lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160419202521.GA1297@bistromath.localdomain> Date: Tue, 19 Apr 2016 22:25:21 +0200 From: Sabrina Dubroca <sd@...asysnail.net> To: Lance Richardson <lrichard@...hat.com> Cc: netdev@...r.kernel.org, Hannes Frederic Sowa <hannes@...essinduktion.org>, Johannes Berg <johannes@...solutions.net>, Dan Carpenter <dan.carpenter@...cle.com> Subject: Re: [PATCH net 1/5] macsec: add missing NULL check after kmalloc 2016-04-19, 13:45:47 -0400, Lance Richardson wrote: > ----- Original Message ----- > > From: "Sabrina Dubroca" <sd@...asysnail.net> > > To: netdev@...r.kernel.org > > Cc: "Hannes Frederic Sowa" <hannes@...essinduktion.org>, "Johannes Berg" <johannes@...solutions.net>, "Dan Carpenter" > > <dan.carpenter@...cle.com>, "Sabrina Dubroca" <sd@...asysnail.net> > > Sent: Tuesday, April 19, 2016 1:36:38 PM > > Subject: [PATCH net 1/5] macsec: add missing NULL check after kmalloc > > > > Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver") > > Reported-by: Dan Carpenter <dan.carpenter@...cle.com> > > Signed-off-by: Sabrina Dubroca <sd@...asysnail.net> > > Acked-by: Hannes Frederic Sowa <hannes@...essinduktion.org> > > --- > > drivers/net/macsec.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c > > index 84d3e5ca8817..f691030ee3df 100644 > > --- a/drivers/net/macsec.c > > +++ b/drivers/net/macsec.c > > @@ -1622,8 +1622,8 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct > > genl_info *info) > > } > > > > rx_sa = kmalloc(sizeof(*rx_sa), GFP_KERNEL); > > - if (init_rx_sa(rx_sa, nla_data(tb_sa[MACSEC_SA_ATTR_KEY]), secy->key_len, > > - secy->icv_len)) { > > + if (!rx_sa || init_rx_sa(rx_sa, nla_data(tb_sa[MACSEC_SA_ATTR_KEY]), > > + secy->key_len, secy->icv_len)) { > > Doesn't this leak rx_sa if kmalloc() succeeds but init_rx_sa fails? Yeah, you're right. And there's the same code around init_tx_sa. I'll send v2 tomorrow with this and another fix. Thanks! > > rtnl_unlock(); > > return -ENOMEM; > > } > > -- > > 2.8.0 > > > > -- Sabrina
Powered by blists - more mailing lists