From 3000c8ab594ea57dc9b436dc3e81462f4d5b7616 Mon Sep 17 00:00:00 2001 From: Hardik Arya Date: Fri, 23 Nov 2018 10:41:41 +0530 Subject: [PATCH] diag: Mark Buffer as NULL after freeing There is a possibility of use-after-free and double free because of not marking buffer as NULL after freeing. The patch marks buffer as NULL after freeing in error case. Change-Id: Iacf8f8a4a4e644f48c87d5445ccd594766f2e156 Signed-off-by: Hardik Arya --- drivers/char/diag/diag_masks.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/char/diag/diag_masks.c b/drivers/char/diag/diag_masks.c index 6e828bca64aa..bb28958412ed 100644 --- a/drivers/char/diag/diag_masks.c +++ b/drivers/char/diag/diag_masks.c @@ -1748,6 +1748,7 @@ static int __diag_mask_init(struct diag_mask_info *mask_info, int mask_len, mask_info->update_buf = kzalloc(update_buf_len, GFP_KERNEL); if (!mask_info->update_buf) { kfree(mask_info->ptr); + mask_info->ptr = NULL; return -ENOMEM; } kmemleak_not_leak(mask_info->update_buf);