| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b9e70eae-dad5-4775-8def-596344cf3c8b@gmail.com>
Date: Sun, 10 Dec 2023 02:18:33 +0100
From: Maximilian Luz <luzmaximilian@...il.com>
To: Bartosz Golaszewski <brgl@...ev.pl>,
Andy Gross <agross@...nel.org>,
Bjorn Andersson <andersson@...nel.org>,
Konrad Dybcio <konrad.dybcio@...aro.org>,
Elliot Berman <quic_eberman@...cinc.com>,
Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>,
Guru Das Srinagesh <quic_gurus@...cinc.com>,
Andrew Halaney <ahalaney@...hat.com>,
Alex Elder <elder@...aro.org>,
Srini Kandagatla <srinivas.kandagatla@...aro.org>
Cc: linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, kernel@...cinc.com,
Bartosz Golaszewski <bartosz.golaszewski@...aro.org>,
kernel test robot <lkp@...el.com>,
Dan Carpenter <error27@...il.com>
Subject: Re: [PATCH v6 01/13] firmware: qcom: qseecom: fix memory leaks in
error paths
On 11/27/23 15:15, Bartosz Golaszewski wrote:
> From: Bartosz Golaszewski <bartosz.golaszewski@...aro.org>
>
> Fix instances of returning error codes directly instead of jumping to
> the relevant labels where memory allocated for the SCM calls would be
> freed.
>
> Fixes: 759e7a2b62eb ("firmware: Add support for Qualcomm UEFI Secure Application")
> Reported-by: kernel test robot <lkp@...el.com>
> Reported-by: Dan Carpenter <error27@...il.com>
> Closes: https://lore.kernel.org/r/202311270828.k4HGcjiL-lkp@intel.com/
> Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@...aro.org>
Thanks!
Reviewed-by: Maximilian Luz <luzmaximilian@...il.com>
> ---
> .../firmware/qcom/qcom_qseecom_uefisecapp.c | 20 ++++++++++++-------
> 1 file changed, 13 insertions(+), 7 deletions(-)
>
> diff --git a/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c b/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c
> index a33acdaf7b78..32188f098ef3 100644
> --- a/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c
> +++ b/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c
> @@ -325,8 +325,10 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e
> req_data->length = req_size;
>
> status = ucs2_strscpy(((void *)req_data) + req_data->name_offset, name, name_length);
> - if (status < 0)
> - return EFI_INVALID_PARAMETER;
> + if (status < 0) {
> + efi_status = EFI_INVALID_PARAMETER;
> + goto out_free;
> + }
>
> memcpy(((void *)req_data) + req_data->guid_offset, guid, req_data->guid_size);
>
> @@ -471,8 +473,10 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e
> req_data->length = req_size;
>
> status = ucs2_strscpy(((void *)req_data) + req_data->name_offset, name, name_length);
> - if (status < 0)
> - return EFI_INVALID_PARAMETER;
> + if (status < 0) {
> + efi_status = EFI_INVALID_PARAMETER;
> + goto out_free;
> + }
>
> memcpy(((void *)req_data) + req_data->guid_offset, guid, req_data->guid_size);
>
> @@ -563,8 +567,10 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi,
> memcpy(((void *)req_data) + req_data->guid_offset, guid, req_data->guid_size);
> status = ucs2_strscpy(((void *)req_data) + req_data->name_offset, name,
> *name_size / sizeof(*name));
> - if (status < 0)
> - return EFI_INVALID_PARAMETER;
> + if (status < 0) {
> + efi_status = EFI_INVALID_PARAMETER;
> + goto out_free;
> + }
>
> status = qcom_qseecom_app_send(qcuefi->client, req_data, req_size, rsp_data, rsp_size);
> if (status) {
> @@ -635,7 +641,7 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi,
> * have already been validated above, causing this function to
> * bail with EFI_BUFFER_TOO_SMALL.
> */
> - return EFI_DEVICE_ERROR;
> + efi_status = EFI_DEVICE_ERROR;
> }
>
> out_free:
Powered by blists - more mailing lists