| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <afffe3c9-5f08-3cc5-f356-dbb41e94ab75@gmail.com>
Date: Sat, 4 May 2019 09:08:13 -0600
From: David Ahern <dsahern@...il.com>
To: Zhiqiang Liu <liuzhiqiang26@...wei.com>,
stephen@...workplumber.org, liuhangbin@...il.com,
kuznet@....inr.ac.ru
Cc: nicolas.dichtel@...nd.com, phil@....cc,
"wangxiaogang (F)" <wangxiaogang3@...wei.com>,
Mingfangsen <mingfangsen@...wei.com>,
"Zhoukang (A)" <zhoukang7@...wei.com>, kouhuiying@...wei.com,
netdev@...r.kernel.org
Subject: Re: [PATCH iproute2 v3] ipnetns: use-after-free problem in
get_netnsid_from_name func
On 5/4/19 1:26 AM, Zhiqiang Liu wrote:
>
> diff --git a/ip/ipnetns.c b/ip/ipnetns.c
> index 430d884..d72be95 100644
> --- a/ip/ipnetns.c
> +++ b/ip/ipnetns.c
> @@ -107,7 +107,7 @@ int get_netnsid_from_name(const char *name)
> struct nlmsghdr *answer;
> struct rtattr *tb[NETNSA_MAX + 1];
> struct rtgenmsg *rthdr;
> - int len, fd;
> + int len, fd, ret = -1;
>
> netns_nsid_socket_init();
>
> @@ -134,8 +134,9 @@ int get_netnsid_from_name(const char *name)
> parse_rtattr(tb, NETNSA_MAX, NETNS_RTA(rthdr), len);
>
> if (tb[NETNSA_NSID]) {
> + ret = rta_getattr_u32(tb[NETNSA_NSID]);
> free(answer);
> - return rta_getattr_u32(tb[NETNSA_NSID]);
> + return ret;
set ret here, drop the free, let it proceed down to the existing free
and return but now using ret. That way there is 1 exit path and handles
the cleanup.
> }
>
> err_out:
>
Powered by blists - more mailing lists