| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Jul 2022 11:57:48 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: kbuild@...ts.01.org, Rao Shoaib <rao.shoaib@...cle.com>
Cc: lkp@...el.com, kbuild-all@...ts.01.org,
linux-kernel@...r.kernel.org
Subject: net/unix/af_unix.c:2471 manage_oob() warn: returning freed memory
'skb'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: e8a4e1c1bb697b1d9fc48f0e56dc0f50bc024bee
commit: 314001f0bf927015e459c9d387d62a231fe93af3 af_unix: Add OOB support
config: m68k-randconfig-m031-20220708 (https://download.01.org/0day-ci/archive/20220709/202207090117.Ub3gbT5M-lkp@intel.com/config)
compiler: m68k-linux-gcc (GCC) 11.3.0
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@...el.com>
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
smatch warnings:
net/unix/af_unix.c:2471 manage_oob() warn: returning freed memory 'skb'
vim +/skb +2471 net/unix/af_unix.c
314001f0bf9270 Rao Shoaib 2021-08-01 2446 static struct sk_buff *manage_oob(struct sk_buff *skb, struct sock *sk,
314001f0bf9270 Rao Shoaib 2021-08-01 2447 int flags, int copied)
314001f0bf9270 Rao Shoaib 2021-08-01 2448 {
314001f0bf9270 Rao Shoaib 2021-08-01 2449 struct unix_sock *u = unix_sk(sk);
314001f0bf9270 Rao Shoaib 2021-08-01 2450
314001f0bf9270 Rao Shoaib 2021-08-01 2451 if (!unix_skb_len(skb) && !(flags & MSG_PEEK)) {
314001f0bf9270 Rao Shoaib 2021-08-01 2452 skb_unlink(skb, &sk->sk_receive_queue);
314001f0bf9270 Rao Shoaib 2021-08-01 2453 consume_skb(skb);
314001f0bf9270 Rao Shoaib 2021-08-01 2454 skb = NULL;
314001f0bf9270 Rao Shoaib 2021-08-01 2455 } else {
314001f0bf9270 Rao Shoaib 2021-08-01 2456 if (skb == u->oob_skb) {
314001f0bf9270 Rao Shoaib 2021-08-01 2457 if (copied) {
314001f0bf9270 Rao Shoaib 2021-08-01 2458 skb = NULL;
314001f0bf9270 Rao Shoaib 2021-08-01 2459 } else if (sock_flag(sk, SOCK_URGINLINE)) {
314001f0bf9270 Rao Shoaib 2021-08-01 2460 if (!(flags & MSG_PEEK)) {
314001f0bf9270 Rao Shoaib 2021-08-01 2461 u->oob_skb = NULL;
314001f0bf9270 Rao Shoaib 2021-08-01 2462 consume_skb(skb);
It's so weird that we're sending warnings about 2021 code... I looked
at this warning on Aug 10, 2021 but for some reason I didn't send it.
314001f0bf9270 Rao Shoaib 2021-08-01 2463 }
314001f0bf9270 Rao Shoaib 2021-08-01 2464 } else if (!(flags & MSG_PEEK)) {
314001f0bf9270 Rao Shoaib 2021-08-01 2465 skb_unlink(skb, &sk->sk_receive_queue);
314001f0bf9270 Rao Shoaib 2021-08-01 2466 consume_skb(skb);
314001f0bf9270 Rao Shoaib 2021-08-01 2467 skb = skb_peek(&sk->sk_receive_queue);
314001f0bf9270 Rao Shoaib 2021-08-01 2468 }
314001f0bf9270 Rao Shoaib 2021-08-01 2469 }
314001f0bf9270 Rao Shoaib 2021-08-01 2470 }
314001f0bf9270 Rao Shoaib 2021-08-01 @2471 return skb;
314001f0bf9270 Rao Shoaib 2021-08-01 2472 }
--
0-DAY CI Kernel Test Service
https://01.org/lkp
Powered by blists - more mailing lists