diff options
| author | Sudip Mukherjee <sudipm.mukherjee@gmail.com> | 2016-04-05 13:11:06 -0400 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2016-04-06 19:22:24 -0400 |
| commit | d2e10088ce01191748857296999b8c24a9a51959 (patch) | |
| tree | 9c063da5fdfe44ae4e3ecc8714b89dc69ce2937c | |
| parent | 50fbd977733d1cbafe75baf4b50424434dcfea8c (diff) | |
lkdtm: fix memory leak of base
This case is supposed to read from a memory after it has been freed,
but we missed freeing base if the memory 'val' could not be allocated.
Signed-off-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
Signed-off-by: Kees Cook <keescook@chromium.org>
| -rw-r--r-- | drivers/misc/lkdtm.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c index 2f0b02248761..5b3a63c87ec9 100644 --- a/drivers/misc/lkdtm.c +++ b/drivers/misc/lkdtm.c | |||
| @@ -458,8 +458,10 @@ static void lkdtm_do_action(enum ctype which) | |||
| 458 | break; | 458 | break; |
| 459 | 459 | ||
| 460 | val = kmalloc(len, GFP_KERNEL); | 460 | val = kmalloc(len, GFP_KERNEL); |
| 461 | if (!val) | 461 | if (!val) { |
| 462 | kfree(base); | ||
| 462 | break; | 463 | break; |
| 464 | } | ||
| 463 | 465 | ||
| 464 | *val = 0x12345678; | 466 | *val = 0x12345678; |
| 465 | base[offset] = *val; | 467 | base[offset] = *val; |