lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20150817.120933.1027656588494926587.davem@davemloft.net>
Date:	Mon, 17 Aug 2015 12:09:33 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	tom@...bertland.com
Cc:	netdev@...r.kernel.org, kernel-team@...com
Subject: Re: [PATCH net-next v3 4/4] net: Identifier Locator Addressing
 module

From: Tom Herbert <tom@...bertland.com>
Date: Mon, 17 Aug 2015 11:59:17 -0700

> +static int ila_build_state(struct net_device *dev, struct nlattr *nla,
> +			   struct lwtunnel_state **ts)
> +{
> +	struct ila_params *p;
> +	struct nlattr *tb[ILA_ATTR_MAX + 1];
> +	size_t encap_len = sizeof(*p);
> +	struct lwtunnel_state *newts;
> +	int ret;
> +
> +	ret = nla_parse_nested(tb, ILA_ATTR_MAX, nla,
> +			       ila_nl_policy);
> +	if (ret < 0)
> +		return ret;
> +
> +	newts = lwtunnel_state_alloc(encap_len);
> +	if (!newts)
> +		return -ENOMEM;
> +
> +	newts->len = encap_len;
> +	p = ila_params_lwtunnel(newts);
> +
> +	if (!tb[ILA_ATTR_LOCATOR])
> +		return -EINVAL;

This final error check leaks 'newts'.

You should probably just validate that ILA_ATTR_LOCATOR is present
before allocating any resources at all.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ