Received: by 10.192.165.148 with SMTP id m20csp3675547imm; Mon, 23 Apr 2018 10:22:43 -0700 (PDT) X-Google-Smtp-Source: AIpwx49rKpN6KJGWmvy8AWGBUGVD16omLXCHuYoIyRs+7cNsDidSaQHj37tnT401bWeGuFbh4yfI X-Received: by 10.98.54.134 with SMTP id d128mr20718462pfa.39.1524504163242; Mon, 23 Apr 2018 10:22:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524504163; cv=none; d=google.com; s=arc-20160816; b=L7XLxRIP0AVTMN7MJ1MOhRngEKGGOP/8j4BRJ5AN0kDeV3muZgkhNwc3g0YhFsRSCH fndVOHhgTRNIsgaSLfv6t3acrOvHk50j/F5OQf2P5qfyyu6vxUJ3gZT9RqxMoEaTeWjt bLuQcFTMmc4AVsX0jnDEOnqaX+5ztKcYf2rMRvUT8zoh/zviRMBGXWDn+GAJHKG4ZWH7 AZ6+alwmvJz/w/0fcN7mwU2u7UScvmG/BkBnffvtAT/+EqqWCiobhasz45atrv9OBaUK d7PiH+RScxF8ez1sMVOuDWtF6tmADVm3n9Zr7fsvTWCfKKeFIKwyG3+L0oEsOUoZfRqK fI3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=HzHrQRlVuj3bW05OGwUabgjNt8M7YSi7TF65unWm5vw=; b=E+EJNyRtmcgXiohOts7NaKzXEOY2QdGgvcyGgVjjdrAnQ526ag17YdHAkYYlP+6o77 dd6ezYFGNJZ9/3zrdl7tBRif9R9JUVrTa8jlIiT1flcAmZKFmyJG0HqKkqEyCkHk/TzT RaM5LgMNIlmVC4JHKHpgaUI0qiqnZpDwhy/nZAzYaIx3zch+wzo29qTQyefSc8ir8Cmo aOuiLXMMyxSZwn8NkySiKSWKw+v7sXiuvlt67cDckABrn1LdhGJsC+hMe2FCLMhVff6y lQ0spMUiq3WfaEQQ6Fn3LAu0uofHUV0bg+Z03k/Urm6vrDeuDpTDNx4IUCkzu9P7cueE tWAQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=OYroK1H8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 71-v6si12280948plb.511.2018.04.23.10.22.26; Mon, 23 Apr 2018 10:22:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=OYroK1H8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755789AbeDWRVE (ORCPT + 99 others); Mon, 23 Apr 2018 13:21:04 -0400 Received: from mail-lf0-f54.google.com ([209.85.215.54]:38399 "EHLO mail-lf0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755643AbeDWRVB (ORCPT ); Mon, 23 Apr 2018 13:21:01 -0400 Received: by mail-lf0-f54.google.com with SMTP id z130-v6so16152815lff.5 for ; Mon, 23 Apr 2018 10:21:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=HzHrQRlVuj3bW05OGwUabgjNt8M7YSi7TF65unWm5vw=; b=OYroK1H8LBPUNqJOwEnHsOuhj7aehDsN4g3QRe/Lfo8WJ60G0oBHLMQRaNMRPZxUz/ 9/a5xw2gY+G4vk/iIGYRzy+WwEqDP88y3m6A0EgOYVXreB/l+IXcKuyV9my10NXBMJDS q51BiptE8FD/WvxbERlEgXJFL1OgS7LHo4wpQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=HzHrQRlVuj3bW05OGwUabgjNt8M7YSi7TF65unWm5vw=; b=M3Czv5W81gmDu7qUwcnBqrhr1Ckupo84sjgHgRmNL7xQi3WEFgX4qE9oIXro45LvXJ mPXF9V5cHy3SIrPBWDtqZuAn9IHWZhfvWDe7SjpZFmXxOOMKubFj0fodSp041WBLqSrw J+R8KMtf59uOlD++O2U/0XH42ctqAynMhQB5Tgcj5RFqcDbBcUZbBYiKiuiFL5uk7WeR qkVeYgzB2jGZPWk9s+YV5b4H5oiTwqsnbEsgKoD2wd1+dhm814dwNyWUHFuI5Jr2+QIO XENJYd2qgGgivEZMPVPJNZDGqV6oe9cUyZsWA5siBdJCK1IeKkVSFcx9+DvppuiV+r6e 0ffQ== X-Gm-Message-State: ALQs6tD9kZLtyMHrc0UbrexLCZ1W7vvJvX1fuHBLBjIJ8hHT02S60ftp +oDgWsBbtXWmggeXH7SGzMzzi3oDUcqHfu3HUSzWpg== X-Received: by 10.46.73.73 with SMTP id b9mr6869011ljd.118.1524504059704; Mon, 23 Apr 2018 10:20:59 -0700 (PDT) MIME-Version: 1.0 Received: by 10.46.45.1 with HTTP; Mon, 23 Apr 2018 10:20:19 -0700 (PDT) In-Reply-To: <1524227986.21176.467.camel@linux.intel.com> References: <1524045904-7005-1-git-send-email-amit.pundir@linaro.org> <1524045904-7005-3-git-send-email-amit.pundir@linaro.org> <1524227986.21176.467.camel@linux.intel.com> From: Amit Pundir Date: Mon, 23 Apr 2018 22:50:19 +0530 Message-ID: Subject: Re: [RESEND][PATCH 2/4] NFC: st21nfca: Fix memory OOB and leak issues in connectivity events handler To: Andy Shevchenko Cc: lkml , linux-wireless@vger.kernel.org, Samuel Ortiz , Christophe Ricard , Greg KH , John Stultz , Dmitry Shmidt , Todd Kjos , Android Kernel Team , Suren Baghdasaryan Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 20 April 2018 at 18:09, Andy Shevchenko wrote: > On Wed, 2018-04-18 at 15:35 +0530, Amit Pundir wrote: > >> if (skb->data[transaction->aid_len + 2] != >> - NFC_EVT_TRANSACTION_PARAMS_TAG) >> + NFC_EVT_TRANSACTION_PARAMS_TAG || >> + skb->len < transaction->aid_len + transaction- >> >params_len + 4) { > >> + devm_kfree(dev, transaction); > > Oh, no. > > This is not memory leak per se, this is bad choice of devm_ API where it > should use plain kmalloc() / kfree(). > Hi, If I switch to kmalloc()/kfree() with allocation and may be pre-usage checks along the way up to nfc_genl_se_transaction() would that suffice? I believe, I still be needing the additional aid_len and params_len checks regardless, right? Regards, Amit Pundir >> return -EPROTO; >> + } > > -- > Andy Shevchenko > Intel Finland Oy