lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20101231.112101.70194518.davem@davemloft.net>
Date:	Fri, 31 Dec 2010 11:21:01 -0800 (PST)
From:	David Miller <davem@...emloft.net>
To:	tilman@...p.cc
Cc:	jj@...osbits.net, gigaset307x-common@...ts.sourceforge.net,
	hjlipp@....de, isdn@...ux-pingi.de, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ISDN, Gigaset: Fix memory leak in do_disconnect_req()

From: Tilman Schmidt <tilman@...p.cc>
Date: Tue, 28 Dec 2010 18:42:29 +0100

> Quite correct. Thanks for finding and fixing this.
> 
> Am 26.12.2010 20:59 schrieb Jesper Juhl:
>> Hi,
>> 
>> In drivers/isdn/gigaset/capi.c::do_disconnect_req() we will leak the 
>> memory allocated (with kmalloc) to 'b3cmsg' if the call to alloc_skb() 
>> fails.
>> 
>> ...
>> 		b3cmsg = kmalloc(sizeof(*b3cmsg), GFP_KERNEL);
>> 	allocation here ------^
>> 		if (!b3cmsg) {
>> 			dev_err(cs->dev, "%s: out of memory\n", __func__);
>> 			send_conf(iif, ap, skb, CAPI_MSGOSRESOURCEERR);
>> 			return;
>> 		}
>> 		capi_cmsg_header(b3cmsg, ap->id, CAPI_DISCONNECT_B3, CAPI_IND,
>> 				 ap->nextMessageNumber++,
>> 				 cmsg->adr.adrPLCI | (1 << 16));
>> 		b3cmsg->Reason_B3 = CapiProtocolErrorLayer1;
>> 		b3skb = alloc_skb(CAPI_DISCONNECT_B3_IND_BASELEN, GFP_KERNEL);
>> 		if (b3skb == NULL) {
>> 			dev_err(cs->dev, "%s: out of memory\n", __func__);
>> 			send_conf(iif, ap, skb, CAPI_MSGOSRESOURCEERR);
>> 			return;
>> 	leak here ------^
>> ...
>> 
>> This leak is easily fixed by just kfree()'ing the memory allocated to 
>> 'b3cmsg' right before we return. The following patch does that.
>> 
>> 
>> Signed-off-by: Jesper Juhl <jj@...osbits.net>
> 
> Acked-by: Tilman Schmidt <tilman@...p.cc>

Applied.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ