From: Djalal Harouni <tixxdz@opendz.org>
Date: Wed, 30 Jul 2014 20:11:57 +0000 (+0100)
Subject: connection: fix user quota accounting corruption
X-Git-Tag: upstream/0.20140911.160207utc~72
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1becebff0eafbdb4b04105378c3e4328f1c6509f;p=platform%2Fcore%2Fsystem%2Fkdbus-bus.git

connection: fix user quota accounting corruption

First use kzalloc to allocate the users array, so we do not reference
unintialized values.

And free the old conn->msg_users array not the newly allocated 'users'
one.

Patch tested, and users will hit the KDBUS_CONN_MAX_MSGS_PER_USER limit
and fail with -ENOBUFS

Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
---

diff --git a/connection.c b/connection.c
index e0bcee1..b42606c 100644
--- a/connection.c
+++ b/connection.c
@@ -636,13 +636,13 @@ static int kdbus_conn_queue_user_quota(struct kdbus_conn *conn,
 		unsigned int i;
 
 		i = 8 + KDBUS_ALIGN8(user);
-		users = kmalloc(sizeof(unsigned int) * i, GFP_KERNEL);
+		users = kzalloc(sizeof(unsigned int) * i, GFP_KERNEL);
 		if (!users)
 			return -ENOMEM;
 
 		memcpy(users, conn->msg_users,
 		       sizeof(unsigned int) * conn->msg_users_max);
-		kfree(users);
+		kfree(conn->msg_users);
 		conn->msg_users = users;
 		conn->msg_users_max = i;
 	}