Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1756969AbcK2Mv3 (ORCPT <rfc822;w@1wt.eu>);
        Tue, 29 Nov 2016 07:51:29 -0500
Received: from m50-132.163.com ([123.125.50.132]:60851 "EHLO m50-132.163.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752270AbcK2MvW (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 29 Nov 2016 07:51:22 -0500
From: Pan Bian <bianpan2016@163.com>
To: linux-usb@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Pan Bian <bianpan2016@163.com>
Subject: [PATCH 1/1] usb: return correct errno code when krealloc fails
Date: Tue, 29 Nov 2016 20:50:30 +0800
Message-Id: <1480423830-24842-1-git-send-email-bianpan2016@163.com>
X-Mailer: git-send-email 1.9.1
X-CM-TRANSID: DNGowACnM8mzeT1YBh2qHg--.53284S3
X-Coremail-Antispam: 1Uf129KBjvdXoWrKr4xCF17KF1DXF45GFy5CFg_yoWkGwc_WF
        1kZrn7JryxAF15JFyayFZ2yrWjgayUur1xuasaqryfJ3W29F1kG34jvr93Xr47G34FgF9r
        Grn5tFy5u39a9jkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT
        9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUnwqXJUUUUU==
X-Originating-IP: [222.131.246.88]
X-CM-SenderInfo: held01tdqsiiqw6rljoofrz/xtbBUR0xclaDsRKn4wAAs9
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1085
Lines: 29

In function wusb_dev_sec_add(), variable result takes the return value.
Its value should be negative on failures. When function krealloc() is
called, an earlier check of variable result guarantees that the value of
result must not be less than "sizeof(*secd)", and result is not
reassigned when krealloc() returns a NULL pointer. As a result, a
positive value may be returned, which makes it impossible for the caller
of wusb_dev_sec_add() to detect the error. This patch fixes the bug by
assigning -ENOMEM to result when krealloc() returns NULL.

Signed-off-by: Pan Bian <bianpan2016@163.com>
---
 drivers/usb/wusbcore/security.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/usb/wusbcore/security.c b/drivers/usb/wusbcore/security.c
index 8c9421b..170f2c3 100644
--- a/drivers/usb/wusbcore/security.c
+++ b/drivers/usb/wusbcore/security.c
@@ -240,6 +240,7 @@ int wusb_dev_sec_add(struct wusbhc *wusbhc,
 	if (new_secd == NULL) {
 		dev_err(dev,
 			"Can't allocate space for security descriptors\n");
+		result = -ENOMEM;
 		goto out;
 	}
 	secd = new_secd;
-- 
1.9.1