usb: return correct errno code when krealloc fails

In function wusb_dev_sec_add(), variable result takes the return value. Its value should be negative on failures. When function krealloc() is called, an earlier check of variable result guarantees that the value of result must not be less than "sizeof(*secd)", and result is not reassigned when krealloc() returns a NULL pointer. As a result, a positive value may be returned, which makes it impossible for the caller of wusb_dev_sec_add() to detect the error. This patch fixes the bug by assigning -ENOMEM to result when krealloc() returns NULL. Signed-off-by: Pan Bian <bianpan2016@163.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

usb: return correct errno code when krealloc fails
In function wusb_dev_sec_add(), variable result takes the return value. Its value should be negative on failures. When function krealloc() is called, an earlier check of variable result guarantees that the value of result must not be less than "sizeof(*secd)", and result is not reassigned when krealloc() returns a NULL pointer. As a result, a positive value may be returned, which makes it impossible for the caller of wusb_dev_sec_add() to detect the error. This patch fixes the bug by assigning -ENOMEM to result when krealloc() returns NULL. Signed-off-by: Pan Bian <bianpan2016@163.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fca0ca95 · Pan Bian · Greg Kroah-Hartman · fd3ed14e · fca0ca95
Commit fca0ca95 authored Nov 29, 2016 by Pan Bian Committed by Greg Kroah-Hartman Nov 29, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

drivers/usb/wusbcore/security.c drivers/usb/wusbcore/security.c +1 -0

No files found.
--- a/drivers/usb/wusbcore/security.c
+++ b/drivers/usb/wusbcore/security.c
@@ -240,6 +240,7 @@ int wusb_dev_sec_add(struct wusbhc *wusbhc,
 	if (new_secd == NULL) {
 		dev_err(dev,
 			"Can't allocate space for security descriptors\n");
+		result = -ENOMEM;
 		goto out;
 	}
 	secd = new_secd;