On 08/09/2012 09:54 PM, Sachin Bhamare wrote: > On 8/8/12 10:02 AM, Alexey Khoroshilov wrote: >> There is no memory allocation failure check in uri_store(). >> That can lead to NULL pointer dereference. >> >> Found by Linux Driver Verification project (linuxtesting.org). >> >> Signed-off-by: Alexey Khoroshilov <khoroshi...@ispras.ru> >> --- >> fs/exofs/sys.c | 7 ++++++- >> 1 file changed, 6 insertions(+), 1 deletion(-) >> >> diff --git a/fs/exofs/sys.c b/fs/exofs/sys.c >> index 5a7b691..1b4f2f9 100644 >> --- a/fs/exofs/sys.c >> +++ b/fs/exofs/sys.c >> @@ -80,8 +80,13 @@ static ssize_t uri_show(struct exofs_dev *edp, char *buf) >> >> static ssize_t uri_store(struct exofs_dev *edp, const char *buf, size_t len) >> { >> + uint8_t *new_uri; >> + >> edp->urilen = strlen(buf) + 1; >> - edp->uri = krealloc(edp->uri, edp->urilen, GFP_KERNEL); >> + new_uri = krealloc(edp->uri, edp->urilen, GFP_KERNEL); >> + if (new_uri == NULL) >> + return -ENOMEM; >> + edp->uri = new_uri; >> strncpy(edp->uri, buf, edp->urilen); >> return edp->urilen; >> } > Ack-by : Sachin Bhamare <sbham...@panasas.com>
Has been pushed to linux-next will be included in the next RCX push to Linus. Thanks Boaz -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/