From: Ajay Singh <ajay.kathat@microchip.com>
To: Colin King <colin.king@canonical.com>
Cc: Joe Perches <joe@perches.com>,
Aditya Shankar <aditya.shankar@microchip.com>,
Ganesh Krishna <ganesh.krishna@microchip.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-wireless@vger.kernel.org, devel@driverdev.osuosl.org,
kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] staging: wilc1000: check for kmalloc allocation failures
Date: Mon, 26 Mar 2018 15:47:48 +0000 [thread overview]
Message-ID: <20180326210548.791f070a@ajaysk-VirtualBox> (raw)
In-Reply-To: <1521662598.7999.33.camel@perches.com>
Thanks for submitting the patch.
On Wed, 21 Mar 2018 13:03:18 -0700
Joe Perches <joe@perches.com> wrote:
> On Wed, 2018-03-21 at 19:19 +0000, Colin King wrote:
> > From: Colin Ian King <colin.king@canonical.com>
> >
> > There are three kmalloc allocations that are not null checked which
> > potentially could lead to null pointer dereference issues. Fix this
> > by adding null pointer return checks.
>
> looks like all of these should be kmemdup or kstrdup
>
> >
> > @@ -951,6 +955,10 @@ static s32 handle_connect(struct wilc_vif *vif,
> > if (conn_attr->ssid) {
> > hif_drv->usr_conn_req.ssid = kmalloc(conn_attr->ssid_len + 1,
> > GFP_KERNEL);
> > + if (!hif_drv->usr_conn_req.ssid) {
> > + result = -ENOMEM;
> > + goto error;
> > + }
> > memcpy(hif_drv->usr_conn_req.ssid,
> > conn_attr->ssid,
> > conn_attr->ssid_len);
With this changes the Coverity reported warning is handled correctly.
For further improvement to the patch, as Joe Perches suggested, its better
to make use of kmemdup instead of kmalloc & memcpy. As kstrdup requires the
source string to be NULL terminated('\0') and conn_attr->ssid might not
contains the '\0' terminated string. So kmemdup with length of
'conn_attr->ssid_len' can be used instead.
Please include the changes by using kmemdup() for all kmalloc/memcpy in
this patch.
Regards,
Ajay
WARNING: multiple messages have this Message-ID (diff)
From: Ajay Singh <ajay.kathat@microchip.com>
To: Colin King <colin.king@canonical.com>
Cc: Joe Perches <joe@perches.com>,
Aditya Shankar <aditya.shankar@microchip.com>,
Ganesh Krishna <ganesh.krishna@microchip.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
<linux-wireless@vger.kernel.org>, <devel@driverdev.osuosl.org>,
<kernel-janitors@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] staging: wilc1000: check for kmalloc allocation failures
Date: Mon, 26 Mar 2018 21:05:48 +0530 [thread overview]
Message-ID: <20180326210548.791f070a@ajaysk-VirtualBox> (raw)
In-Reply-To: <1521662598.7999.33.camel@perches.com>
Thanks for submitting the patch.
On Wed, 21 Mar 2018 13:03:18 -0700
Joe Perches <joe@perches.com> wrote:
> On Wed, 2018-03-21 at 19:19 +0000, Colin King wrote:
> > From: Colin Ian King <colin.king@canonical.com>
> >
> > There are three kmalloc allocations that are not null checked which
> > potentially could lead to null pointer dereference issues. Fix this
> > by adding null pointer return checks.
>
> looks like all of these should be kmemdup or kstrdup
>
> >
> > @@ -951,6 +955,10 @@ static s32 handle_connect(struct wilc_vif *vif,
> > if (conn_attr->ssid) {
> > hif_drv->usr_conn_req.ssid = kmalloc(conn_attr->ssid_len + 1,
> > GFP_KERNEL);
> > + if (!hif_drv->usr_conn_req.ssid) {
> > + result = -ENOMEM;
> > + goto error;
> > + }
> > memcpy(hif_drv->usr_conn_req.ssid,
> > conn_attr->ssid,
> > conn_attr->ssid_len);
With this changes the Coverity reported warning is handled correctly.
For further improvement to the patch, as Joe Perches suggested, its better
to make use of kmemdup instead of kmalloc & memcpy. As kstrdup requires the
source string to be NULL terminated('\0') and conn_attr->ssid might not
contains the '\0' terminated string. So kmemdup with length of
'conn_attr->ssid_len' can be used instead.
Please include the changes by using kmemdup() for all kmalloc/memcpy in
this patch.
Regards,
Ajay
next prev parent reply other threads:[~2018-03-26 15:47 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-21 19:19 [PATCH] staging: wilc1000: check for kmalloc allocation failures Colin King
2018-03-21 19:19 ` Colin King
2018-03-21 20:03 ` Joe Perches
2018-03-21 20:03 ` Joe Perches
2018-03-26 15:35 ` Ajay Singh [this message]
2018-03-26 15:47 ` Ajay Singh
2018-03-26 16:15 ` Colin Ian King
2018-03-26 16:15 ` Colin Ian King
2018-03-22 6:47 ` Walter Harms
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180326210548.791f070a@ajaysk-VirtualBox \
--to=ajay.kathat@microchip.com \
--cc=aditya.shankar@microchip.com \
--cc=colin.king@canonical.com \
--cc=devel@driverdev.osuosl.org \
--cc=ganesh.krishna@microchip.com \
--cc=gregkh@linuxfoundation.org \
--cc=joe@perches.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.