lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20180708.105705.1482010806994204196.davem@davemloft.net>
Date:   Sun, 08 Jul 2018 10:57:05 +0900 (KST)
From:   David Miller <davem@...emloft.net>
To:     lorenzo@...gle.com
Cc:     netdev@...r.kernel.org, astrachan@...gle.com,
        subashab@...eaurora.org, eric.dumazet@...il.com,
        dsa@...ulusnetworks.com
Subject: Re: [PATCH net] net: diag: Don't double-free TCP_NEW_SYN_RECV
 sockets in tcp_abort

From: Lorenzo Colitti <lorenzo@...gle.com>
Date: Sat,  7 Jul 2018 16:31:40 +0900

> When tcp_diag_destroy closes a TCP_NEW_SYN_RECV socket, it first
> frees it by calling inet_csk_reqsk_queue_drop_and_and_put in
> tcp_abort, and then frees it again by calling sock_gen_put.
> 
> Since tcp_abort only has one caller, and all the other codepaths
> in tcp_abort don't free the socket, just remove the free in that
> function.
> 
> Cc: David Ahern <dsa@...ulusnetworks.com>
> Tested: passes Android sock_diag_test.py, which exercises this codepath
> Fixes: d7226c7a4dd1 ("net: diag: Fix refcnt leak in error path destroying socket")
> Signed-off-by: Lorenzo Colitti <lorenzo@...gle.com>

Applied and queued up for -stable, thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ