lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <afffe3c9-5f08-3cc5-f356-dbb41e94ab75@gmail.com> Date: Sat, 4 May 2019 09:08:13 -0600 From: David Ahern <dsahern@...il.com> To: Zhiqiang Liu <liuzhiqiang26@...wei.com>, stephen@...workplumber.org, liuhangbin@...il.com, kuznet@....inr.ac.ru Cc: nicolas.dichtel@...nd.com, phil@....cc, "wangxiaogang (F)" <wangxiaogang3@...wei.com>, Mingfangsen <mingfangsen@...wei.com>, "Zhoukang (A)" <zhoukang7@...wei.com>, kouhuiying@...wei.com, netdev@...r.kernel.org Subject: Re: [PATCH iproute2 v3] ipnetns: use-after-free problem in get_netnsid_from_name func On 5/4/19 1:26 AM, Zhiqiang Liu wrote: > > diff --git a/ip/ipnetns.c b/ip/ipnetns.c > index 430d884..d72be95 100644 > --- a/ip/ipnetns.c > +++ b/ip/ipnetns.c > @@ -107,7 +107,7 @@ int get_netnsid_from_name(const char *name) > struct nlmsghdr *answer; > struct rtattr *tb[NETNSA_MAX + 1]; > struct rtgenmsg *rthdr; > - int len, fd; > + int len, fd, ret = -1; > > netns_nsid_socket_init(); > > @@ -134,8 +134,9 @@ int get_netnsid_from_name(const char *name) > parse_rtattr(tb, NETNSA_MAX, NETNS_RTA(rthdr), len); > > if (tb[NETNSA_NSID]) { > + ret = rta_getattr_u32(tb[NETNSA_NSID]); > free(answer); > - return rta_getattr_u32(tb[NETNSA_NSID]); > + return ret; set ret here, drop the free, let it proceed down to the existing free and return but now using ret. That way there is 1 exit path and handles the cleanup. > } > > err_out: >
Powered by blists - more mailing lists