lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4d464258-de80-7d9c-bb8d-363d743396e7@huawei.com>
Date:   Thu, 24 Nov 2022 19:19:32 +0800
From:   "wanghai (M)" <wanghai38@...wei.com>
To:     <asmadeus@...ewreck.org>
CC:     <ericvh@...il.com>, <lucho@...kov.net>, <linux_oss@...debyte.com>,
        <davem@...emloft.net>, <edumazet@...gle.com>, <kuba@...nel.org>,
        <pabeni@...hat.com>, <viro@...iv.linux.org.uk>,
        <v9fs-developer@...ts.sourceforge.net>,
        <linux-kernel@...r.kernel.org>, <netdev@...r.kernel.org>
Subject: Re: [PATCH net] net/9p: Fix a potential socket leak in p9_socket_open


在 2022/11/24 17:15, asmadeus@...ewreck.org 写道:
> Wang Hai wrote on Thu, Nov 24, 2022 at 04:10:05PM +0800:
>> Both p9_fd_create_tcp() and p9_fd_create_unix() will call
>> p9_socket_open(). If the creation of p9_trans_fd fails,
>> p9_fd_create_tcp() and p9_fd_create_unix() will return an
>> error directly instead of releasing the cscoket, which will
> (typo, socket or csocket -- I'll fix this on applying)
Hi, Dominique.
Thanks for reviewing.

Here is a typo, it should be csocket.
>> result in a socket leak.
>>
>> This patch adds sock_release() to fix the leak issue.
> Thanks, it looks good to me.
> A bit confusing that sock_alloc_files() calls sock_release() itself on
> failure, but that means this one's safe at least...
Yes, this mechanism was introduced by commit 8e1611e23579 ("make 
sock_alloc_file() do sock_release() on failures")
>
>> Fixes: 6b18662e239a ("9p connect fixes")
> (the leak was present before that commit so I guess that's not really
> correct -- but it might help figure out up to which point stable folks
> will be able to backport so I guess it's useful either way)
Yes, there was already a leak before this patch, and this patch also 
introduces a leak

-- 
Wang Hai

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ