On Wed, Mar 12, 2014 at 6:34 AM, Liu Shuo <[email protected]> wrote: > From: Liu ShuoX <[email protected]> > > After sucessful decompressing, the buffer which pointed by 'buf' will be > lost as 'buf' is overwrite by 'big_oops_buf' and will never be freed. > Signed-off-by: Liu ShuoX <[email protected]>
Thanks again! Acked-by: Kees Cook <[email protected]> -Kees > --- > fs/pstore/platform.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/fs/pstore/platform.c b/fs/pstore/platform.c > index 78c3c20..46d269e 100644 > --- a/fs/pstore/platform.c > +++ b/fs/pstore/platform.c > @@ -497,6 +497,7 @@ void pstore_get_records(int quiet) > big_oops_buf_sz); > > if (unzipped_len > 0) { > + kfree(buf); > buf = big_oops_buf; > size = unzipped_len; > compressed = false; > -- > 1.8.3.2 > -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
