kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   7df24046a1510e64670d278fbacd785c50635908
  2.   patches.suse
  3.   iio-imu-adis16400-fix-memory-leak.patch
Blob Blame History Raw 
From 9c0530e898f384c5d279bfcebd8bb17af1105873 Mon Sep 17 00:00:00 2001
From: Navid Emamdoost <navid.emamdoost@gmail.com>
Date: Thu, 19 Sep 2019 10:56:35 -0500
Subject: [PATCH] iio: imu: adis16400: fix memory leak
Git-commit: 9c0530e898f384c5d279bfcebd8bb17af1105873
Patch-mainline: v5.4-rc3
References: CVE-2019-19061 bsc#1157192 bnc#1151927 5.3.9

In adis_update_scan_mode_burst, if adis->buffer allocation fails release
the adis->xfer.

Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Reviewed-by: Alexandru Ardelean <alexandru.ardelean@analog.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Acked-by: Takashi Iwai <tiwai@suse.de>

---
 drivers/iio/imu/adis_buffer.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/iio/imu/adis_buffer.c b/drivers/iio/imu/adis_buffer.c
index f446ff497809..4998a89d083d 100644
--- a/drivers/iio/imu/adis_buffer.c
+++ b/drivers/iio/imu/adis_buffer.c
@@ -35,8 +35,11 @@ static int adis_update_scan_mode_burst(struct iio_dev *indio_dev,
 		return -ENOMEM;
 
 	adis->buffer = kzalloc(burst_length + sizeof(u16), GFP_KERNEL);
-	if (!adis->buffer)
+	if (!adis->buffer) {
+		kfree(adis->xfer);
+		adis->xfer = NULL;
 		return -ENOMEM;
+	}
 
 	tx = adis->buffer + burst_length;
 	tx[0] = ADIS_READ_REG(adis->burst->reg_cmd);
-- 
2.16.4
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.