| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Jan 2024 15:51:27 +0800
From: Zhipeng Lu <alexious@....edu.cn>
To: alexious@....edu.cn
Cc: "David S. Miller" <davem@...emloft.net>,
David Ahern <dsahern@...nel.org>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] net: ipv4: fix a memleak in ip_setup_cork
When inetdev_valid_mtu fails, cork->opt should be freed if it is
allocated in ip_setup_cork. Otherwise there could be a memleak.
Fixes: 501a90c94510 ("inet: protect against too small mtu values.")
Signed-off-by: Zhipeng Lu <alexious@....edu.cn>
---
net/ipv4/ip_output.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index b06f678b03a1..3215ea07d398 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1282,6 +1282,7 @@ static int ip_setup_cork(struct sock *sk, struct inet_cork *cork,
{
struct ip_options_rcu *opt;
struct rtable *rt;
+ int free_opt = 0;
rt = *rtp;
if (unlikely(!rt))
@@ -1297,6 +1298,7 @@ static int ip_setup_cork(struct sock *sk, struct inet_cork *cork,
sk->sk_allocation);
if (unlikely(!cork->opt))
return -ENOBUFS;
+ free_opt = 1;
}
memcpy(cork->opt, &opt->opt, sizeof(struct ip_options) + opt->opt.optlen);
cork->flags |= IPCORK_OPT;
@@ -1306,8 +1308,13 @@ static int ip_setup_cork(struct sock *sk, struct inet_cork *cork,
cork->fragsize = ip_sk_use_pmtu(sk) ?
dst_mtu(&rt->dst) : READ_ONCE(rt->dst.dev->mtu);
- if (!inetdev_valid_mtu(cork->fragsize))
+ if (!inetdev_valid_mtu(cork->fragsize)) {
+ if (opt && free_opt) {
+ kfree(cork->opt);
+ cork->opt = NULL;
+ }
return -ENETUNREACH;
+ }
cork->gso_size = ipc->gso_size;
--
2.34.1
Powered by blists - more mailing lists