[PATCH] usb: core: Fix potential memory leak adding dyn USBdevice IDs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Fix a memory leak in the usb_store_new_id() error paths. When bailing out
due to sanity checks, the function left the already allocated usb_dynid
struct in place.

Detected by Coverity: CID 1162604.

Signed-off-by: Christian Engelmayer <cengelma@xxxxxx>
---
This patch addresses a regression introduced in the following commits:

commit c63fe8f6ca3669f1d120ff70523e2911b9966574
usb: core: add sanity checks when using bInterfaceClass with new_id

commit 1b9fb31f7db7882d475bdc8b335403e8eaabf1ef
usb: core: check for valid id_table when using the RefId feature

commit 52a6966c350624db89addc3e6a825f5e797a73e4
usb: core: bail out if user gives an unknown RefId when using new_id
---
 drivers/usb/core/driver.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c
index 5d01558..7e95661 100644
--- a/drivers/usb/core/driver.c
+++ b/drivers/usb/core/driver.c
@@ -63,8 +63,10 @@ ssize_t usb_store_new_id(struct usb_dynids *dynids,
 	dynid->id.idProduct = idProduct;
 	dynid->id.match_flags = USB_DEVICE_ID_MATCH_DEVICE;
 	if (fields > 2 && bInterfaceClass) {
-		if (bInterfaceClass > 255)
+		if (bInterfaceClass > 255) {
+			kfree(dynid);
 			return -EINVAL;
+		}
 
 		dynid->id.bInterfaceClass = (u8)bInterfaceClass;
 		dynid->id.match_flags |= USB_DEVICE_ID_MATCH_INT_CLASS;
@@ -73,8 +75,10 @@ ssize_t usb_store_new_id(struct usb_dynids *dynids,
 	if (fields > 4) {
 		const struct usb_device_id *id = id_table;
 
-		if (!id)
+		if (!id) {
+			kfree(dynid);
 			return -ENODEV;
+		}
 
 		for (; id->match_flags; id++)
 			if (id->idVendor == refVendor && id->idProduct == refProduct)
@@ -82,8 +86,10 @@ ssize_t usb_store_new_id(struct usb_dynids *dynids,
 
 		if (id->match_flags)
 			dynid->id.driver_info = id->driver_info;
-		else
+		else {
+			kfree(dynid);
 			return -ENODEV;
+		}
 	}
 
 	spin_lock(&dynids->lock);
-- 
1.8.3.2
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux