* [PATCH][next] cifsd: fix kfree of uninitialized pointer oid @ 2021-06-10 16:46 ` Colin King 2021-06-11 0:40 ` Namjae Jeon 0 siblings, 1 reply; 2+ messages in thread From: Colin King @ 2021-06-10 16:46 UTC (permalink / raw) To: Namjae Jeon, Sergey Senozhatsky, Steve French, Hyunchul Lee, linux-cifs, linux-cifsd-devel Cc: kernel-janitors, linux-kernel From: Colin Ian King <colin.king@canonical.com> Currently function ksmbd_neg_token_init_mech_type can kfree an uninitialized pointer oid when the call to asn1_oid_decode fails when vlen is out of range. All the other failure cases in function asn1_oid_decode set *oid to NULL on an error, so fix the issue by ensuring the vlen out of range error also nullifies the pointer. Fixes: 8bae4419ce63 ("cifsd: add goto fail in neg_token_init_mech_type()") Addresses-Coverity: ("Uninitialized pointer read") Signed-off-by: Colin Ian King <colin.king@canonical.com> --- fs/cifsd/asn1.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/cifsd/asn1.c b/fs/cifsd/asn1.c index 2c63a3e5618b..b014f4638610 100644 --- a/fs/cifsd/asn1.c +++ b/fs/cifsd/asn1.c @@ -66,7 +66,7 @@ static bool asn1_oid_decode(const unsigned char *value, size_t vlen, vlen += 1; if (vlen < 2 || vlen > UINT_MAX / sizeof(unsigned long)) - return false; + goto fail_nullify; *oid = kmalloc(vlen * sizeof(unsigned long), GFP_KERNEL); if (!*oid) @@ -102,6 +102,7 @@ static bool asn1_oid_decode(const unsigned char *value, size_t vlen, fail: kfree(*oid); +fail_nullify: *oid = NULL; return false; } -- 2.31.1 ^ permalink raw reply related [flat|nested] 2+ messages in thread
* RE: [PATCH][next] cifsd: fix kfree of uninitialized pointer oid 2021-06-10 16:46 ` [PATCH][next] cifsd: fix kfree of uninitialized pointer oid Colin King @ 2021-06-11 0:40 ` Namjae Jeon 0 siblings, 0 replies; 2+ messages in thread From: Namjae Jeon @ 2021-06-11 0:40 UTC (permalink / raw) To: 'Colin King' Cc: kernel-janitors, linux-kernel, 'Sergey Senozhatsky', 'Steve French', 'Hyunchul Lee', linux-cifs, linux-cifsd-devel > From: Colin Ian King <colin.king@canonical.com> > > Currently function ksmbd_neg_token_init_mech_type can kfree an uninitialized pointer oid when the call > to asn1_oid_decode fails when vlen is out of range. All the other failure cases in function > asn1_oid_decode set *oid to NULL on an error, so fix the issue by ensuring the vlen out of range error > also nullifies the pointer. > > Fixes: 8bae4419ce63 ("cifsd: add goto fail in neg_token_init_mech_type()") > Addresses-Coverity: ("Uninitialized pointer read") > Signed-off-by: Colin Ian King <colin.king@canonical.com> I will apply, Thanks for your patch! ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-06-11 0:40 UTC | newest] Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <CGME20210610164609epcas1p1c221f8a2c1762fc8a2e0cd5aa44c2b37@epcas1p1.samsung.com> 2021-06-10 16:46 ` [PATCH][next] cifsd: fix kfree of uninitialized pointer oid Colin King 2021-06-11 0:40 ` Namjae Jeon
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).