Re: [PATCH -next] ide: Use memdup_user() as a cleanup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 22, 2020 at 10:59:41AM +0800, Zou Wei wrote:

>  	if (taskout) {
>  		int outtotal = tasksize;
> -		outbuf = kzalloc(taskout, GFP_KERNEL);
> -		if (outbuf == NULL) {
> -			err = -ENOMEM;
> -			goto abort;
> -		}
> -		if (copy_from_user(outbuf, buf + outtotal, taskout)) {
> -			err = -EFAULT;
> -			goto abort;
> -		}
> +		outbuf = memdup_user(buf + outtotal, taskout);
> +		if (IS_ERR(outbuf))
> +			return PTR_ERR(outbuf);
>  	}
>  
>  	if (taskin) {
>  		int intotal = tasksize + taskout;
> -		inbuf = kzalloc(taskin, GFP_KERNEL);
> -		if (inbuf == NULL) {
> -			err = -ENOMEM;
> -			goto abort;
> -		}
> -		if (copy_from_user(inbuf, buf + intotal, taskin)) {
> -			err = -EFAULT;
> -			goto abort;
> -		}
> +		inbuf = memdup_user(buf + intotal, taskin);
> +		if (IS_ERR(inbuf))
> +			return PTR_ERR(inbuf);

That smells like a leak - what happens if both taskin and taskout are
non-zero at the same time?  <looks>  actually, both parts are leaking -
there's
        req_task = memdup_user(buf, tasksize);
        if (IS_ERR(req_task))
                return PTR_ERR(req_task);
shortly prior to that, so both of your failure exits are leaking.



[Index of Archives]     [Linux Filesystems]     [Linux SCSI]     [Linux RAID]     [Git]     [Kernel Newbies]     [Linux Newbie]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Samba]     [Device Mapper]

  Powered by Linux