lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 28 Apr 2017 15:29:45 +0200
From:   "Jason A. Donenfeld" <Jason@...c4.com>
To:     Sabrina Dubroca <sd@...asysnail.net>
Cc:     Netdev <netdev@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        David Laight <David.Laight@...lab.com>,
        kernel-hardening@...ts.openwall.com,
        David Miller <davem@...emloft.net>
Subject: Re: [PATCH v6 3/5] rxrpc: check return value of skb_to_sgvec always

Hi Sabrina,

Thanks for the review.

On Fri, Apr 28, 2017 at 1:41 PM, Sabrina Dubroca <sd@...asysnail.net> wrote:
> >       sg_init_table(sg, nsg);
> > -     skb_to_sgvec(skb, sg, offset, len);
> > +     if (unlikely(skb_to_sgvec(skb, sg, offset, len) < 0))
> > +             goto nomem;
>
> You're leaking sg when nsg > 4, you'll need to add this:
>
>         if (sg != _sg)
>                 kfree(sg);

Nice catch. I'll fix this up in the next revision.


>
>
>
> BTW, when you resubmit, please Cc: the maintainers of the files you're
> changing for each patch, so that they can review this stuff. And send
> patch 1 to all of them, otherwise they might be surprised that we even
> need <0 checking after calls to skb_to_sgvec.
>
> You might also want to add a cover letter.

Both good ideas. Will do.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ