| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 25 Feb 2024 21:12:29 +0800 (GMT+08:00)
From: duoming@....edu.cn
To: "Russell King (Oracle)" <linux@...linux.org.uk>
Cc: linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
andrew@...n.ch, gregory.clement@...tlin.com,
sebastian.hesselbarth@...il.com
Subject: Re: [PATCH] ARM: mvebu: Prevent null pointer dereference caused by
kzalloc failure
On Sun, 25 Feb 2024 11:29:53 +0000 Russell King (Oracle) wrote:
> > The kzalloc() in i2c_quirk() will return null if the physical
> > memory has run out. As a result, if we dereference the new_compat
> > pointer, the null pointer dereference bug will happen.
> >
> > This patch adds a check to avoid null pointer dereference.
>
> Yet again another janitorial patch that is Way too focused on a single
> issue, rather than analysing the code and proposing the best fix. :(
>
> What if the two kstrdup() fail?
Thank you for your suggestions, I will also add a check to judge
whether two kstrdup() fail. The detail is shown below:
@@ -125,12 +125,20 @@ static void __init i2c_quirk(void)
struct property *new_compat;
new_compat = kzalloc(sizeof(*new_compat), GFP_KERNEL);
+ if(!new_compat)
+ continue;
new_compat->name = kstrdup("compatible", GFP_KERNEL);
new_compat->length = sizeof("marvell,mv78230-a0-i2c");
new_compat->value = kstrdup("marvell,mv78230-a0-i2c",
GFP_KERNEL);
+ if (!new_compat->name || !new_compat->value) {
+ kfree(new_compat->name);
+ kfree(new_compat->value);
+ kfree(new_compat);
+ continue;
+ }
of_update_property(np, new_compat);
}
}
Best regards,
Duoming Zhou
Powered by blists - more mailing lists