lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d5f715e6-9d8f-4f89-9bc7-60ef4163b54e@web.de>
Date: Sun, 23 Jun 2024 17:37:49 +0200
From: Markus Elfring <Markus.Elfring@....de>
To: Yunseong Kim <yskelg@...il.com>, linux-s390@...r.kernel.org,
 Alexander Gordeev <agordeev@...ux.ibm.com>,
 Christian Bornträger <borntraeger@...ux.ibm.com>,
 Harald Freudenberger <freude@...ux.ibm.com>,
 Heiko Carstens <hca@...ux.ibm.com>, Sven Schnelle <svens@...ux.ibm.com>,
 Vasily Gorbik <gor@...ux.ibm.com>
Cc: LKML <linux-kernel@...r.kernel.org>, MichelleJin <shjy180909@...il.com>
Subject: Re: [PATCH] s390/raw3270: Handle memory allocation failures in
 raw3270_setup_console()

> This patch handle potential null pointer dereference in
> 'raw3270_setup_device()', When 'raw3270_setup_console()' fails to
> allocate memory for 'rp' or 'ascebc'.

1. Can a wording approach (like the following) be a better change description?

   A null pointer is stored in a local variable after a call of
   the function “kzalloc” failed. This pointer was passed to
   a subsequent call of the function “raw3270_setup_device”
   where an undesirable dereference will be performed then.
   Thus add corresponding return value checks.


2. Would you like to add any tags (like “Fixes”) accordingly?


3. The allocated two memory areas are immediately overwritten by the called function.
   Can zero-initialisation be omitted by calling the function “kmalloc” instead?


4. Under which circumstances will development interests grow for increasing
   the application of scope-based resource management?
   https://elixir.bootlin.com/linux/v6.10-rc4/source/include/linux/cleanup.h#L8


Regards,
Markus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ