| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 1 Oct 2007 18:29:07 +0400
From: "Denis V. Lunev" <den@...nvz.org>
To: davem@...emloft.net
Cc: netdev@...r.kernel.org
Subject: [PATCH] memory leak in netlink user->kernel processing
netlink_kernel_create can be called with NULL as an input callback in several
places, f.e. in kobject_uevent_init. This means that if one sends packet from
user to kernel for such a socket, the packet will be leaked in the socket
queue forever.
This patch adds a simple generic cleanup callback for these sockets.
Signed-off-by: Denis V. Lunev <den@...nvz.org>
--- ./net/netlink/af_netlink.c.nlk4 2007-08-26 19:30:38.000000000 +0400
+++ ./net/netlink/af_netlink.c 2007-10-01 18:00:58.000000000 +0400
@@ -1301,6 +1301,13 @@ out:
return err ? : copied;
}
+static void netlink_rcv_drop(struct sock *sk, int len)
+{
+ struct sk_buff *skb;
+ while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL)
+ kfree_skb(skb);
+}
+
static void netlink_data_ready(struct sock *sk, int len)
{
struct netlink_sock *nlk = nlk_sk(sk);
@@ -1346,8 +1353,7 @@ netlink_kernel_create(struct net *net, i
sk = sock->sk;
sk->sk_data_ready = netlink_data_ready;
- if (input)
- nlk_sk(sk)->data_ready = input;
+ nlk_sk(sk)->data_ready = input != NULL ? input : netlink_rcv_drop;
if (netlink_insert(sk, net, 0))
goto out_sock_release;
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists