| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a7e88fd6-65be-97f9-f660-152fabef565e@huawei.com>
Date: Sun, 5 May 2019 09:15:58 +0800
From: Zhiqiang Liu <liuzhiqiang26@...wei.com>
To: David Ahern <dsahern@...il.com>, <stephen@...workplumber.org>,
<liuhangbin@...il.com>, <kuznet@....inr.ac.ru>
CC: <nicolas.dichtel@...nd.com>, <phil@....cc>,
"wangxiaogang (F)" <wangxiaogang3@...wei.com>,
Mingfangsen <mingfangsen@...wei.com>,
"Zhoukang (A)" <zhoukang7@...wei.com>, <kouhuiying@...wei.com>,
<netdev@...r.kernel.org>
Subject: Re: [PATCH iproute2 v3] ipnetns: use-after-free problem in
get_netnsid_from_name func
> On 5/4/19 1:26 AM, Zhiqiang Liu wrote:
>>
>> diff --git a/ip/ipnetns.c b/ip/ipnetns.c
>> index 430d884..d72be95 100644
>> --- a/ip/ipnetns.c
>> +++ b/ip/ipnetns.c
>> @@ -107,7 +107,7 @@ int get_netnsid_from_name(const char *name)
>> struct nlmsghdr *answer;
>> struct rtattr *tb[NETNSA_MAX + 1];
>> struct rtgenmsg *rthdr;
>> - int len, fd;
>> + int len, fd, ret = -1;
>>
>> netns_nsid_socket_init();
>>
>> @@ -134,8 +134,9 @@ int get_netnsid_from_name(const char *name)
>> parse_rtattr(tb, NETNSA_MAX, NETNS_RTA(rthdr), len);
>>
>> if (tb[NETNSA_NSID]) {
>> + ret = rta_getattr_u32(tb[NETNSA_NSID]);
>> free(answer);
>> - return rta_getattr_u32(tb[NETNSA_NSID]);
>> + return ret;
>
> set ret here, drop the free, let it proceed down to the existing free
> and return but now using ret. That way there is 1 exit path and handles
> the cleanup
Yes, you are right. I will do that in the v4 patch.
That is very nice of you. Thanks a lot.
Powered by blists - more mailing lists