lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20200615.133017.143361546049495568.davem@davemloft.net>
Date:   Mon, 15 Jun 2020 13:30:17 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     wanghai38@...wei.com
Cc:     kuznet@....inr.ac.ru, yoshfuji@...ux-ipv6.org, kuba@...nel.org,
        liuhangbin@...il.com, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org
Subject: Re: [PATCH] mld: fix memory leak in ipv6_mc_destroy_dev()

From: Wang Hai <wanghai38@...wei.com>
Date: Thu, 11 Jun 2020 15:57:50 +0800

> Commit a84d01647989 ("mld: fix memory leak in mld_del_delrec()") fixed
> the memory leak of MLD, but missing the ipv6_mc_destroy_dev() path, in
> which mca_sources are leaked after ma_put().
> 
> Using ip6_mc_clear_src() to take care of the missing free.
> 
> BUG: memory leak
> unreferenced object 0xffff8881113d3180 (size 64):
>   comm "syz-executor071", pid 389, jiffies 4294887985 (age 17.943s)
>   hex dump (first 32 bytes):
>     00 00 00 00 00 00 00 00 ff 02 00 00 00 00 00 00  ................
>     00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00  ................
>   backtrace:
>     [<000000002cbc483c>] kmalloc include/linux/slab.h:555 [inline]
>     [<000000002cbc483c>] kzalloc include/linux/slab.h:669 [inline]
>     [<000000002cbc483c>] ip6_mc_add1_src net/ipv6/mcast.c:2237 [inline]
>     [<000000002cbc483c>] ip6_mc_add_src+0x7f5/0xbb0 net/ipv6/mcast.c:2357
>     [<0000000058b8b1ff>] ip6_mc_source+0xe0c/0x1530 net/ipv6/mcast.c:449
>     [<000000000bfc4fb5>] do_ipv6_setsockopt.isra.12+0x1b2c/0x3b30 net/ipv6/ipv6_sockglue.c:754
>     [<00000000e4e7a722>] ipv6_setsockopt+0xda/0x150 net/ipv6/ipv6_sockglue.c:950
>     [<0000000029260d9a>] rawv6_setsockopt+0x45/0x100 net/ipv6/raw.c:1081
>     [<000000005c1b46f9>] __sys_setsockopt+0x131/0x210 net/socket.c:2132
>     [<000000008491f7db>] __do_sys_setsockopt net/socket.c:2148 [inline]
>     [<000000008491f7db>] __se_sys_setsockopt net/socket.c:2145 [inline]
>     [<000000008491f7db>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2145
>     [<00000000c7bc11c5>] do_syscall_64+0xa1/0x530 arch/x86/entry/common.c:295
>     [<000000005fb7a3f3>] entry_SYSCALL_64_after_hwframe+0x49/0xb3
> 
> Fixes: 1666d49e1d41 ("mld: do not remove mld souce list info when set link down")
> Reported-by: Hulk Robot <hulkci@...wei.com>
> Signed-off-by: Wang Hai <wanghai38@...wei.com>

Applied and queued up for -stable, thank you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ