lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d97e5215-09f6-696e-cfd4-c5796136ac6b@windriver.com>
Date:   Thu, 11 Jan 2018 18:21:23 +0800
From:   Ying Xue <ying.xue@...driver.com>
To:     Cong Wang <xiyou.wangcong@...il.com>, <netdev@...r.kernel.org>
CC:     <dvyukov@...gle.com>, Jon Maloy <jon.maloy@...csson.com>
Subject: Re: [Patch net] tipc: fix a memory leak in tipc_nl_node_get_link()

On 01/11/2018 04:50 AM, Cong Wang wrote:
> When tipc_node_find_by_name() fails, the nlmsg is not
> freed.
> 
> While on it, switch to a goto label to properly
> free it.
> 
> Fixes: be9c086715c ("tipc: narrow down exposure of struct tipc_node")
> Reported-by: Dmitry Vyukov <dvyukov@...gle.com>
> Cc: Jon Maloy <jon.maloy@...csson.com>
> Cc: Ying Xue <ying.xue@...driver.com>
> Signed-off-by: Cong Wang <xiyou.wangcong@...il.com>

Acked-by: Ying Xue <ying.xue@...driver.com>

> ---
>  net/tipc/node.c | 26 ++++++++++++++------------
>  1 file changed, 14 insertions(+), 12 deletions(-)
> 
> diff --git a/net/tipc/node.c b/net/tipc/node.c
> index 507017fe0f1b..9036d8756e73 100644
> --- a/net/tipc/node.c
> +++ b/net/tipc/node.c
> @@ -1880,36 +1880,38 @@ int tipc_nl_node_get_link(struct sk_buff *skb, struct genl_info *info)
>  
>  	if (strcmp(name, tipc_bclink_name) == 0) {
>  		err = tipc_nl_add_bc_link(net, &msg);
> -		if (err) {
> -			nlmsg_free(msg.skb);
> -			return err;
> -		}
> +		if (err)
> +			goto err_free;
>  	} else {
>  		int bearer_id;
>  		struct tipc_node *node;
>  		struct tipc_link *link;
>  
>  		node = tipc_node_find_by_name(net, name, &bearer_id);
> -		if (!node)
> -			return -EINVAL;
> +		if (!node) {
> +			err = -EINVAL;
> +			goto err_free;
> +		}
>  
>  		tipc_node_read_lock(node);
>  		link = node->links[bearer_id].link;
>  		if (!link) {
>  			tipc_node_read_unlock(node);
> -			nlmsg_free(msg.skb);
> -			return -EINVAL;
> +			err = -EINVAL;
> +			goto err_free;
>  		}
>  
>  		err = __tipc_nl_add_link(net, &msg, link, 0);
>  		tipc_node_read_unlock(node);
> -		if (err) {
> -			nlmsg_free(msg.skb);
> -			return err;
> -		}
> +		if (err)
> +			goto err_free;
>  	}
>  
>  	return genlmsg_reply(msg.skb, info);
> +
> +err_free:
> +	nlmsg_free(msg.skb);
> +	return err;
>  }
>  
>  int tipc_nl_node_reset_link_stats(struct sk_buff *skb, struct genl_info *info)
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ