Jacob Garber has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/39378 )
Change subject: drivers/ipmi: Fix buffer double-free ......................................................................
drivers/ipmi: Fix buffer double-free
If reading the data for the asset_tag fails, that buffer should be freed, not the one for serial_number.
Change-Id: I2ecaf7fd0f23f2fb5a6aa0961c7e17fff04847f4 Signed-off-by: Jacob Garber jgarber1@ualberta.ca Found-by: Coverity CID 1419481, 1419485 --- M src/drivers/ipmi/ipmi_fru.c 1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/78/39378/1
diff --git a/src/drivers/ipmi/ipmi_fru.c b/src/drivers/ipmi/ipmi_fru.c index 8be53f8..43ee6b3 100644 --- a/src/drivers/ipmi/ipmi_fru.c +++ b/src/drivers/ipmi/ipmi_fru.c @@ -319,7 +319,7 @@ goto out; } if (!data2str((const uint8_t *)data_ptr, info->asset_tag, length)) - free(info->serial_number); + free(info->asset_tag); }
out:
Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/39378 )
Change subject: drivers/ipmi: Fix buffer double-free ......................................................................
Patch Set 1: Code-Review+1
Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/39378 )
Change subject: drivers/ipmi: Fix buffer double-free ......................................................................
Patch Set 1: Code-Review+2
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/39378 )
Change subject: drivers/ipmi: Fix buffer double-free ......................................................................
Patch Set 1: Code-Review+2
Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/39378 )
Change subject: drivers/ipmi: Fix buffer double-free ......................................................................
drivers/ipmi: Fix buffer double-free
If reading the data for the asset_tag fails, that buffer should be freed, not the one for serial_number.
Change-Id: I2ecaf7fd0f23f2fb5a6aa0961c7e17fff04847f4 Signed-off-by: Jacob Garber jgarber1@ualberta.ca Found-by: Coverity CID 1419481, 1419485 Reviewed-on: https://review.coreboot.org/c/coreboot/+/39378 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Paul Menzel paulepanter@users.sourceforge.net Reviewed-by: Patrick Rudolph siro@das-labor.org Reviewed-by: Angel Pons th3fanbus@gmail.com --- M src/drivers/ipmi/ipmi_fru.c 1 file changed, 1 insertion(+), 1 deletion(-)
Approvals: build bot (Jenkins): Verified Paul Menzel: Looks good to me, but someone else must approve Patrick Rudolph: Looks good to me, approved Angel Pons: Looks good to me, approved
diff --git a/src/drivers/ipmi/ipmi_fru.c b/src/drivers/ipmi/ipmi_fru.c index 8be53f8..43ee6b3 100644 --- a/src/drivers/ipmi/ipmi_fru.c +++ b/src/drivers/ipmi/ipmi_fru.c @@ -319,7 +319,7 @@ goto out; } if (!data2str((const uint8_t *)data_ptr, info->asset_tag, length)) - free(info->serial_number); + free(info->asset_tag); }
out:
-
Angel Pons (Code Review) -
Jacob Garber (Code Review)
-
Patrick Georgi (Code Review)
-
Patrick Rudolph (Code Review)
-
Paul Menzel (Code Review)