[X/A/B/C][PATCH 0/1] CVE-2018-8087

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[X/A/B/C][PATCH 0/1] CVE-2018-8087

Khaled Elmously
Clean cherry-pick


weiyongjun (A) (1):
  mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()

 drivers/net/wireless/mac80211_hwsim.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--
2.17.0


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[X/A/B/C][PATCH 1/1] mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()

Khaled Elmously
From: "weiyongjun (A)" <[hidden email]>

CVE-2018-8087

'hwname' is malloced in hwsim_new_radio_nl() and should be freed
before leaving from the error handling cases, otherwise it will cause
memory leak.

Fixes: ff4dd73dd2b4 ("mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length")
Signed-off-by: Wei Yongjun <[hidden email]>
Reviewed-by: Ben Hutchings <[hidden email]>
Signed-off-by: Johannes Berg <[hidden email]>
(cherry-picked from 0ddcff49b672239dda94d70d0fcf50317a9f4b51)
Signed-off-by: Khalid Elmously <[hidden email]>
---
 drivers/net/wireless/mac80211_hwsim.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
index 6467ffac9811..d2ab96863fce 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -3142,8 +3142,10 @@ static int hwsim_new_radio_nl(struct sk_buff *msg, struct genl_info *info)
  if (info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]) {
  u32 idx = nla_get_u32(info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]);
 
- if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom))
+ if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom)) {
+ kfree(hwname);
  return -EINVAL;
+ }
  param.regd = hwsim_world_regdom_custom[idx];
  }
 
--
2.17.0


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [X/A/B/C][PATCH 0/1] CVE-2018-8087

Po-Hsu Lin (Sam)
In reply to this post by Khaled Elmously
Clean cherry-pick.
Acked-by: Po-Hsu Lin <[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[Acked] [X/A/B/C][PATCH 1/1] mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()

Andy Whitcroft-3
In reply to this post by Khaled Elmously
On Mon, May 14, 2018 at 01:42:03AM -0400, Khalid Elmously wrote:

> From: "weiyongjun (A)" <[hidden email]>
>
> CVE-2018-8087
>
> 'hwname' is malloced in hwsim_new_radio_nl() and should be freed
> before leaving from the error handling cases, otherwise it will cause
> memory leak.
>
> Fixes: ff4dd73dd2b4 ("mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length")
> Signed-off-by: Wei Yongjun <[hidden email]>
> Reviewed-by: Ben Hutchings <[hidden email]>
> Signed-off-by: Johannes Berg <[hidden email]>
> (cherry-picked from 0ddcff49b672239dda94d70d0fcf50317a9f4b51)
> Signed-off-by: Khalid Elmously <[hidden email]>
> ---
>  drivers/net/wireless/mac80211_hwsim.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
> index 6467ffac9811..d2ab96863fce 100644
> --- a/drivers/net/wireless/mac80211_hwsim.c
> +++ b/drivers/net/wireless/mac80211_hwsim.c
> @@ -3142,8 +3142,10 @@ static int hwsim_new_radio_nl(struct sk_buff *msg, struct genl_info *info)
>   if (info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]) {
>   u32 idx = nla_get_u32(info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]);
>  
> - if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom))
> + if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom)) {
> + kfree(hwname);
>   return -EINVAL;
> + }
>   param.regd = hwsim_world_regdom_custom[idx];
>   }
>  
> --
> 2.17.0
>
>
> --
> kernel-team mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

Clean cherry-pick, looks to do what is claimed.

Acked-by: Andy Whitcroft <[hidden email]>

-apw

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

APPLIED[X/A/B]: [X/A/B/C][PATCH 0/1] CVE-2018-8087

Kleber Souza
In reply to this post by Khaled Elmously
On 05/14/18 07:42, Khalid Elmously wrote:
> Clean cherry-pick
>
>
> weiyongjun (A) (1):
>   mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
>
>  drivers/net/wireless/mac80211_hwsim.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>

Applied to xenial/master-next, artful/master-next and bionic/master-next
branches.

Thanks,
Kleber

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team