lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CABBYNZLQWH5jxKeLAsVyNqBnWNwcGU+Y1hk3XZkBv5chhZ3wxw@mail.gmail.com>
Date: Mon, 23 Jun 2025 09:50:20 -0400
From: Luiz Augusto von Dentz <luiz.dentz@...il.com>
To: Jakub Kicinski <kuba@...nel.org>
Cc: davem@...emloft.net, linux-bluetooth@...r.kernel.org, 
	netdev@...r.kernel.org, Kuniyuki Iwashima <kuniyu@...gle.com>
Subject: Re: [GIT PULL] bluetooth 2025-06-20

Hi,

On Sat, Jun 21, 2025 at 10:51 AM Jakub Kicinski <kuba@...nel.org> wrote:
>
> On Fri, 20 Jun 2025 13:57:47 -0400 Luiz Augusto von Dentz wrote:
> > bluetooth pull request for net:
> >
> >  - L2CAP: Fix L2CAP MTU negotiation
> >  - hci_core: Fix use-after-free in vhci_flush()
> >  - btintel_pcie: Fix potential race condition in firmware download
> >  - hci_qca: fix unable to load the BT driver
>
> commit 135c1294c585cf8
>
>         alloc_size = sizeof(*hdev);
>         if (sizeof_priv) {
>                 /* Fixme: May need ALIGN-ment? */
>                 alloc_size += sizeof_priv;
>         }
>
>         hdev = kzalloc(alloc_size, GFP_KERNEL);
>         if (!hdev)
>                 return NULL;
>
> +       if (init_srcu_struct(&hdev->srcu))
> +               return NULL;
> +
>         hdev->pkt_type  = (HCI_DM1 | HCI_DH1 | HCI_HV1);
>
> Isn't this leaking hdev?

Yeah looks like we shall free the hdev before returning NULL, will fix
that and resend.



-- 
Luiz Augusto von Dentz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ