lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20170408160745.14328-8-Larry.Finger@lwfinger.net>
Date:   Sat,  8 Apr 2017 11:07:30 -0500
From:   Larry Finger <Larry.Finger@...inger.net>
To:     gregkh@...uxfoundation.org
Cc:     netdev@...r.kernel.org, devel@...verdev.osuosl.org,
        hdegoede@...hat.com, hadess@...ess.net, jes.sorensen@...il.com,
        Larry Finger <Larry.Finger@...inger.net>
Subject: [PATCH 07/22] staging: rtl8723bs: Fix potential usage while NULL error in hal/rtl8723b_hal_init.c

Smatch logs the following:

  CHECK   drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c
drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c:518 rtl8723b_FirmwareDownload() error: we previously assumed 'pFirmware' could be null (see line 382)

Fixing this error required a rewrite of the error exits from this routine.

Signed-off-by: Larry Finger <Larry.Finger@...inger.net>
---
 drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c b/drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c
index b7f6dc7ce318..d40ad03e99a3 100644
--- a/drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c
+++ b/drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c
@@ -377,13 +377,13 @@ s32 rtl8723b_FirmwareDownload(struct adapter *padapter, bool  bUsedWoWLANFw)
 	RT_TRACE(_module_hal_init_c_, _drv_notice_, ("+%s, bUsedWoWLANFw:%d\n", __func__, bUsedWoWLANFw));
 #endif
 	pFirmware = kzalloc(sizeof(struct rt_firmware), GFP_KERNEL);
+	if (!pFirmware)
+		return _FAIL;
 	pBTFirmware = kzalloc(sizeof(struct rt_firmware), GFP_KERNEL);
-
-	if (!pFirmware || !pBTFirmware) {
-		rtStatus = _FAIL;
-		goto exit;
+	if (!pBTFirmware) {
+		kfree(pFirmware);
+		return _FAIL;
 	}
-
 	tmp_ps = rtw_read8(padapter, 0xa3);
 	tmp_ps &= 0xf8;
 	tmp_ps |= 0x02;
@@ -441,7 +441,7 @@ s32 rtl8723b_FirmwareDownload(struct adapter *padapter, bool  bUsedWoWLANFw)
 	if (pFirmware->ulFwLength > FW_8723B_SIZE) {
 		rtStatus = _FAIL;
 		DBG_871X_LEVEL(_drv_emerg_, "Firmware size:%u exceed %u\n", pFirmware->ulFwLength, FW_8723B_SIZE);
-		goto exit;
+		goto release_fw1;
 	}
 
 	pFirmwareBuf = pFirmware->szFwBuffer;
@@ -517,6 +517,7 @@ s32 rtl8723b_FirmwareDownload(struct adapter *padapter, bool  bUsedWoWLANFw)
 exit:
 	kfree(pFirmware->szFwBuffer);
 	kfree(pFirmware);
+release_fw1:
 	kfree(pBTFirmware);
 	DBG_871X(" <=== rtl8723b_FirmwareDownload()\n");
 	return rtStatus;
-- 
2.12.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ