| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20251230034546.929452-1-zilin@seu.edu.cn>
Date: Tue, 30 Dec 2025 03:45:46 +0000
From: Zilin Guan <zilin@....edu.cn>
To: dpenkler@...il.com
Cc: gregkh@...uxfoundation.org,
matchstick@...erthere.org,
tglx@...utronix.de,
mingo@...nel.org,
linux-kernel@...r.kernel.org,
Zilin Guan <zilin@....edu.cn>,
Jianhao Xu <jianhao.xu@....edu.cn>
Subject: [PATCH v3] gpib: Fix memory leak in ni_usb_init()
In ni_usb_init(), if ni_usb_setup_init() fails, the function returns
-EFAULT without freeing the allocated writes buffer, leading to a
memory leak.
Additionally, ni_usb_setup_init() returns 0 on failure, which causes
ni_usb_init() to return -EFAULT, an inappropriate error code for this
situation.
Fix the leak by freeing writes in the error path. Modify
ni_usb_setup_init() to return -EINVAL on failure and propagate this
error code in ni_usb_init().
Fixes: 4e127de14fa7 ("staging: gpib: Add National Instruments USB GPIB driver")
Suggested-by: Greg KH <gregkh@...uxfoundation.org>
Suggested-by: Dave Penkler <dpenkler@...il.com>
Co-developed-by: Jianhao Xu <jianhao.xu@....edu.cn>
Signed-off-by: Jianhao Xu <jianhao.xu@....edu.cn>
Signed-off-by: Zilin Guan <zilin@....edu.cn>
---
Changes in v3:
- Enable ni_usb_setup_init() to return negative error codes on failure.
- Remove "staging" prefix based on current file path.
Changes in v2:
- Use early return to simplify error handling logic.
drivers/gpib/ni_usb/ni_usb_gpib.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/gpib/ni_usb/ni_usb_gpib.c b/drivers/gpib/ni_usb/ni_usb_gpib.c
index 1f8412de9fa3..52fb76b48467 100644
--- a/drivers/gpib/ni_usb/ni_usb_gpib.c
+++ b/drivers/gpib/ni_usb/ni_usb_gpib.c
@@ -1780,7 +1780,7 @@ static int ni_usb_setup_init(struct gpib_board *board, struct ni_usb_register *w
i++;
if (i > NUM_INIT_WRITES) {
dev_err(&usb_dev->dev, "bug!, buffer overrun, i=%i\n", i);
- return 0;
+ return -EINVAL;
}
return i;
}
@@ -1799,10 +1799,12 @@ static int ni_usb_init(struct gpib_board *board)
return -ENOMEM;
writes_len = ni_usb_setup_init(board, writes);
- if (writes_len)
- retval = ni_usb_write_registers(ni_priv, writes, writes_len, &ibsta);
- else
- return -EFAULT;
+ if (writes_len < 0) {
+ kfree(writes);
+ return writes_len;
+ }
+
+ retval = ni_usb_write_registers(ni_priv, writes, writes_len, &ibsta);
kfree(writes);
if (retval) {
dev_err(&usb_dev->dev, "register write failed, retval=%i\n", retval);
--
2.34.1
Powered by blists - more mailing lists