lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 15 Jan 2024 11:09:05 +0000
From: Simon Horman <horms@...nel.org>
To: Zhipeng Lu <alexious@....edu.cn>
Cc: Chuck Lever <chuck.lever@...cle.com>, Jeff Layton <jlayton@...nel.org>,
	Neil Brown <neilb@...e.de>, Olga Kornievskaia <kolga@...app.com>,
	Dai Ngo <Dai.Ngo@...cle.com>, Tom Talpey <tom@...pey.com>,
	Trond Myklebust <trond.myklebust@...merspace.com>,
	Anna Schumaker <anna@...nel.org>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Simo Sorce <simo@...hat.com>, Steve Dickson <steved@...hat.com>,
	Kevin Coffman <kwc@...i.umich.edu>, linux-nfs@...r.kernel.org,
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] [v2] SUNRPC: fix a memleak in gss_import_v2_context

On Fri, Jan 12, 2024 at 04:45:38PM +0800, Zhipeng Lu wrote:
> The ctx->mech_used.data allocated by kmemdup is not freed in neither
> gss_import_v2_context nor it only caller radeon_driver_open_kms.

Should radeon_driver_open_kms be gss_krb5_import_sec_context?

Also, perhaps it is useful to write something like this:

... gss_krb5_import_sec_context, which frees ctx on error.

> Thus, this patch reform the last call of gss_import_v2_context to the
> gss_krb5_import_ctx_v2, preventing the memleak while keepping the return
> formation.
> 
> Fixes: 47d848077629 ("gss_krb5: handle new context format from gssd")
> Signed-off-by: Zhipeng Lu <alexious@....edu.cn>

Hi Zhipeng Lu,

Other than the comment above, I agree with your analysis.
And that although the problem has changed form slightly,
it was originally introduced by the cited commit.
I also agree that your fix.

...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ