| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Jul 2017 00:01:22 -0700 (PDT) From: David Miller <davem@...emloft.net> To: lucien.xin@...il.com Cc: netdev@...r.kernel.org Subject: Re: [PATCH net] dccp: fix a memleak that dccp_ipv6 doesn't put reqsk properly From: Xin Long <lucien.xin@...il.com> Date: Wed, 26 Jul 2017 14:19:09 +0800 > In dccp_v6_conn_request, after reqsk gets alloced and hashed into > ehash table, reqsk's refcnt is set 3. one is for req->rsk_timer, > one is for hlist, and the other one is for current using. > > The problem is when dccp_v6_conn_request returns and finishes using > reqsk, it doesn't put reqsk. This will cause reqsk refcnt leaks and > reqsk obj never gets freed. > > Jianlin found this issue when running dccp_memleak.c in a loop, the > system memory would run out. > > dccp_memleak.c: > int s1 = socket(PF_INET6, 6, IPPROTO_IP); > bind(s1, &sa1, 0x20); > listen(s1, 0x9); > int s2 = socket(PF_INET6, 6, IPPROTO_IP); > connect(s2, &sa1, 0x20); > close(s1); > close(s2); > > This patch is to put the reqsk before dccp_v6_conn_request returns, > just as what tcp_conn_request does. > > Reported-by: Jianlin Shi <jishi@...hat.com> > Signed-off-by: Xin Long <lucien.xin@...il.com> Applied and queued up for -stable.
Powered by blists - more mailing lists