| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 24 Dec 2023 21:30:57 +0000
From: Simon Horman <horms@...nel.org>
To: Zhipeng Lu <alexious@....edu.cn>
Cc: Trond Myklebust <trond.myklebust@...merspace.com>,
Anna Schumaker <anna@...nel.org>,
Chuck Lever <chuck.lever@...cle.com>,
Jeff Layton <jlayton@...nel.org>, Neil Brown <neilb@...e.de>,
Olga Kornievskaia <kolga@...app.com>, Dai Ngo <Dai.Ngo@...cle.com>,
Tom Talpey <tom@...pey.com>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Simo Sorce <simo@...hat.com>, Steve Dickson <steved@...hat.com>,
Kevin Coffman <kwc@...i.umich.edu>, linux-nfs@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] SUNRPC: fix a memleak in gss_import_v2_context
On Sun, Dec 24, 2023 at 04:20:33PM +0800, Zhipeng Lu wrote:
> The ctx->mech_used.data allocated by kmemdup is not freed in neither
> gss_import_v2_context nor it only caller radeon_driver_open_kms.
> Thus, this patch reform the last call of gss_import_v2_context to the
> gss_krb5_import_ctx_v2, preventing the memleak while keepping the return
> formation.
>
> Fixes: 47d848077629 ("gss_krb5: handle new context format from gssd")
> Signed-off-by: Zhipeng Lu <alexious@....edu.cn>
> ---
> net/sunrpc/auth_gss/gss_krb5_mech.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
> index e31cfdf7eadc..1e54bd63e3f0 100644
> --- a/net/sunrpc/auth_gss/gss_krb5_mech.c
> +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
> @@ -398,6 +398,7 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx,
> u64 seq_send64;
> int keylen;
> u32 time32;
> + int ret;
>
> p = simple_get_bytes(p, end, &ctx->flags, sizeof(ctx->flags));
> if (IS_ERR(p))
> @@ -450,8 +451,14 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx,
> }
> ctx->mech_used.len = gss_kerberos_mech.gm_oid.len;
>
> - return gss_krb5_import_ctx_v2(ctx, gfp_mask);
> + ret = gss_krb5_import_ctx_v2(ctx, gfp_mask);
> + if (ret) {
> + p = ERR_PTR(ret);
> + goto out_free;
> + };
Hi Zhipeng Lu,
I think you need to handle the non-error case here:
return 0;
>
> +out_free:
> + kfree(ctx->mech_used.data);
> out_err:
> return PTR_ERR(p);
> }
> --
> 2.34.1
>
Powered by blists - more mailing lists