linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] staging: rtl8188eu: fix null dereference when kzalloc fails
@ 2019-09-27 21:44 Connor Kuehl
  2019-10-01 13:11 ` Dan Carpenter
  0 siblings, 1 reply; 3+ messages in thread
From: Connor Kuehl @ 2019-09-27 21:44 UTC (permalink / raw)
  To: Larry.Finger, gregkh, devel; +Cc: linux-kernel, kernel-janitors

If kzalloc() returns NULL, the error path doesn't stop the flow of
control from entering rtw_hal_read_chip_version() which dereferences the
null pointer. Fix this by adding a 'goto' to the error path to more
gracefully handle the issue and avoid proceeding with initialization
steps that we're no longer prepared to handle.

Also update the debug message to be more consistent with the other debug
messages in this function.

Addresses-Coverity: ("Dereference after null check")

Signed-off-by: Connor Kuehl <connor.kuehl@canonical.com>
---
 drivers/staging/rtl8188eu/os_dep/usb_intf.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/rtl8188eu/os_dep/usb_intf.c b/drivers/staging/rtl8188eu/os_dep/usb_intf.c
index 664d93a7f90d..4fac9dca798e 100644
--- a/drivers/staging/rtl8188eu/os_dep/usb_intf.c
+++ b/drivers/staging/rtl8188eu/os_dep/usb_intf.c
@@ -348,8 +348,10 @@ static struct adapter *rtw_usb_if1_init(struct dvobj_priv *dvobj,
 	}
 
 	padapter->HalData = kzalloc(sizeof(struct hal_data_8188e), GFP_KERNEL);
-	if (!padapter->HalData)
-		DBG_88E("cant not alloc memory for HAL DATA\n");
+	if (!padapter->HalData) {
+		DBG_88E("Failed to allocate memory for HAL data\n");
+		goto free_adapter;
+	}
 
 	/* step read_chip_version */
 	rtw_hal_read_chip_version(padapter);
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] staging: rtl8188eu: fix null dereference when kzalloc fails
  2019-09-27 21:44 [PATCH] staging: rtl8188eu: fix null dereference when kzalloc fails Connor Kuehl
@ 2019-10-01 13:11 ` Dan Carpenter
  2019-10-03 21:05   ` Connor Kuehl
  0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2019-10-01 13:11 UTC (permalink / raw)
  To: Connor Kuehl; +Cc: Larry.Finger, gregkh, devel, kernel-janitors, linux-kernel

On Fri, Sep 27, 2019 at 02:44:15PM -0700, Connor Kuehl wrote:
> If kzalloc() returns NULL, the error path doesn't stop the flow of
> control from entering rtw_hal_read_chip_version() which dereferences the
> null pointer. Fix this by adding a 'goto' to the error path to more
> gracefully handle the issue and avoid proceeding with initialization
> steps that we're no longer prepared to handle.
> 
> Also update the debug message to be more consistent with the other debug
> messages in this function.
> 
> Addresses-Coverity: ("Dereference after null check")
> 
> Signed-off-by: Connor Kuehl <connor.kuehl@canonical.com>
> ---
>  drivers/staging/rtl8188eu/os_dep/usb_intf.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/staging/rtl8188eu/os_dep/usb_intf.c b/drivers/staging/rtl8188eu/os_dep/usb_intf.c
> index 664d93a7f90d..4fac9dca798e 100644
> --- a/drivers/staging/rtl8188eu/os_dep/usb_intf.c
> +++ b/drivers/staging/rtl8188eu/os_dep/usb_intf.c
> @@ -348,8 +348,10 @@ static struct adapter *rtw_usb_if1_init(struct dvobj_priv *dvobj,
>  	}
>  

There is another one earlier in the function as well.

drivers/staging/rtl8188eu/os_dep/usb_intf.c
   336  
   337          pnetdev = rtw_init_netdev(padapter);
   338          if (!pnetdev)
   339                  goto free_adapter;
   340          SET_NETDEV_DEV(pnetdev, dvobj_to_dev(dvobj));
   341          padapter = rtw_netdev_priv(pnetdev);
   342  
   343          if (padapter->registrypriv.monitor_enable) {
   344                  pmondev = rtl88eu_mon_init();
   345                  if (!pmondev)
   346                          netdev_warn(pnetdev, "Failed to initialize monitor interface");

goto free_adapter.

   347                  padapter->pmondev = pmondev;
   348          }
   349  
   350          padapter->HalData = kzalloc(sizeof(struct hal_data_8188e), GFP_KERNEL);
   351          if (!padapter->HalData)
   352                  DBG_88E("cant not alloc memory for HAL DATA\n");
   353  

>  	padapter->HalData = kzalloc(sizeof(struct hal_data_8188e), GFP_KERNEL);
> -	if (!padapter->HalData)
> -		DBG_88E("cant not alloc memory for HAL DATA\n");
> +	if (!padapter->HalData) {
> +		DBG_88E("Failed to allocate memory for HAL data\n");

Remove this debug printk.

> +		goto free_adapter;
> +	}


regards,
dan carpenter


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] staging: rtl8188eu: fix null dereference when kzalloc fails
  2019-10-01 13:11 ` Dan Carpenter
@ 2019-10-03 21:05   ` Connor Kuehl
  0 siblings, 0 replies; 3+ messages in thread
From: Connor Kuehl @ 2019-10-03 21:05 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: Larry.Finger, gregkh, devel, kernel-janitors, linux-kernel

On 10/1/19 6:11 AM, Dan Carpenter wrote:
> 
> There is another one earlier in the function as well.
> 
> drivers/staging/rtl8188eu/os_dep/usb_intf.c
>     336
>     337          pnetdev = rtw_init_netdev(padapter);
>     338          if (!pnetdev)
>     339                  goto free_adapter;
>     340          SET_NETDEV_DEV(pnetdev, dvobj_to_dev(dvobj));
>     341          padapter = rtw_netdev_priv(pnetdev);
>     342
>     343          if (padapter->registrypriv.monitor_enable) {
>     344                  pmondev = rtl88eu_mon_init();
>     345                  if (!pmondev)
>     346                          netdev_warn(pnetdev, "Failed to initialize monitor interface");
> 
> goto free_adapter.
> 
>     347                  padapter->pmondev = pmondev;
>     348          }
>     349
>     350          padapter->HalData = kzalloc(sizeof(struct hal_data_8188e), GFP_KERNEL);
>     351          if (!padapter->HalData)
>     352                  DBG_88E("cant not alloc memory for HAL DATA\n");
>     353
> 
>>   	padapter->HalData = kzalloc(sizeof(struct hal_data_8188e), GFP_KERNEL);
>> -	if (!padapter->HalData)
>> -		DBG_88E("cant not alloc memory for HAL DATA\n");
>> +	if (!padapter->HalData) {
>> +		DBG_88E("Failed to allocate memory for HAL data\n");
> 
> Remove this debug printk.
> 
>> +		goto free_adapter;
>> +	}

Hi Dan,

Sorry for such a late response! By the time I saw the e-mail with your 
feedback I also saw another e-mail saying this patch was accepted into a 
staging-linus tree. I'll address your comments in a separate patch.

Thank you,

Connor


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-10-03 21:05 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-27 21:44 [PATCH] staging: rtl8188eu: fix null dereference when kzalloc fails Connor Kuehl
2019-10-01 13:11 ` Dan Carpenter
2019-10-03 21:05   ` Connor Kuehl

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).