| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANn89iKsbdMV1JmjzzGNu-2janfudb-t-Le-JempLrroJcNH-Q@mail.gmail.com>
Date: Mon, 13 Sep 2021 09:15:23 -0700
From: Eric Dumazet <edumazet@...gle.com>
To: Yajun Deng <yajun.deng@...ux.dev>
Cc: David Miller <davem@...emloft.net>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
David Ahern <dsahern@...nel.org>,
Jakub Kicinski <kuba@...nel.org>,
netdev <netdev@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] Revert "ipv4: fix memory leaks in ip_cmsg_send() callers"
On Sun, Sep 12, 2021 at 9:04 PM Yajun Deng <yajun.deng@...ux.dev> wrote:
>
> This reverts commit 919483096bfe75dda338e98d56da91a263746a0a.
>
> There is only when ip_options_get() return zero need to free.
> It already called kfree() when return error.
>
> Fixes: 919483096bfe ("ipv4: fix memory leaks in ip_cmsg_send() callers")
> Signed-off-by: Yajun Deng <yajun.deng@...ux.dev>
> ---
I do not think this is a valid patch, not sure why David has merged so
soon before us reviewing it ?
You are bringing back the memory leaks.
ip_cmsg_send() can loop over multiple cmsghdr()
If IP_RETOPTS has been successful, but following cmsghdr generates an error,
we do not free ipc.ok
If IP_RETOPTS is not successful, we have freed the allocated temporary space,
not the one currently in ipc.opt.
Can you share what your exact finding was, perhaps a syzbot repro ???
Thanks.
Powered by blists - more mailing lists