| Message ID | 1423687393-7810-3-git-send-email-ricardo.neri-calderon@linux.intel.com |
|---|---|
| State | Accepted |
| Headers | show |
On 11/02/15 20:43, Ricardo Neri wrote: > If the allocation of data fails, we must not proceed copying data > from the user space. Instead we return with -ENOMEM. > > Also, while there, free the memory of the variable name in case > the copy from user space fails. > > Reported-by: Colin Ian King <colin.king@canonical.com> > Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> > --- > efi_runtime/efi_runtime.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c > index 1125556..9693721 100644 > --- a/efi_runtime/efi_runtime.c > +++ b/efi_runtime/efi_runtime.c > @@ -300,8 +300,13 @@ static long efi_runtime_set_variable(unsigned long arg) > return rv; > > data = kmalloc(psetvariable_local.DataSize, GFP_KERNEL); > + if (!data) { > + kfree(name); > + return -ENOMEM; > + } > if (copy_from_user(data, psetvariable_local.Data, > psetvariable_local.DataSize)) { > + kfree(data); > kfree(name); > return -EFAULT; > } > Thanks! Acked-by: Colin Ian King <colin.king@canonical.com>
On 02/12/2015 04:43 AM, Ricardo Neri wrote: > If the allocation of data fails, we must not proceed copying data > from the user space. Instead we return with -ENOMEM. > > Also, while there, free the memory of the variable name in case > the copy from user space fails. > > Reported-by: Colin Ian King <colin.king@canonical.com> > Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> > --- > efi_runtime/efi_runtime.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c > index 1125556..9693721 100644 > --- a/efi_runtime/efi_runtime.c > +++ b/efi_runtime/efi_runtime.c > @@ -300,8 +300,13 @@ static long efi_runtime_set_variable(unsigned long arg) > return rv; > > data = kmalloc(psetvariable_local.DataSize, GFP_KERNEL); > + if (!data) { > + kfree(name); > + return -ENOMEM; > + } > if (copy_from_user(data, psetvariable_local.Data, > psetvariable_local.DataSize)) { > + kfree(data); > kfree(name); > return -EFAULT; > } > Acked-by: Alex Hung <alex.hung@canonical.com>
diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c index 1125556..9693721 100644 --- a/efi_runtime/efi_runtime.c +++ b/efi_runtime/efi_runtime.c @@ -300,8 +300,13 @@ static long efi_runtime_set_variable(unsigned long arg) return rv; data = kmalloc(psetvariable_local.DataSize, GFP_KERNEL); + if (!data) { + kfree(name); + return -ENOMEM; + } if (copy_from_user(data, psetvariable_local.Data, psetvariable_local.DataSize)) { + kfree(data); kfree(name); return -EFAULT; }
If the allocation of data fails, we must not proceed copying data from the user space. Instead we return with -ENOMEM. Also, while there, free the memory of the variable name in case the copy from user space fails. Reported-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> --- efi_runtime/efi_runtime.c | 5 +++++ 1 file changed, 5 insertions(+)