projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 50fbd97)
lkdtm: fix memory leak of base
authorSudip Mukherjee <sudipm.mukherjee@gmail.com>
Tue, 5 Apr 2016 17:11:06 +0000 (22:41 +0530)
committerKees Cook <keescook@chromium.org>
Wed, 6 Apr 2016 23:22:24 +0000 (16:22 -0700)
This case is supposed to read from a memory after it has been freed,
but we missed freeing base if the memory 'val' could not be allocated.

Signed-off-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
Signed-off-by: Kees Cook <keescook@chromium.org>
drivers/misc/lkdtm.c patch | blob | blame | history

diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c
index 2f0b0224876111104ef62936403efd6f59e40052..5b3a63c87ec9758820a8d255ea8173a6ef4554fb 100644 (file)
--- a/drivers/misc/lkdtm.c
+++ b/drivers/misc/lkdtm.c
@@ -458,8 +458,10 @@ static void lkdtm_do_action(enum ctype which)
                        break;
 
                val = kmalloc(len, GFP_KERNEL);
-               if (!val)
+               if (!val) {
+                       kfree(base);
                        break;
+               }
 
                *val = 0x12345678;
                base[offset] = *val;