| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 05 Apr 2019 12:15:29 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: ms@....tdt.de
Cc: andrew.hendry@...il.com, khc@...waw.pl, isdn@...ux-pingi.de,
edumazet@...gle.com, linux-x25@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/4] wan/hdlc_x25: fix skb handling
From: Martin Schiller <ms@....tdt.de>
Date: Fri, 05 Apr 2019 08:56:44 +0200
> On 2019-04-05 02:32, David Miller wrote:
>> From: Martin Schiller <ms@....tdt.de>
>> Date: Wed, 3 Apr 2019 07:01:16 +0200
>>
>>> /* X.25 to LAPB */
>>> switch (skb->data[0]) {
>>> case X25_IFACE_DATA: /* Data to be transmitted */
>>> - skb_pull(skb, 1);
>>> - if ((result = lapb_data_request(dev, skb)) != LAPB_OK)
>>> - dev_kfree_skb(skb);
>>> - return NETDEV_TX_OK;
>>> + skbn = skb_copy(skb, GFP_ATOMIC);
>>> + skb_pull(skbn, 1);
>>> + skb_reset_network_header(skbn);
>>> + if ((result = lapb_data_request(dev, skbn)) != LAPB_OK)
>>> + dev_kfree_skb(skbn);
>> This leaks 'skb'.
>
> What exactly do you mean?
> 'skb' will get freed at the end of x25_xmit() function:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/net/wan/hdlc_x25.c#n129
Then why was it freed here in the original code?
Powered by blists - more mailing lists