Re: [RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues in connectivity events handler
From: Mark Greer
Date: Fri Apr 20 2018 - 12:45:17 EST
On Fri, Apr 20, 2018 at 03:39:46PM +0300, Andy Shevchenko wrote:
> On Wed, 2018-04-18 at 15:35 +0530, Amit Pundir wrote:
>
> > if (skb->data[transaction->aid_len + 2] !=
> > - NFC_EVT_TRANSACTION_PARAMS_TAG)
> > + NFC_EVT_TRANSACTION_PARAMS_TAG ||
> > + skb->len < transaction->aid_len + transaction-
> > >params_len + 4) {
>
> > + devm_kfree(dev, transaction);
>
> Oh, no.
>
> This is not memory leak per se, this is bad choice of devm_ API where it
> should use plain kmalloc() / kfree().
Also, there is no check to see if the allocation worked at all.
Mark
--