lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 18 Nov 2023 13:02:35 +0100
From: Florian Westphal <fw@...len.de>
To: Kamil Duljas <kamil.duljas@...il.com>
Cc: Jakub Kicinski <kuba@...nel.org>,
	"David S . Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>,
	Jiri Pirko <jiri@...nulli.us>,
	Johannes Berg <johannes@...solutions.net>, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] genetlink: Prevent memory leak when krealloc fail

Kamil Duljas <kamil.duljas@...il.com> wrote:
> genl_allocate_reserve_groups() allocs new memory in while loop
> but if krealloc fail, the memory allocated by kzalloc is not freed.
> It seems allocated memory is unnecessary when the function
> returns -ENOMEM

Why should it be free'd?  mc_groups is not a local variable.

>  				new_groups = krealloc(mc_groups, nlen,
>  						      GFP_KERNEL);
> -				if (!new_groups)
> +				if (!new_groups) {
> +					kfree(mc_groups);
>  					return -ENOMEM;
> +				}

How did you test this?  AFAICS this results in use-after-free for every
access to mc_groups after this error path is taken.

Existing code looks correct, we can't grow mc_groups and return an
error.

Powered by blists - more mailing lists