[systemd-devel] [PATCH v2 6/7] connection: fix user quota accounting corruption
Djalal Harouni
tixxdz at opendz.org
Wed Jul 30 13:11:57 PDT 2014
First use kzalloc to allocate the users array, so we do not reference
unintialized values.
And free the old conn->msg_users array not the newly allocated 'users'
one.
Patch tested, and users will hit the KDBUS_CONN_MAX_MSGS_PER_USER limit
and fail with -ENOBUFS
Signed-off-by: Djalal Harouni <tixxdz at opendz.org>
---
connection.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/connection.c b/connection.c
index 8838029..3cd84ce 100644
--- a/connection.c
+++ b/connection.c
@@ -636,13 +636,13 @@ static int kdbus_conn_queue_user_quota(struct kdbus_conn *conn,
unsigned int i;
i = 8 + KDBUS_ALIGN8(user);
- users = kmalloc(sizeof(unsigned int) * i, GFP_KERNEL);
+ users = kzalloc(sizeof(unsigned int) * i, GFP_KERNEL);
if (!users)
return -ENOMEM;
memcpy(users, conn->msg_users,
sizeof(unsigned int) * conn->msg_users_max);
- kfree(users);
+ kfree(conn->msg_users);
conn->msg_users = users;
conn->msg_users_max = i;
}
--
1.9.3
More information about the systemd-devel
mailing list