lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240904045820.5510-1-riyandhiman14@gmail.com>
Date: Wed,  4 Sep 2024 10:28:18 +0530
From: Riyan Dhiman <riyandhiman14@...il.com>
To: bvanassche@....org,
	aacraid@...rosemi.com,
	James.Bottomley@...senPartnership.com,
	martin.petersen@...cle.com
Cc: linux-scsi@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH] scsi: aacraid: Fix memory leak in open_getadapter_fib function

>>> Just above the copy_to_user() call there is the following statement:
>>>
>>> 	list_add_tail(&fibctx->next, &dev->fib_list);
>>>
>>> Does that mean that the above kfree() will cause list corruption?
>> 
>> Yes, you are correct. I overlooked that fibctx is part of a list, and freeing the
>> memory without removing the list entry would corrupt the list.
>> The list entry should be deleted before freeing the memory if copy_to_user() fails.
>
> Are you sure that this is what the code should do?

If copy_to_user function fails that means data was not copied to args successfully, which can leads to 
issue as args might remain unchanged or in an uninteded state. Since we are returning an -EFAULT error, 
we should free fibctx and remove the list entry in the case of an error. If there are any other methods, 
additional checks, or potential issues with this approach that I should consider, 
please let me know, and I'll make the necessary adjustments promptly.

Regards,
Riyan Dhiman

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ