| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zh_rM04PspfXxlv_@smile.fi.intel.com>
Date: Wed, 17 Apr 2024 18:30:59 +0300
From: Andy Shevchenko <andriy.shevchenko@...el.com>
To: Zeng Heng <zengheng4@...wei.com>
Cc: linus.walleij@...aro.org, linux-kernel@...r.kernel.org,
xiexiuqi@...wei.com, linux-gpio@...r.kernel.org,
weiyongjun1@...wei.com, dan.carpenter@...aro.org,
liwei391@...wei.com
Subject: Re: [PATCH] pinctrl: devicetree: fix refcount leak in
pinctrl_dt_to_map()
On Mon, Apr 15, 2024 at 06:53:28PM +0800, Zeng Heng wrote:
> If we fail to allocate propname buffer, we need to drop the reference
> count we just took. Because the pinctrl_dt_free_maps() includes the
> droping operation, here we call it directly.
..
> for (state = 0; ; state++) {
> /* Retrieve the pinctrl-* property */
> propname = kasprintf(GFP_KERNEL, "pinctrl-%d", state);
> - if (!propname)
> - return -ENOMEM;
> + if (!propname) {
> + ret = -ENOMEM;
> + goto err;
> + }
> prop = of_find_property(np, propname, &size);
> kfree(propname);
> if (!prop) {
> if (state == 0) {
> - of_node_put(np);
> - return -ENODEV;
> + ret = -ENODEV;
> + goto err;
Has it been tested? How on earth is this a correct change?
We iterate over state numbers until we have properties available. This chunk is
_successful_ exit path, we may not free parsed maps! Am I wrong?
> }
> break;
> }
--
With Best Regards,
Andy Shevchenko
Powered by blists - more mailing lists