| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Oct 2018 12:46:14 -0600
From: David Ahern <dsahern@...il.com>
To: Bjørn Mork <bjorn@...k.no>
Cc: Li RongQing <lirongqing@...du.com>, netdev@...r.kernel.org,
David Miller <davem@...emloft.net>
Subject: Re: [net-next][PATCH] net/ipv4: fix a net leak
On 10/25/18 12:43 PM, Bjørn Mork wrote:
>
> inet_valid_dump_ifaddr_req() will bail out with an error, but only
> *after* setting fillargs->netnsid:
>
> if (i == IFA_TARGET_NETNSID) {
> struct net *net;
>
> fillargs->netnsid = nla_get_s32(tb[i]);
>
> net = rtnl_get_net_ns_capable(sk, fillargs->netnsid);
> if (IS_ERR(net)) {
> NL_SET_ERR_MSG(extack, "ipv4: Invalid target network namespace id");
> return PTR_ERR(net);
> }
> *tgt_net = net;
> } else {
>
>
>
> So inet_dump_ifaddr() ends up doing put_net(tgt_net):
>
>
> err = inet_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net,
> skb->sk, cb);
> if (err < 0)
> goto put_tgt_net;
> ..
> put_tgt_net:
> if (fillargs.netnsid >= 0)
> put_net(tgt_net);
>
>
>
> I believe you should set fillargs->netnsid back to -1 in the
> inet_valid_dump_ifaddr_req() error path, or use a temp variable to avoid
> changing it unless get_net is successful.
good point. either use of an intermediate or resetting nsid on failure.
Will you send a patch to fix ipv4 and v6?
Thanks,
Powered by blists - more mailing lists