linux/drivers
Kieran Bingham 517a5460a9 Bluetooth: btmrvl: skb resource leak, and double free.
if btmrvl_tx_pkt() is called, and the branch
  if (skb_headroom(skb) < BTM_HEADER_LEN)
evaluates positive, a new skb is allocated via skb_realloc_headroom.

The original skb is stored in a tmp variable, before being free'd.
However on success, the new skb, is not free'd, nor is it
returned to the caller which will then double-free the original skb.

This issue exists from the original driver submission in
 commit: #132ff4e5fa8dfb71a7d99902f88043113947e972

If this code path had been alive, it would have been noted from the
double-free causing a panic.

All skb's here should be allocated through bt_skb_alloc which
adds 8 bytes as headroom, which is plenty against the 4 bytes
pushed on by this driver.

This code path is dead, and buggy at the same time, so the cleanest
approach is to remove the affected branch.

Reported by coverity (CID 113422)

Signed-off-by: Kieran Bingham <kieranbingham@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2015-09-17 13:20:02 +02:00
..
accessibility
acpi IPMI updates for 4.3 2015-09-08 18:19:17 -07:00
amba
android mm: mark most vm_operations_struct const 2015-09-10 13:29:01 -07:00
ata Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2015-09-03 16:55:55 -07:00
atm
auxdisplay
base Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-09-10 13:53:15 -07:00
bcma
block xen: MFN/GFN/BFN terminology changes for 4.3-rc0 2015-09-10 16:21:11 -07:00
bluetooth Bluetooth: btmrvl: skb resource leak, and double free. 2015-09-17 13:20:02 +02:00
bus regmap: Changes for v4.3 2015-09-08 16:48:55 -07:00
cdrom
char IPMI updates for 4.3 2015-09-08 18:19:17 -07:00
clk ARM: SoC: late fixes and dependencies 2015-09-10 17:59:04 -07:00
clocksource - New Device Support 2015-09-04 11:35:03 -07:00
connector
cpufreq ARM: SoC: late fixes and dependencies 2015-09-10 17:59:04 -07:00
cpuidle Merge branch 'for-linus' of git://ftp.arm.linux.org.uk/~rmk/linux-arm 2015-09-03 16:27:01 -07:00
crypto drivers/crypto/qat: use seq_hex_dump() to dump buffers 2015-09-10 13:29:01 -07:00
dca
devfreq
dio
dma dmaengine updates for 4.3-rc1 2015-09-04 11:10:18 -07:00
dma-buf
edac Minor stuff: AMD MCE decoding correction and xgene_edac cleanup. 2015-09-01 18:34:22 -07:00
eisa
extcon regulator: Updates for v4.3 2015-08-31 15:49:19 -07:00
firewire
firmware kexec: split kexec_load syscall from kexec core code 2015-09-10 13:29:01 -07:00
fmc
gpio Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2015-09-04 15:49:32 -07:00
gpu Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux 2015-09-11 09:35:56 -07:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-09-04 12:02:11 -07:00
hsi mm: mark most vm_operations_struct const 2015-09-10 13:29:01 -07:00
hv
hwmon
hwspinlock
hwtracing/coresight
i2c Merge branch 'i2c/for-4.3' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2015-09-08 16:16:26 -07:00
ide
idle
iio This is the bulk of GPIO changes for the v4.3 kernel cycle: 2015-09-04 10:07:45 -07:00
infiniband mm: mark most vm_operations_struct const 2015-09-10 13:29:01 -07:00
input xen: MFN/GFN/BFN terminology changes for 4.3-rc0 2015-09-10 16:21:11 -07:00
iommu IOMMU Updates for Linux v4.3 2015-09-08 17:22:35 -07:00
ipack
irqchip Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-09-08 11:36:56 -07:00
isdn libnvdimm for 4.3: 2015-09-08 14:35:59 -07:00
leds - Stop using LP855X Platform Data to control regulators 2015-09-04 11:40:40 -07:00
lguest
macintosh powerpc updates for 4.3 2015-09-03 16:41:38 -07:00
mailbox Merge branch 'mailbox-for-next' of git://git.linaro.org/landing-teams/working/fujitsu/integration 2015-09-05 18:11:04 -07:00
mcb
md md updates for 4.3 2015-09-05 17:52:22 -07:00
media mm: mark most vm_operations_struct const 2015-09-10 13:29:01 -07:00
memory IOMMU Updates for Linux v4.3 2015-09-08 17:22:35 -07:00
memstick
message
mfd Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2015-09-04 15:49:32 -07:00
misc mm: mark most vm_operations_struct const 2015-09-10 13:29:01 -07:00
mmc MMC core: 2015-09-08 16:33:16 -07:00
mtd MTD updates #2 for 4.3-rc1: 2015-09-09 11:17:33 -07:00
net net: fix cdc-phonet.c dependency and build error 2015-09-16 11:51:19 -07:00
nfc This is the bulk of GPIO changes for the v4.3 kernel cycle: 2015-09-04 10:07:45 -07:00
ntb
nubus
nvdimm libnvdimm for 4.3: 2015-09-08 14:35:59 -07:00
nvmem
of Merge branch 'i2c/for-4.3' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2015-09-08 16:16:26 -07:00
oprofile
parisc parisc: use seq_hex_dump() to dump buffers 2015-09-10 13:29:01 -07:00
parport
pci kexec: split kexec_load syscall from kexec core code 2015-09-10 13:29:01 -07:00
pcmcia pcmcia: soc_common: remove skt_dev_info's clk pointer 2015-09-03 16:01:03 +01:00
perf
phy This is the bulk of GPIO changes for the v4.3 kernel cycle: 2015-09-04 10:07:45 -07:00
pinctrl This is the bulk of pin control changes for the v4.3 development 2015-09-04 10:22:09 -07:00
platform platform-drivers-x86 for 4.3-1 2015-09-08 16:26:18 -07:00
pnp
power Power management and ACPI material for v4.3-rc1 2015-09-01 19:45:46 -07:00
powercap powercap / RAPL: disable the 2nd power limit properly 2015-08-29 01:46:40 +02:00
pps
ps3
ptp
pwm pwm: Changes for v4.3-rc1 2015-09-09 10:55:32 -07:00
rapidio
ras
regulator regmap: Changes for v4.3 2015-09-08 16:48:55 -07:00
remoteproc
reset reset: ath79: Fix missing spin_lock_init 2015-09-01 14:48:40 +02:00
rpmsg
rtc rtc: abx80x: fix RTC write bit 2015-09-05 19:37:31 +02:00
s390 drivers/s390/crypto/zcrypt_api.c: use seq_hex_dump() to dump buffers 2015-09-10 13:29:01 -07:00
sbus
scsi xen: MFN/GFN/BFN terminology changes for 4.3-rc0 2015-09-10 16:21:11 -07:00
sfi
sh
sn
soc ARM: SoC: late fixes and dependencies 2015-09-10 17:59:04 -07:00
spi Merge remote-tracking branches 'spi/topic/ti-qspi', 'spi/topic/xcomm' and 'spi/topic/xlp' into spi-next 2015-08-31 14:45:45 +01:00
spmi Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-09-01 14:33:35 -07:00
ssb
staging mm: mark most vm_operations_struct const 2015-09-10 13:29:01 -07:00
target Merge branch 'for-4.3/sg' of git://git.kernel.dk/linux-block 2015-09-02 13:22:38 -07:00
tc
thermal regmap: Changes for v4.3 2015-09-08 16:48:55 -07:00
thunderbolt
tty xen: MFN/GFN/BFN terminology changes for 4.3-rc0 2015-09-10 16:21:11 -07:00
uio
usb Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2015-09-01 18:46:42 -07:00
uwb
vfio
vhost
video Merge branch 'akpm' (patches from Andrew) 2015-09-10 18:19:42 -07:00
virt
virtio virtio_balloon: do not change memory amount visible via /proc/meminfo 2015-09-08 13:32:11 +03:00
vlynq
vme
w1 Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2015-09-01 18:46:42 -07:00
watchdog - New Device Support 2015-09-04 11:35:03 -07:00
xen Merge branch 'akpm' (patches from Andrew) 2015-09-10 18:19:42 -07:00
zorro
Kconfig Merge branch 'for-linus' of git://ftp.arm.linux.org.uk/~rmk/linux-arm 2015-09-03 16:27:01 -07:00
Makefile This is the bulk of pin control changes for the v4.3 development 2015-09-04 10:22:09 -07:00