diff options
author | Sudip Mukherjee <sudipm.mukherjee@gmail.com> | 2016-04-05 22:41:06 +0530 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2016-04-06 16:22:24 -0700 |
commit | d2e10088ce01191748857296999b8c24a9a51959 (patch) | |
tree | 9c063da5fdfe44ae4e3ecc8714b89dc69ce2937c | |
parent | 50fbd977733d1cbafe75baf4b50424434dcfea8c (diff) | |
download | op-kernel-dev-d2e10088ce01191748857296999b8c24a9a51959.zip op-kernel-dev-d2e10088ce01191748857296999b8c24a9a51959.tar.gz |
lkdtm: fix memory leak of base
This case is supposed to read from a memory after it has been freed,
but we missed freeing base if the memory 'val' could not be allocated.
Signed-off-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
Signed-off-by: Kees Cook <keescook@chromium.org>
-rw-r--r-- | drivers/misc/lkdtm.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c index 2f0b022..5b3a63c 100644 --- a/drivers/misc/lkdtm.c +++ b/drivers/misc/lkdtm.c @@ -458,8 +458,10 @@ static void lkdtm_do_action(enum ctype which) break; val = kmalloc(len, GFP_KERNEL); - if (!val) + if (!val) { + kfree(base); break; + } *val = 0x12345678; base[offset] = *val; |