LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Amit Pundir <amit.pundir@linaro.org>
To: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: lkml <linux-kernel@vger.kernel.org>,
linux-wireless@vger.kernel.org,
Samuel Ortiz <sameo@linux.intel.com>,
Christophe Ricard <christophe.ricard@gmail.com>,
Greg KH <gregkh@linuxfoundation.org>,
John Stultz <john.stultz@linaro.org>,
Dmitry Shmidt <dimitrysh@google.com>,
Todd Kjos <tkjos@google.com>,
Android Kernel Team <kernel-team@android.com>,
Suren Baghdasaryan <surenb@google.com>
Subject: Re: [RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues in connectivity events handler
Date: Mon, 23 Apr 2018 22:50:19 +0530 [thread overview]
Message-ID: <CAMi1Hd1Hxgo=_1CMDJ8_mnzfcEm97=aiYoxgf42rK_oXp17arQ@mail.gmail.com> (raw)
In-Reply-To: <1524227986.21176.467.camel@linux.intel.com>
On 20 April 2018 at 18:09, Andy Shevchenko
<andriy.shevchenko@linux.intel.com> wrote:
> On Wed, 2018-04-18 at 15:35 +0530, Amit Pundir wrote:
>
>> if (skb->data[transaction->aid_len + 2] !=
>> - NFC_EVT_TRANSACTION_PARAMS_TAG)
>> + NFC_EVT_TRANSACTION_PARAMS_TAG ||
>> + skb->len < transaction->aid_len + transaction-
>> >params_len + 4) {
>
>> + devm_kfree(dev, transaction);
>
> Oh, no.
>
> This is not memory leak per se, this is bad choice of devm_ API where it
> should use plain kmalloc() / kfree().
>
Hi, If I switch to kmalloc()/kfree() with allocation and may be
pre-usage checks along the way up to nfc_genl_se_transaction() would
that suffice? I believe, I still be needing the additional aid_len and
params_len checks regardless, right?
Regards,
Amit Pundir
>> return -EPROTO;
>> + }
>
> --
> Andy Shevchenko <andriy.shevchenko@linux.intel.com>
> Intel Finland Oy
next prev parent reply other threads:[~2018-04-23 17:20 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-18 10:05 [RESEND][PATCH 0/4] Few NFC fixes from android-4.14 tree Amit Pundir
2018-04-18 10:05 ` [RESEND][PATCH 1/4] NFC: st21nfca: Fix out of bounds kernel access when handling ATR_REQ Amit Pundir
2018-04-18 10:05 ` [RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues in connectivity events handler Amit Pundir
2018-04-20 12:39 ` Andy Shevchenko
2018-04-20 16:45 ` Mark Greer
2018-04-23 17:21 ` Amit Pundir
2018-04-23 17:20 ` Amit Pundir [this message]
2018-04-18 10:05 ` [RESEND][PATCH 3/4] NFC: Fix possible memory corruption when handling SHDLC I-Frame commands Amit Pundir
2018-04-18 10:05 ` [RESEND][PATCH 4/4] NFC: fdp: Fix possible buffer overflow in WCS4000 NFC driver Amit Pundir
2018-04-20 12:41 ` Andy Shevchenko
2018-04-23 9:16 ` Greg KH
2018-04-23 10:02 ` Amit Pundir
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMi1Hd1Hxgo=_1CMDJ8_mnzfcEm97=aiYoxgf42rK_oXp17arQ@mail.gmail.com' \
--to=amit.pundir@linaro.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=christophe.ricard@gmail.com \
--cc=dimitrysh@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=john.stultz@linaro.org \
--cc=kernel-team@android.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=sameo@linux.intel.com \
--cc=surenb@google.com \
--cc=tkjos@google.com \
--subject='Re: [RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues in connectivity events handler' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).