lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2a86233a-9064-2a7c-064d-243db0803cde@cogentembedded.com>
Date:   Wed, 28 Nov 2018 19:04:07 +0300
From:   Sergei Shtylyov <sergei.shtylyov@...entembedded.com>
To:     Pablo Neira Ayuso <pablo@...filter.org>,
        netfilter-devel@...r.kernel.org
Cc:     davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [PATCH 09/16] netfilter: xt_hashlimit: fix a possible memory leak
 in htable_create()

Hello!

On 11/28/2018 01:17 PM, Pablo Neira Ayuso wrote:

> From: Taehee Yoo <ap420073@...il.com>
> 
> In the htable_create(), hinfo is allocated by vmalloc()
> So that if error occurred, hinfo should be freed.
> 
> Fixes: 11d5f15723c9 ("netfilter: xt_hashlimit: Create revision 2 to support higher pps rates")
> Signed-off-by: Taehee Yoo <ap420073@...il.com>
> Signed-off-by: Pablo Neira Ayuso <pablo@...filter.org>
> ---
>  net/netfilter/xt_hashlimit.c | 9 +++------
>  1 file changed, 3 insertions(+), 6 deletions(-)
> 
> diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
> index 3e7d259e5d8d..1ad4017f9b73 100644
> --- a/net/netfilter/xt_hashlimit.c
> +++ b/net/netfilter/xt_hashlimit.c
> @@ -295,9 +295,10 @@ static int htable_create(struct net *net, struct hashlimit_cfg3 *cfg,
>  
>  	/* copy match config into hashtable config */
>  	ret = cfg_copy(&hinfo->cfg, (void *)cfg, 3);
> -
> -	if (ret)
> +	if (ret) {
> +		vfree(hinfo);
>  		return ret;
> +	}
>  
>  	hinfo->cfg.size = size;
>  	if (hinfo->cfg.max == 0)

   The next 4 hunks are half-related whitespace noise.

> @@ -814,7 +815,6 @@ hashlimit_mt_v1(const struct sk_buff *skb, struct xt_action_param *par)
>  	int ret;
>  
>  	ret = cfg_copy(&cfg, (void *)&info->cfg, 1);
> -
>  	if (ret)
>  		return ret;
>  
> @@ -830,7 +830,6 @@ hashlimit_mt_v2(const struct sk_buff *skb, struct xt_action_param *par)
>  	int ret;
>  
>  	ret = cfg_copy(&cfg, (void *)&info->cfg, 2);
> -
>  	if (ret)
>  		return ret;
>  
> @@ -921,7 +920,6 @@ static int hashlimit_mt_check_v1(const struct xt_mtchk_param *par)
>  		return ret;
>  
>  	ret = cfg_copy(&cfg, (void *)&info->cfg, 1);
> -
>  	if (ret)
>  		return ret;
>  
> @@ -940,7 +938,6 @@ static int hashlimit_mt_check_v2(const struct xt_mtchk_param *par)
>  		return ret;
>  
>  	ret = cfg_copy(&cfg, (void *)&info->cfg, 2);
> -
>  	if (ret)
>  		return ret;
>  

MBR, Sergei

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ