lkdtm: fix memory leak of base

This case is supposed to read from a memory after it has been freed, but we missed freeing base if the memory 'val' could not be allocated. Signed-off-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk> Signed-off-by: Kees Cook <keescook@chromium.org>

lkdtm: fix memory leak of base
This case is supposed to read from a memory after it has been freed, but we missed freeing base if the memory 'val' could not be allocated. Signed-off-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk> Signed-off-by: Kees Cook <keescook@chromium.org>
d2e10088 · Sudip Mukherjee · Kees Cook · 50fbd977 · d2e10088
Commit d2e10088 authored Apr 05, 2016 by Sudip Mukherjee Committed by Kees Cook Apr 06, 2016
Show whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

drivers/misc/lkdtm.c drivers/misc/lkdtm.c +3 -1

No files found.
--- a/drivers/misc/lkdtm.c
+++ b/drivers/misc/lkdtm.c
@@ -458,8 +458,10 @@ static void lkdtm_do_action(enum ctype which)
 			break;
 		val = kmalloc(len, GFP_KERNEL);
-		if (!val)
+		if (!val) {
+			kfree(base);
 			break;
+		}
 		*val = 0x12345678;
 		base[offset] = *val;