lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20231220034448.13249-1-dinghao.liu@zju.edu.cn>
Date: Wed, 20 Dec 2023 11:44:48 +0800
From: Dinghao Liu <dinghao.liu@....edu.cn>
To: dinghao.liu@....edu.cn
Cc: Nilesh Javali <njavali@...vell.com>,
	GR-QLogic-Storage-Upstream@...vell.com,
	"James E.J. Bottomley" <jejb@...ux.ibm.com>,
	"Martin K. Petersen" <martin.petersen@...cle.com>,
	"himanshu.madhani@...ium.com" <himanshu.madhani@...ium.com>,
	linux-scsi@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH] scsi: qla2xxx: fix a double free in qla2x00_probe_one

When qla2x00_mem_alloc() fails, it has cleaned up resources
in its error paths. However, qla2x00_probe_one() calls
qla2x00_mem_free() on failure of qla2x00_mem_alloc() and
tries to free the resources again, which may casue a
double-free.

Fixes: d64d6c5671db ("scsi: qla2xxx: Fix NULL pointer crash due to probe failure")
Signed-off-by: Dinghao Liu <dinghao.liu@....edu.cn>
---
 drivers/scsi/qla2xxx/qla_os.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
index 03348f605c2e..0d8d6c814723 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -3249,7 +3249,7 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id)
 		ql_log_pci(ql_log_fatal, pdev, 0x0031,
 		    "Failed to allocate memory for adapter, aborting.\n");
 
-		goto probe_hw_failed;
+		goto mem_alloc_failed;
 	}
 
 	req->max_q_depth = MAX_Q_DEPTH;
@@ -3660,6 +3660,8 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id)
 
 probe_hw_failed:
 	qla2x00_mem_free(ha);
+
+mem_alloc_failed:
 	qla2x00_free_req_que(ha, req);
 	qla2x00_free_rsp_que(ha, rsp);
 	qla2x00_clear_drv_active(ha);
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ