From patchwork Mon Aug 8 09:40:27 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ivan Hu X-Patchwork-Id: 656625 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id 3s7C8L5Kr5z9s5l; Mon, 8 Aug 2016 19:40:50 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1bWh3A-0000jF-TX; Mon, 08 Aug 2016 09:40:48 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1bWh35-0000i0-HZ for fwts-devel@lists.ubuntu.com; Mon, 08 Aug 2016 09:40:43 +0000 Received: from [175.181.155.247] (helo=canonical.com) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1bWh34-0005CJ-NS; Mon, 08 Aug 2016 09:40:43 +0000 From: Ivan Hu To: fwts-devel@lists.ubuntu.com Subject: [PATCH 3/4] efi_runtime: fix memory leak of capsulecaps function Date: Mon, 8 Aug 2016 17:40:27 +0800 Message-Id: <1470649228-15522-3-git-send-email-ivan.hu@canonical.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1470649228-15522-1-git-send-email-ivan.hu@canonical.com> References: <1470649228-15522-1-git-send-email-ivan.hu@canonical.com> X-BeenThere: fwts-devel@lists.ubuntu.com X-Mailman-Version: 2.1.14 Precedence: list List-Id: Firmware Test Suite Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: fwts-devel-bounces@lists.ubuntu.com Sender: fwts-devel-bounces@lists.ubuntu.com Signed-off-by: Ivan Hu Acked-by: Alex Hung Acked-by: Colin Ian King --- efi_runtime/efi_runtime.c | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c index 8c77c77..57d4350 100644 --- a/efi_runtime/efi_runtime.c +++ b/efi_runtime/efi_runtime.c @@ -579,6 +579,7 @@ static long efi_runtime_query_capsulecaps(unsigned long arg) efi_status_t status; uint64_t max_size; int i, reset_type; + int rv; u_caps = (struct efi_querycapsulecapabilities __user *)arg; @@ -597,11 +598,15 @@ static long efi_runtime_query_capsulecaps(unsigned long arg) * obtain the address of the capsule as it resides in the * user space */ - if (get_user(c, caps.capsule_header_array + i)) - return -EFAULT; + if (get_user(c, caps.capsule_header_array + i)) { + rv = -EFAULT; + goto err_exit; + } if (copy_from_user(&capsules[i], c, - sizeof(efi_capsule_header_t))) - return -EFAULT; + sizeof(efi_capsule_header_t))) { + rv = -EFAULT; + goto err_exit; + } } caps.capsule_header_array = &capsules; @@ -611,19 +616,32 @@ static long efi_runtime_query_capsulecaps(unsigned long arg) caps.capsule_count, &max_size, &reset_type); - if (put_user(status, caps.status)) - return -EFAULT; + if (put_user(status, caps.status)) { + rv = -EFAULT; + goto err_exit; + } - if (put_user(max_size, caps.maximum_capsule_size)) - return -EFAULT; + if (put_user(max_size, caps.maximum_capsule_size)) { + rv = -EFAULT; + goto err_exit; + } - if (put_user(reset_type, caps.reset_type)) - return -EFAULT; + if (put_user(reset_type, caps.reset_type)) { + rv = -EFAULT; + goto err_exit; + } - if (status != EFI_SUCCESS) - return -EINVAL; + if (status != EFI_SUCCESS) { + rv = -EINVAL; + goto err_exit; + } + kfree(capsules); return 0; + +err_exit: + kfree(capsules); + return rv; } #endif