| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAM_iQpWq2=Z70Qxh=WFgsPer7XwDo9T7P0ZhCDbk2zaBr3ZmWQ@mail.gmail.com>
Date: Mon, 15 Feb 2016 12:11:34 -0800
From: Cong Wang <xiyou.wangcong@...il.com>
To: Eric Dumazet <eric.dumazet@...il.com>
Cc: Dmitry Vyukov <dvyukov@...gle.com>,
David Miller <davem@...emloft.net>,
netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH net] ipv4: fix memory leaks in ip_cmsg_send() callers
On Thu, Feb 4, 2016 at 6:23 AM, Eric Dumazet <eric.dumazet@...il.com> wrote:
> From: Eric Dumazet <edumazet@...gle.com>
>
> Dmitry reported memory leaks of IP options allocated in
> ip_cmsg_send() when/if this function returns an error.
>
> Callers are responsible for the freeing.
Right, because there is a loop in ip_cmsg_send(), so the callers
are easier to free it than the callee.
The other thing is we perhaps have another leak in the following code:
if (ipc.opt && ipc.opt->opt.srr) {
if (!daddr)
return -EINVAL;
faddr = ipc.opt->opt.faddr;
}
since ipc.opt could be allocated on heap... We need something like:
@@ -770,8 +770,11 @@ static int ping_v4_sendmsg(struct sock *sk,
struct msghdr *msg, size_t len)
ipc.addr = faddr = daddr;
if (ipc.opt && ipc.opt->opt.srr) {
- if (!daddr)
+ if (!daddr) {
+ if (free)
+ kfree(ipc.opt);
return -EINVAL;
+ }
faddr = ipc.opt->opt.faddr;
}
tos = get_rttos(&ipc, inet);
Powered by blists - more mailing lists