| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160419202521.GA1297@bistromath.localdomain>
Date: Tue, 19 Apr 2016 22:25:21 +0200
From: Sabrina Dubroca <sd@...asysnail.net>
To: Lance Richardson <lrichard@...hat.com>
Cc: netdev@...r.kernel.org,
Hannes Frederic Sowa <hannes@...essinduktion.org>,
Johannes Berg <johannes@...solutions.net>,
Dan Carpenter <dan.carpenter@...cle.com>
Subject: Re: [PATCH net 1/5] macsec: add missing NULL check after kmalloc
2016-04-19, 13:45:47 -0400, Lance Richardson wrote:
> ----- Original Message -----
> > From: "Sabrina Dubroca" <sd@...asysnail.net>
> > To: netdev@...r.kernel.org
> > Cc: "Hannes Frederic Sowa" <hannes@...essinduktion.org>, "Johannes Berg" <johannes@...solutions.net>, "Dan Carpenter"
> > <dan.carpenter@...cle.com>, "Sabrina Dubroca" <sd@...asysnail.net>
> > Sent: Tuesday, April 19, 2016 1:36:38 PM
> > Subject: [PATCH net 1/5] macsec: add missing NULL check after kmalloc
> >
> > Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver")
> > Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
> > Signed-off-by: Sabrina Dubroca <sd@...asysnail.net>
> > Acked-by: Hannes Frederic Sowa <hannes@...essinduktion.org>
> > ---
> > drivers/net/macsec.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
> > index 84d3e5ca8817..f691030ee3df 100644
> > --- a/drivers/net/macsec.c
> > +++ b/drivers/net/macsec.c
> > @@ -1622,8 +1622,8 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct
> > genl_info *info)
> > }
> >
> > rx_sa = kmalloc(sizeof(*rx_sa), GFP_KERNEL);
> > - if (init_rx_sa(rx_sa, nla_data(tb_sa[MACSEC_SA_ATTR_KEY]), secy->key_len,
> > - secy->icv_len)) {
> > + if (!rx_sa || init_rx_sa(rx_sa, nla_data(tb_sa[MACSEC_SA_ATTR_KEY]),
> > + secy->key_len, secy->icv_len)) {
>
> Doesn't this leak rx_sa if kmalloc() succeeds but init_rx_sa fails?
Yeah, you're right. And there's the same code around init_tx_sa.
I'll send v2 tomorrow with this and another fix.
Thanks!
> > rtnl_unlock();
> > return -ENOMEM;
> > }
> > --
> > 2.8.0
> >
> >
--
Sabrina
Powered by blists - more mailing lists