lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20241106183032.80155-1-karprzy7@gmail.com>
Date: Wed,  6 Nov 2024 19:30:32 +0100
From: Karol Przybylski <karprzy7@...il.com>
To: gregkh@...uxfoundation.org,
	paul@...pouillou.net,
	tudor.ambarus@...aro.org,
	Chris.Wulff@...mp.com,
	david.sands@...mp.com,
	viro@...iv.linux.org.uk,
	m.grzeschik@...gutronix.de,
	peter@...sgaard.com,
	karprzy7@...il.com
Cc: linux-usb@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	skhan@...uxfoundation.org
Subject: [PATCH] usb: gadget: f_fs: remove unused values and add immediate returns

In case of faulty copy_from_user call inside ffs_epfile_ioctl, error code is
saved in a variable. However, this variable is later overwritten in every possible
path, which overshadows initial assignment.

This patch fixes it by returning the error code immediately and exiting the function.

Error discovered in coverity scan - CID 1583682

Signed-off-by: Karol Przybylski <karprzy7@...il.com>
---
 drivers/usb/gadget/function/f_fs.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
index 2920f8000bbd..00f52c9bb716 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -1735,8 +1735,7 @@ static long ffs_epfile_ioctl(struct file *file, unsigned code,
 		int fd;
 
 		if (copy_from_user(&fd, (void __user *)value, sizeof(fd))) {
-			ret = -EFAULT;
-			break;
+			return -EFAULT;
 		}
 
 		return ffs_dmabuf_attach(file, fd);
@@ -1746,8 +1745,7 @@ static long ffs_epfile_ioctl(struct file *file, unsigned code,
 		int fd;
 
 		if (copy_from_user(&fd, (void __user *)value, sizeof(fd))) {
-			ret = -EFAULT;
-			break;
+			return -EFAULT;
 		}
 
 		return ffs_dmabuf_detach(file, fd);
@@ -1757,8 +1755,7 @@ static long ffs_epfile_ioctl(struct file *file, unsigned code,
 		struct usb_ffs_dmabuf_transfer_req req;
 
 		if (copy_from_user(&req, (void __user *)value, sizeof(req))) {
-			ret = -EFAULT;
-			break;
+			return -EFAULT;
 		}
 
 		return ffs_dmabuf_transfer(file, &req);
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ