lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20220629203633.56382dca@kernel.org>
Date:   Wed, 29 Jun 2022 20:36:33 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     Oliver Neukum <oneukum@...e.com>
Cc:     davem@...emloft.net, netdev@...r.kernel.org,
        linux-usb@...r.kernel.org
Subject: Re: [PATCHv2] usbnet: fix memory leak in error case

On Tue, 28 Jun 2022 10:31:28 +0200 Oliver Neukum wrote:
> -	void *buf = NULL;
> +	void *buf;
>  
>  	netdev_dbg(dev->net, "usbnet_write_cmd cmd=0x%02x reqtype=%02x"
>  		   " value=0x%04x index=0x%04x size=%d\n",
> @@ -2155,7 +2155,7 @@ int usbnet_write_cmd_async(struct usbnet *dev, u8 cmd, u8 reqtype,
>  		if (!buf) {
>  			netdev_err(dev->net, "Error allocating buffer"
>  				   " in %s!\n", __func__);
> -			goto fail_free;
> +			goto fail_free_urb;
>  		}
>  	}
>  
> @@ -2179,14 +2179,21 @@ int usbnet_write_cmd_async(struct usbnet *dev, u8 cmd, u8 reqtype,
>  	if (err < 0) {
>  		netdev_err(dev->net, "Error submitting the control"
>  			   " message: status=%d\n", err);
> -		goto fail_free;
> +		goto fail_free_all;
>  	}
>  	return 0;
>  
> +fail_free_all:
> +	kfree(req);
>  fail_free_buf:
>  	kfree(buf);

Seems like the buf can be uninitialized now if data was NULL

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ