Re: [CHECKER] free bugs in 2.4.4 and 2.4.4-ac8

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Alexander Viro: "Re: Why side-effects on open(2) are evil. (was Re: [RFD"
• Previous message: Edgar Toernig: "Re: Why side-effects on open(2) are evil. (was Re: [RFD"
• In reply to: Dawson Engler: "[CHECKER] free bugs in 2.4.4 and 2.4.4-ac8"
• Next in thread: Justin Carlson: "Re: [CHECKER] free bugs in 2.4.4 and 2.4.4-ac8"

> [BUG] [BAD] Returns a freed pointer -- very very bad.

... and easy to fix.
> /u2/engler/mc/oses/linux/2.4.4/fs/proc/generic.c:438:proc_symlink: ERROR:FREE:430:438: WARN: Use-after-free of "ent"! set by 'kfree':430
> ent->namelen = len;
> ent->nlink = 1;
> ent->mode = S_IFLNK|S_IRUGO|S_IWUGO|S_IXUGO;
> ent->data = kmalloc((ent->size=strlen(dest))+1, GFP_KERNEL);
> if (!ent->data) {
> Start --->
> kfree(ent);
> goto out;
> }
> strcpy((char*)ent->data,dest);
>
> proc_register(parent, ent);
>
> out:
> Error --->
> return ent;

--- linux/fs/proc/generic.c.old Fri Feb 16 21:01:43 2001
+++ linux/fs/proc/generic.c Thu May 24 17:13:22 2001
@@ -428,6 +428,7 @@
ent->data = kmalloc((ent->size=strlen(dest))+1, GFP_KERNEL);
if (!ent->data) {
kfree(ent);
+ ent = NULL;
goto out;
}
strcpy((char*)ent->data,dest);

Linus, apply it, please.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Alexander Viro: "Re: Why side-effects on open(2) are evil. (was Re: [RFD"
• Previous message: Edgar Toernig: "Re: Why side-effects on open(2) are evil. (was Re: [RFD"
• In reply to: Dawson Engler: "[CHECKER] free bugs in 2.4.4 and 2.4.4-ac8"
• Next in thread: Justin Carlson: "Re: [CHECKER] free bugs in 2.4.4 and 2.4.4-ac8"