From c0a333d842ef67ac04adc72ff79dc1ccc3dca4ed Mon Sep 17 00:00:00 2001
From: Navid Emamdoost <navid.emamdoost@gmail.com>
Date: Sun, 27 Oct 2019 14:48:47 -0500
Subject: [PATCH] ASoC: SOF: Fix memory leak in sof_dfsentry_write
Git-commit: c0a333d842ef67ac04adc72ff79dc1ccc3dca4ed
Patch-mainline: v5.4-rc7
References: git-fixes, CVE-2019-18812, bsc#1156277
In the implementation of sof_dfsentry_write() memory allocated for
string is leaked in case of an error. Go to error handling path if the
d_name.name is not valid.
Fixes: 091c12e1f50c ("ASoC: SOF: debug: add new debugfs entries for IPC flood test")
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Link: https://lore.kernel.org/r/20191027194856.4056-1-navid.emamdoost@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Acked-by: Takashi Iwai <tiwai@suse.de>
---
sound/soc/sof/debug.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/sound/soc/sof/debug.c
+++ b/sound/soc/sof/debug.c
@@ -150,8 +150,10 @@ static ssize_t sof_dfsentry_write(struct
* in the debugfs entry.
*/
if (strcmp(dfse->dfsentry->d_name.name, "ipc_flood_count") &&
- strcmp(dfse->dfsentry->d_name.name, "ipc_flood_duration_ms"))
- return -EINVAL;
+ strcmp(dfse->dfsentry->d_name.name, "ipc_flood_duration_ms")) {
+ ret = -EINVAL;
+ goto out;
+ }
if (!strcmp(dfse->dfsentry->d_name.name, "ipc_flood_duration_ms"))
flood_duration_test = true;