Age | Commit message (Collapse) | Author | Files | Lines |
|
The main motivation of this patch changing strcpy() to strlcpy().
We strcpy() to copy a 48 byte buffers into a 49 byte buffers. So at
best the last byte has leaked information, or maybe there is an
overflow? Anyway, this patch closes the information leaks by zeroing
the memory and the calls to strlcpy() prevent overflows.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Use memdup_user when user data is immediately copied into the
allocated region.
The semantic patch that makes this change is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
expression from,to,size,flag;
position p;
identifier l1,l2;
@@
- to = \(kmalloc@p\|kzalloc@p\)(size,flag);
+ to = memdup_user(from,size);
if (
- to==NULL
+ IS_ERR(to)
|| ...) {
<+... when != goto l1;
- -ENOMEM
+ PTR_ERR(to)
...+>
}
- if (copy_from_user(to, from, size) != 0) {
- <+... when != goto l2;
- -EFAULT
- ...+>
- }
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
spid has been allocated in this function and so should be freed before
leaving it, as in the other error handling cases.
The semantic match that finds the problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)
@r exists@
expression E,E1;
statement S;
position p1,p2,p3;
@@
E =@p1 \(kmalloc\|kcalloc\|kzalloc\)(...)
... when != E = E1
if (E == NULL || ...) S
... when != E = E1
if@p2 (...) {
... when != kfree(E)
}
... when != E = E1
kfree@p3(E);
@forall@
position r.p2;
expression r.E;
int E1 != 0;
@@
* if@p2 (...) {
... when != kfree(E)
when strict
return E1; }
Signed-off-by: Julia Lawall <julia@diku.dk>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Add proper prototypes in a header file for global code under
drivers/isdn/sc/.
Since the GNU C compiler is now able do tell us that caller and callee
disagreed about the number of arguments of setup_buffers(), this patch
also fixes this bug.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Fix leak of `rcvmsg' in sc_ioctl().
There are two returns in the switch in sc_ioctl (the SCIOCSTART case) that
may leak `rcvmsg'. This patch fixes that by adding a kfree() call at the
beginning of that case.
Bug found by the coverity checker as #1098
Eric Sesterhenn send me a patch to fix the leak(s) by adding 2 kfree()
calls before the returns, I changed that into just a single call at the
beginning.
Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Fix a few memory leaks in drivers/isdn/sc/ioctl.c::sc_ioctl()
Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Acked-by: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
A few lines above the patch we have:
char *srec;
srec = kmalloc(SCIOC_SRECSIZE, GFP_KERNEL);
sizeof pointer is probably not meant here.
Signed-off-by: Domen Puncer <domen@coderock.org>
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
This patch contains the following possible cleanips:
- make some needlessly global code static
- remove the compiled but completely unused debug.c
- remove or #if 0 the following unused global functions:
- command.c: loopback
- command.c: loadproc
- init.c: irq_supported
- packet.c: print_skb
- shmem.c: memset_shmem
- timer.c: trace_timer
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.
Let it rip!
|