILLET <christophe.jaillet@...adoo.fr>
To: quic_jjohnson@...cinc.com
Cc: christophe.jaillet@...adoo.fr, kernel-janitors@...r.kernel.org,
kvalo@...nel.org, linux-kernel@...r.kernel.org,
linux-wireless@...r.kernel.org, quic_kvalo@...cinc.com
Subject: Re: [PATCH wireless 1/2] ath: dfs_pattern_detector: Fix a memory
initialization issue
Le 25/09/2023 à 20:46, Jeff Johnson a écrit :
> On 9/23/2023 11:57 PM, Christophe JAILLET wrote:
>> If an error occurs and channel_detector_exit() is called, it relies on
>> entries of the 'detectors' array to be NULL.
>> Otherwise, it may access to un-initialized memory.
>>
>> Fix it and initialize the memory, as what was done before the commit in
>> Fixes.
>>
>> Fixes: a063b650ce5d ("ath: dfs_pattern_detector: Avoid open coded
>> arithmetic in memory allocation")
>> Signed-off-by: Christophe JAILLET
>> <christophe.jaillet-39ZsbGIQGT5GWvitb5QawA@...lic.gmane.org>
>> ---
>> Patch #1/2 is a fix, for for wireless.
>> Patch #2/2 is for wireless-next I guess, but depnds on #1
>>
>> Not sure if we can mix different target in the same serie. Let me know.
>>
>> BTW, sorry for messing up things with a063b650ce5d :(
>> ---
>> drivers/net/wireless/ath/dfs_pattern_detector.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/net/wireless/ath/dfs_pattern_detector.c
>> b/drivers/net/wireless/ath/dfs_pattern_detector.c
>> index 27f4d74a41c8..2788a1b06c17 100644
>> --- a/drivers/net/wireless/ath/dfs_pattern_detector.c
>> +++ b/drivers/net/wireless/ath/dfs_pattern_detector.c
>> @@ -206,7 +206,7 @@ channel_detector_create(struct
>> dfs_pattern_detector *dpd, u16 freq)
>> INIT_LIST_HEAD(&cd->head);
>> cd->freq = freq;
>> - cd->detectors = kmalloc_array(dpd->num_radar_types,
>> + cd->detectors = kcalloc(dpd->num_radar_types,
>> sizeof(*cd->detectors), GFP_ATOMIC);
>
> nit: align descendant on (
Agreed, but as the code is removed in patch 2/2, I thought that having a
smaller diff was a better option.
Let me know if I should resend the serie.
CJ
>
>> if (cd->detectors == NULL)
>> goto fail;
>
>
Powered by blists - more mailing lists