[an error occurred while processing this directive]
|
|
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANn89iLKpJaF0VcWxqCUuouJw8mZ4Fjk_cc89yMmuZWCLx70-w@mail.gmail.com>
Date: Wed, 3 Sep 2025 04:18:38 -0700
From: Eric Dumazet <edumazet@...gle.com>
To: Qingfang Deng <dqfext@...il.com>
Cc: Andrew Lunn <andrew+netdev@...n.ch>, "David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Paul Mackerras <paulus@...abs.org>,
Matt Domsch <Matt_Domsch@...l.com>, Andrew Morton <akpm@...l.org>,
Brice Goglin <Brice.Goglin@...-lyon.org>, linux-ppp@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net] ppp: fix memory leak in pad_compress_skb
On Wed, Sep 3, 2025 at 3:07 AM Qingfang Deng <dqfext@...il.com> wrote:
>
> If alloc_skb() fails in pad_compress_skb(), it returns NULL without
> releasing the old skb. The caller does:
>
> skb = pad_compress_skb(ppp, skb);
> if (!skb)
> goto drop;
>
> drop:
> kfree_skb(skb);
>
> When pad_compress_skb() returns NULL, the reference to the old skb is
> lost and kfree_skb(skb) ends up doing nothing, leading to a memory leak.
>
> Align pad_compress_skb() semantics with realloc(): only free the old
> skb if allocation and compression succeed. At the call site, use the
> new_skb variable so the original skb is not lost when pad_compress_skb()
> fails.
>
> Fixes: b3f9b92a6ec1 ("[PPP]: add PPP MPPE encryption module")
> Signed-off-by: Qingfang Deng <dqfext@...il.com>
> ---
Reviewed-by: Eric Dumazet <edumazet@...gle.com>
Powered by blists - more mailing lists