Re: [RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues in connectivity events handler

From: Andy Shevchenko
Date: Fri Apr 20 2018 - 08:39:57 EST

Next message: Michal Hocko: "Re: [patch v2] mm, oom: fix concurrent munlock and oom reaper unmap"
Previous message: Fengguang Wu: "Re: [gcov_module_notifier] WARNING: CPU: 0 PID: 155 at mm/slab_common.c:996 kmalloc_slab+0x1f/0x79"
In reply to: Amit Pundir: "[RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues in connectivity events handler"
Next in thread: Mark Greer: "Re: [RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues in connectivity events handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2018-04-18 at 15:35 +0530, Amit Pundir wrote:

> if (skb->data[transaction->aid_len + 2] !=
> - NFC_EVT_TRANSACTION_PARAMS_TAG)
> + NFC_EVT_TRANSACTION_PARAMS_TAG ||
> + skb->len < transaction->aid_len + transaction-
> >params_len + 4) {

> + devm_kfree(dev, transaction);

Oh, no.

This is not memory leak per se, this is bad choice of devm_ API where it
should use plain kmalloc() / kfree().

> return -EPROTO;
> + }

--
Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Intel Finland Oy

Next message: Michal Hocko: "Re: [patch v2] mm, oom: fix concurrent munlock and oom reaper unmap"
Previous message: Fengguang Wu: "Re: [gcov_module_notifier] WARNING: CPU: 0 PID: 155 at mm/slab_common.c:996 kmalloc_slab+0x1f/0x79"
In reply to: Amit Pundir: "[RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues in connectivity events handler"
Next in thread: Mark Greer: "Re: [RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues in connectivity events handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]