提交 a07b862c 编写于 作者: M Mark Langsdorf 提交者: Zheng Zengkai

ACPI: custom_method: fix a possible memory leak

stable inclusion
from stable-5.10.36
commit d11fdbee28afcf580f6720981d36ca60357c1d6c
bugzilla: 51867
CVE: NA

--------------------------------

commit 1cfd8956 upstream.

In cm_write(), if the 'buf' is allocated memory but not fully consumed,
it is possible to reallocate the buffer without freeing it by passing
'*ppos' as 0 on a subsequent call.

Add an explicit kfree() before kzalloc() to prevent the possible memory
leak.

Fixes: 526b4af4 ("ACPI: Split out custom_method functionality into an own driver")
Signed-off-by: NMark Langsdorf <mlangsdo@redhat.com>
Cc: 5.4+ <stable@vger.kernel.org> # 5.4+
Signed-off-by: NRafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: NChen Jun <chenjun102@huawei.com>
Acked-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
上级 ecde1a3e
...@@ -42,6 +42,8 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf, ...@@ -42,6 +42,8 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
sizeof(struct acpi_table_header))) sizeof(struct acpi_table_header)))
return -EFAULT; return -EFAULT;
uncopied_bytes = max_size = table.length; uncopied_bytes = max_size = table.length;
/* make sure the buf is not allocated */
kfree(buf);
buf = kzalloc(max_size, GFP_KERNEL); buf = kzalloc(max_size, GFP_KERNEL);
if (!buf) if (!buf)
return -ENOMEM; return -ENOMEM;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册