Memleak in e100 driver

Oleg Drokin (green@linuxhacker.ru)
Wed, 12 Mar 2003 21:58:06 +0300


Hello!

There is a memleak in e100 driver from intel, both in 2.4 and 2.5
e100_ethtool_gstrings does not free "strings" variable if it cannot
copy it to userspace.
See the patch (identical for both 2.4 and 2.5).
Found with help of smatch + enhanced unfree script.

Bye,
Oleg

===== drivers/net/e100/e100_main.c 1.23 vs edited =====
--- 1.23/drivers/net/e100/e100_main.c Sat Feb 1 22:38:18 2003
+++ edited/drivers/net/e100/e100_main.c Wed Mar 12 21:50:32 2003
@@ -3824,11 +3824,15 @@
return -EOPNOTSUPP;
}

- if (copy_to_user(ifr->ifr_data, &info, sizeof (info)))
+ if (copy_to_user(ifr->ifr_data, &info, sizeof (info))) {
+ kfree(strings);
return -EFAULT;
+ }

- if (copy_to_user(usr_strings, strings, info.len * ETH_GSTRING_LEN))
+ if (copy_to_user(usr_strings, strings, info.len * ETH_GSTRING_LEN)) {
+ kfree(strings);
return -EFAULT;
+ }

kfree(strings);
return 0;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/