lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Zh_rM04PspfXxlv_@smile.fi.intel.com>
Date: Wed, 17 Apr 2024 18:30:59 +0300
From: Andy Shevchenko <andriy.shevchenko@...el.com>
To: Zeng Heng <zengheng4@...wei.com>
Cc: linus.walleij@...aro.org, linux-kernel@...r.kernel.org,
	xiexiuqi@...wei.com, linux-gpio@...r.kernel.org,
	weiyongjun1@...wei.com, dan.carpenter@...aro.org,
	liwei391@...wei.com
Subject: Re: [PATCH] pinctrl: devicetree: fix refcount leak in
 pinctrl_dt_to_map()

On Mon, Apr 15, 2024 at 06:53:28PM +0800, Zeng Heng wrote:
> If we fail to allocate propname buffer, we need to drop the reference
> count we just took. Because the pinctrl_dt_free_maps() includes the
> droping operation, here we call it directly.

..

>  	for (state = 0; ; state++) {
>  		/* Retrieve the pinctrl-* property */
>  		propname = kasprintf(GFP_KERNEL, "pinctrl-%d", state);
> -		if (!propname)
> -			return -ENOMEM;
> +		if (!propname) {
> +			ret = -ENOMEM;
> +			goto err;
> +		}
>  		prop = of_find_property(np, propname, &size);
>  		kfree(propname);
>  		if (!prop) {
>  			if (state == 0) {
> -				of_node_put(np);
> -				return -ENODEV;
> +				ret = -ENODEV;
> +				goto err;

Has it been tested? How on earth is this a correct change?

We iterate over state numbers until we have properties available. This chunk is
_successful_ exit path, we may not free parsed maps! Am I wrong?

>  			}
>  			break;
>  		}

-- 
With Best Regards,
Andy Shevchenko



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ