Received: by 10.192.165.148 with SMTP id m20csp477752imm; Fri, 20 Apr 2018 09:46:35 -0700 (PDT) X-Google-Smtp-Source: AIpwx48xRhYUMtvkj0d/Rqt9gKOvyxwC01+LyYoOqP5946ai4QuFVTrjIK0lBWibn7D3lNpm6F2x X-Received: by 10.98.234.13 with SMTP id t13mr10461772pfh.56.1524242795406; Fri, 20 Apr 2018 09:46:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524242795; cv=none; d=google.com; s=arc-20160816; b=TVhrmeoNshCaePvUxKECoKE6xTaqZHQeSOGiFW5yFQG7nic7KjdaltKc8CM6CW4LvD yypieQawSw/vnOzbTdRJgXwrxB7eScUl38cTwPlQ1c3YHTf96PJXlFUhP+2u+wo7+0mq aWqb+YkXgcnHvNgfQkL3QqIfm9smE/syuvK8CDIwFgVuwF9cbsRqpvNxY98PLS9MmTui rru52VsQPcSvk7zo4HJHgv4E7SOaHH+JOjHaJXPz99en/cuvaGGxp3yJtMA11RCLsZni pgIcmD8tT7tKWCkKL8BI8YqePN6hQoXCrMkH4gr9cwLKYksgdvJendsDqOBSKbVRjKD5 nexQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-signature :arc-authentication-results; bh=rg3kuljOeH3qq5cOJA1pHMrmASbk8HlMownpyqHx0VM=; b=LpRCealwM58znyabnZLD0vaxGe836Mg4j2JsyeT7bRLvIC59UxzZRVuf/Rb4YJgQnw cZ8hUeSSfxlueb/tiMKdZ0VaAvulK3pWcpIVBuwsnJ4LxCY8SjH6zC0bUhAOYaB+YAMC 1Pm/T+4iloUwmBgW+cBaIEtlPh/kzh7knv7JwiLY2anVm1CKdLiIf1SDQx+14ecdq+iG n6luPyevqtnYirhzgPlbBqUueWIl55gt2Di9yRGLt5WynSYrvqsmA37MoN9tai4H4oaF rVsFxocEWVZ30zQxiAkNtxViXoHRdARZX1QnON/IznUVhH8N9Zq6CeuRz3PPp32bPQym RCVw== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@animalcreek.com header.s=mesmtp header.b=mzlj4lvs; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=KlQuJnmw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u9-v6si6380683plk.516.2018.04.20.09.46.20; Fri, 20 Apr 2018 09:46:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@animalcreek.com header.s=mesmtp header.b=mzlj4lvs; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=KlQuJnmw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752634AbeDTQpM (ORCPT + 99 others); Fri, 20 Apr 2018 12:45:12 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:46115 "EHLO out3-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750972AbeDTQpK (ORCPT ); Fri, 20 Apr 2018 12:45:10 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 6880021BA9; Fri, 20 Apr 2018 12:45:10 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Fri, 20 Apr 2018 12:45:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=animalcreek.com; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= mesmtp; bh=rg3kuljOeH3qq5cOJA1pHMrmASbk8HlMownpyqHx0VM=; b=mzlj4 lvsc+2CyYG2AXDbpqBFUMXbo/TX7MtPCZ3OaT/iFep1jW4gIEpAWrbgVhE7IMSD1 k08jsS91i9AIf0TxN2rCnNrRkBLFBWiGlMrX7Asur3U5277Q8AjLsEbYmzvGIqE8 kh5vGrddhwqdjmkyja8ZSDzIr5kUWsYC67TkNk= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=rg3kuljOeH3qq5cOJA1pHMrmASbk8 HlMownpyqHx0VM=; b=KlQuJnmwR/jsFJPgQiWx0+W8WSHF/HFYg5UTPnweC0n4T T/DLKFPUTUpJBiO/wy0gasAp0Iw9pENZzUX2tNxm6NzsglwTYzr0AJNFC6wdCGt0 knkDizc2QXuLt045SPVVgZmVgEwT715mDcizPvWBJagU9K6m29gV3dQqPy2Vqv0A 6BXHKscvPkawM+vp+0tUxWcVXvopGnR9UVSz8K+uRSdFNWyzYskQ92s0o6nCeILx +EcaceN/0a4ROV81hL5qhxQeXyDmgQpJaOBbSS3TDwOj+9WDPtA+xup8jwgjIKcY NDbpLW7DlJGHfR/pvmtmdsI3J6oubodvhgnXyJdWA== X-ME-Sender: Received: from blue.animalcreek.com (ip68-3-119-204.ph.ph.cox.net [68.3.119.204]) by mail.messagingengine.com (Postfix) with ESMTPA id 0B48D10260; Fri, 20 Apr 2018 12:45:10 -0400 (EDT) Received: by blue.animalcreek.com (Postfix, from userid 1000) id D4C21A20958; Fri, 20 Apr 2018 09:45:07 -0700 (MST) Date: Fri, 20 Apr 2018 09:45:07 -0700 From: Mark Greer To: Andy Shevchenko Cc: Amit Pundir , lkml , linux-wireless@vger.kernel.org, Samuel Ortiz , Christophe Ricard , Greg KH , John Stultz , Dmitry Shmidt , Todd Kjos , Android Kernel Team , Suren Baghdasaryan Subject: Re: [RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues in connectivity events handler Message-ID: <20180420164507.GA22666@animalcreek.com> References: <1524045904-7005-1-git-send-email-amit.pundir@linaro.org> <1524045904-7005-3-git-send-email-amit.pundir@linaro.org> <1524227986.21176.467.camel@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1524227986.21176.467.camel@linux.intel.com> Organization: Animal Creek Technologies, Inc. User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 20, 2018 at 03:39:46PM +0300, Andy Shevchenko wrote: > On Wed, 2018-04-18 at 15:35 +0530, Amit Pundir wrote: > > > if (skb->data[transaction->aid_len + 2] != > > - NFC_EVT_TRANSACTION_PARAMS_TAG) > > + NFC_EVT_TRANSACTION_PARAMS_TAG || > > + skb->len < transaction->aid_len + transaction- > > >params_len + 4) { > > > + devm_kfree(dev, transaction); > > Oh, no. > > This is not memory leak per se, this is bad choice of devm_ API where it > should use plain kmalloc() / kfree(). Also, there is no check to see if the allocation worked at all. Mark --