lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 20 Dec 2017 13:57:30 -0500 (EST)
From:   David Miller <davem@...emloft.net>
To:     yanhaishuang@...s.chinamobile.com
Cc:     kuznet@....inr.ac.ru, yoshfuji@...ux-ipv6.org,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        u9012063@...il.com
Subject: Re: [PATCH v3,net-next 2/2] ip6_gre: fix potential memory leak in
 ip6erspan_rcv

From: Haishuang Yan <yanhaishuang@...s.chinamobile.com>
Date: Wed, 20 Dec 2017 10:07:01 +0800

> If md is NULL, tun_dst must be freed, otherwise it will cause memory
> leak.
> 
> Fixes: ef7baf5e083c ("ip6_gre: add ip6 erspan collect_md mode")
> Cc: William Tu <u9012063@...il.com>
> Signed-off-by: Haishuang Yan <yanhaishuang@...s.chinamobile.com>

Applied.

> @@ -550,8 +550,10 @@ static int ip6erspan_rcv(struct sk_buff *skb, int gre_hdr_len,
>  
>  			info = &tun_dst->u.tun_info;
>  			md = ip_tunnel_info_opts(info);
> -			if (!md)
> +			if (!md) {
> +				dst_release((struct dst_entry *)tun_dst);
>  				return PACKET_REJECT;
> +			}
>  
>  			memcpy(md, pkt_md, sizeof(*md));

I agree with William that 'md' should never be NULL here, but that check existing
before your changes so removing it is a separate patch altogether.

Powered by blists - more mailing lists