| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250107012742.3320547-1-joe@pf.is.s.u-tokyo.ac.jp>
Date: Tue, 7 Jan 2025 10:27:42 +0900
From: Joe Hattori <joe@...is.s.u-tokyo.ac.jp>
To: srinivas.kandagatla@...aro.org
Cc: linux-kernel@...r.kernel.org,
Joe Hattori <joe@...is.s.u-tokyo.ac.jp>
Subject: [PATCH] nvmem: core: Fix an OF node reference leak in of_nvmem_cell_get()
of_nvmem_cell_get() leaks the OF node obtained by
of_parse_phandle_with_optional_args() on an unlikely event
cell_spec.arg_count > 1. Thus add a of_node_put() call before returning
EINVAL.
This was found by an experimental verifier that I am developing. Due to
the lack of actual devices, no runtime test was able to be performed.
Fixes: 5d8e6e6c10a3 ("nvmem: core: add an index parameter to the cell")
Signed-off-by: Joe Hattori <joe@...is.s.u-tokyo.ac.jp>
---
drivers/nvmem/core.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
index d6494dfc20a7..2991b48b7ff4 100644
--- a/drivers/nvmem/core.c
+++ b/drivers/nvmem/core.c
@@ -1455,10 +1455,12 @@ struct nvmem_cell *of_nvmem_cell_get(struct device_node *np, const char *id)
if (ret)
return ERR_PTR(-ENOENT);
- if (cell_spec.args_count > 1)
+ cell_np = cell_spec.np;
+ if (cell_spec.args_count > 1) {
+ of_node_put(cell_np);
return ERR_PTR(-EINVAL);
+ }
- cell_np = cell_spec.np;
if (cell_spec.args_count)
cell_index = cell_spec.args[0];
--
2.34.1
Powered by blists - more mailing lists