Re: [PATCH] thunderbolt: property: fix a buffer overflow and a missing check

From: Mukesh Ojha
Date: Wed Mar 27 2019 - 10:46:15 EST



On 3/25/2019 4:19 AM, Kangjie Lu wrote:
First, no memory is allocated for "property->value.text"; the
following strcpy will lead to a buffer overflow.

Fix the commit text as there is no overflow.

only the check and resource cleanp is the fix.


Second, no check is enforced for the return value of kzalloc,
which may lead to NULL-pointer dereference.

The patch fixes the two issues.

Signed-off-by: Kangjie Lu <kjlu@xxxxxxx
Otherwise looks good.

Reviewed-by: Mukesh Ojha <mojha@xxxxxxxxxxxxxx>

-Mukesh

---
drivers/thunderbolt/property.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/thunderbolt/property.c b/drivers/thunderbolt/property.c
index 841314deb446..d5b0cdb8f0b1 100644
--- a/drivers/thunderbolt/property.c
+++ b/drivers/thunderbolt/property.c
@@ -587,7 +587,12 @@ int tb_property_add_text(struct tb_property_dir *parent, const char *key,
return -ENOMEM;
property->length = size / 4;
- property->value.data = kzalloc(size, GFP_KERNEL);
+ property->value.text = kzalloc(size, GFP_KERNEL);
+ if (!property->value.text) {
+ kfree(property);
+ return -ENOMEM;
+ }
+
strcpy(property->value.text, text);
list_add_tail(&property->list, &parent->properties);