lkdtm: fix memory leak of base

sudipm-mukherjee · kees · commit d2e10088ce01 · 2016-04-06T16:22:24.000-07:00
This case is supposed to read from a memory after it has been freed,
but we missed freeing base if the memory 'val' could not be allocated.

Signed-off-by: Sudip Mukherjee &lt;sudip.mukherjee@codethink.co.uk&gt;
Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c
@@ -458,8 +458,10 @@ static void lkdtm_do_action(enum ctype which)
 			break;
 
 		val = kmalloc(len, GFP_KERNEL);
-		if (!val)
+		if (!val) {
+			kfree(base);
 			break;
+		}
 
 		*val = 0x12345678;
 		base[offset] = *val;
