Re: [RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues in connectivity events handler

From: Amit Pundir
Date: Mon Apr 23 2018 - 13:22:24 EST

Next message: Lina Iyer: "Re: [PATCH v3] soc: qcom: cmd-db: Make endian-agnostic"
Previous message: Song Liu: "[PATCH v5 2/2] tracing: remove igrab() iput() call from uprobes.c"
In reply to: Mark Greer: "Re: [RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues in connectivity events handler"
Next in thread: Amit Pundir: "Re: [RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues in connectivity events handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 20 April 2018 at 22:15, Mark Greer <mgreer@xxxxxxxxxxxxxxx> wrote:
> On Fri, Apr 20, 2018 at 03:39:46PM +0300, Andy Shevchenko wrote:
>> On Wed, 2018-04-18 at 15:35 +0530, Amit Pundir wrote:
>>
>> > if (skb->data[transaction->aid_len + 2] !=
>> > - NFC_EVT_TRANSACTION_PARAMS_TAG)
>> > + NFC_EVT_TRANSACTION_PARAMS_TAG ||
>> > + skb->len < transaction->aid_len + transaction-
>> > >params_len + 4) {
>>
>> > + devm_kfree(dev, transaction);
>>
>> Oh, no.
>>
>> This is not memory leak per se, this is bad choice of devm_ API where it
>> should use plain kmalloc() / kfree().
>
> Also, there is no check to see if the allocation worked at all.

Ack. I'll add that in v2.
Thanks.

Regards,
Amit Pundir

>
> Mark
> --

Next message: Lina Iyer: "Re: [PATCH v3] soc: qcom: cmd-db: Make endian-agnostic"
Previous message: Song Liu: "[PATCH v5 2/2] tracing: remove igrab() iput() call from uprobes.c"
In reply to: Mark Greer: "Re: [RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues in connectivity events handler"
Next in thread: Amit Pundir: "Re: [RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues in connectivity events handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]