From accad1ba7d62543ab3bcf08813726ea87d237bb6 Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva Date: Fri, 8 Jan 2016 13:53:47 +0000 Subject: [PATCH] greybus: power_supply: fix use after free of power supply Individual power supply were being freed and checked using the wrong pointers and at the wrong place, which would make several issues, like used after free and so on. Fix it by freeing all allocated memory after release individual power supply. Signed-off-by: Rui Miguel Silva Reported-by: Johan Hovold Reviewed-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman --- drivers/staging/greybus/power_supply.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/staging/greybus/power_supply.c b/drivers/staging/greybus/power_supply.c index 3c9bb12351e4..d985e13b5a0d 100644 --- a/drivers/staging/greybus/power_supply.c +++ b/drivers/staging/greybus/power_supply.c @@ -544,13 +544,10 @@ static void _gb_power_supply_free(struct gb_power_supply *gbpsy) kfree(gbpsy->manufacturer); kfree(gbpsy->props_raw); kfree(gbpsy->props); - kfree(gbpsy); } static void _gb_power_supply_release(struct gb_power_supply *gbpsy) { - if (!gbpsy) - return; gbpsy->update_interval = 0; @@ -576,6 +573,7 @@ static void _gb_power_supplies_release(struct gb_power_supplies *supplies) mutex_lock(&supplies->supplies_lock); for (i = 0; i < supplies->supplies_count; i++) _gb_power_supply_release(&supplies->supply[i]); + kfree(supplies->supply); mutex_unlock(&supplies->supplies_lock); kfree(supplies); } -- 2.20.1