Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-13 00:29:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

wusb: Fix potential memory leak in wusb_dev_sec_add()

Browse Source 
Do not leak memory by updating pointer with potentially NULL realloc return value.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Alexey Khoroshilov 2012-08-08 16:49:48 +04:00 committed by Greg Kroah-Hartman
parent e4d37aeb37
commit e58ba01e2c
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
drivers/usb/wusbcore/security.c
View File

@ -202,7 +202,7 @@ int wusb_dev_sec_add(struct wusbhc *wusbhc,
{ {
int result, bytes, secd_size; int result, bytes, secd_size;
struct device *dev = &usb_dev->dev; struct device *dev = &usb_dev->dev;
struct usb_security_descriptor *secd; struct usb_security_descriptor *secd, *new_secd;
const struct usb_encryption_descriptor *etd, *ccm1_etd = NULL; const struct usb_encryption_descriptor *etd, *ccm1_etd = NULL;
const void *itr, *top; const void *itr, *top;
char buf[64]; char buf[64];
@ -221,11 +221,12 @@ int wusb_dev_sec_add(struct wusbhc *wusbhc,
goto out; goto out;
} }
secd_size = le16_to_cpu(secd->wTotalLength); secd_size = le16_to_cpu(secd->wTotalLength);
secd = krealloc(secd, secd_size, GFP_KERNEL); new_secd = krealloc(secd, secd_size, GFP_KERNEL);
if (secd == NULL) { if (new_secd == NULL) {
dev_err(dev, "Can't allocate space for security descriptors\n"); dev_err(dev, "Can't allocate space for security descriptors\n");
goto out; goto out;
} }
secd = new_secd;
result = usb_get_descriptor(usb_dev, USB_DT_SECURITY, result = usb_get_descriptor(usb_dev, USB_DT_SECURITY,
0, secd, secd_size); 0, secd, secd_size);
if (result < secd_size) { if (result < secd_size) {