From 1becebff0eafbdb4b04105378c3e4328f1c6509f Mon Sep 17 00:00:00 2001
From: Djalal Harouni <tixxdz@opendz.org>
Date: Wed, 30 Jul 2014 21:11:57 +0100
Subject: [PATCH] connection: fix user quota accounting corruption

First use kzalloc to allocate the users array, so we do not reference
unintialized values.

And free the old conn->msg_users array not the newly allocated 'users'
one.

Patch tested, and users will hit the KDBUS_CONN_MAX_MSGS_PER_USER limit
and fail with -ENOBUFS

Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
---
 connection.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/connection.c b/connection.c
index e0bcee1..b42606c 100644
--- a/connection.c
+++ b/connection.c
@@ -636,13 +636,13 @@ static int kdbus_conn_queue_user_quota(struct kdbus_conn *conn,
 		unsigned int i;
 
 		i = 8 + KDBUS_ALIGN8(user);
-		users = kmalloc(sizeof(unsigned int) * i, GFP_KERNEL);
+		users = kzalloc(sizeof(unsigned int) * i, GFP_KERNEL);
 		if (!users)
 			return -ENOMEM;
 
 		memcpy(users, conn->msg_users,
 		       sizeof(unsigned int) * conn->msg_users_max);
-		kfree(users);
+		kfree(conn->msg_users);
 		conn->msg_users = users;
 		conn->msg_users_max = i;
 	}
-- 
2.34.1