| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Nov 2016 18:24:50 +0100
From: Florian Westphal <fw@...len.de>
To: Richard Guy Briggs <rgb@...hat.com>
Cc: Florian Westphal <fw@...len.de>, linux-kernel@...r.kernel.org,
linux-audit@...hat.com
Subject: Re: [PATCH] audit: remove the audit freelist
Richard Guy Briggs <rgb@...hat.com> wrote:
> > static void audit_buffer_free(struct audit_buffer *ab)
> > {
> > - unsigned long flags;
> > -
> > if (!ab)
> > return;
> >
> > kfree_skb(ab->skb);
> > - spin_lock_irqsave(&audit_freelist_lock, flags);
> > - if (audit_freelist_count > AUDIT_MAXFREE)
> > - kfree(ab);
> > - else {
> > - audit_freelist_count++;
> > - list_add(&ab->list, &audit_freelist);
> > - }
> > - spin_unlock_irqrestore(&audit_freelist_lock, flags);
> > + kfree(ab);
> > }
[..]
> > nlh = nlmsg_put(ab->skb, 0, 0, type, 0, 0);
> > if (!nlh)
> > - goto out_kfree_skb;
> > + goto err;
> >
> > return ab;
> >
> > -out_kfree_skb:
> > - kfree_skb(ab->skb);
> > - ab->skb = NULL;
>
> Why is the kfree_skb() skipped on error from nlmsg_put()? I don't see
> much risk in nlmsg_put() failing considering the very simple arguments,
> however the code path is not trivial either.
if nlmsg_put fails we jump to err and ...
> > err:
> > audit_buffer_free(ab);
> > return NULL;
... ab->skb gets free'd by audit_buffer_free() here.
Powered by blists - more mailing lists