[D/E/F,SRU] tracing: Have error path in predicate_parse() free its allocated memory
diff mbox series

Message ID 20191126173638.5633-2-connor.kuehl@canonical.com
State New
Headers show
Series
  • [D/E/F,SRU] tracing: Have error path in predicate_parse() free its allocated memory
Related show

Commit Message

Connor Kuehl Nov. 26, 2019, 5:36 p.m. UTC
From: Navid Emamdoost <navid.emamdoost@gmail.com>

CVE-2019-19072

In predicate_parse, there is an error path that is not going to
out_free instead it returns directly which leads to a memory leak.

Link: http://lkml.kernel.org/r/20190920225800.3870-1-navid.emamdoost@gmail.com

Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
(cherry picked from commit 96c5c6e6a5b6db592acae039fed54b5c8844cd35)
Signed-off-by: Connor Kuehl <connor.kuehl@canonical.com>
---
 kernel/trace/trace_events_filter.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Patch
diff mbox series

diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
index c773b8fb270c..c9a74f82b14a 100644
--- a/kernel/trace/trace_events_filter.c
+++ b/kernel/trace/trace_events_filter.c
@@ -452,8 +452,10 @@  predicate_parse(const char *str, int nr_parens, int nr_preds,
 
 		switch (*next) {
 		case '(':					/* #2 */
-			if (top - op_stack > nr_parens)
-				return ERR_PTR(-EINVAL);
+			if (top - op_stack > nr_parens) {
+				ret = -EINVAL;
+				goto out_free;
+			}
 			*(++top) = invert;
 			continue;
 		case '!':					/* #3 */