lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 21 Jul 2019 02:26:23 +0200 From: Florian Westphal <fw@...len.de> To: Wenwen Wang <wang6495@....edu> Cc: Wenwen Wang <wenwen@...uga.edu>, Pablo Neira Ayuso <pablo@...filter.org>, Jozsef Kadlecsik <kadlec@...filter.org>, Florian Westphal <fw@...len.de>, Roopa Prabhu <roopa@...ulusnetworks.com>, Nikolay Aleksandrov <nikolay@...ulusnetworks.com>, "David S. Miller" <davem@...emloft.net>, "open list:NETFILTER" <netfilter-devel@...r.kernel.org>, "open list:NETFILTER" <coreteam@...filter.org>, "moderated list:ETHERNET BRIDGE" <bridge@...ts.linux-foundation.org>, "open list:ETHERNET BRIDGE" <netdev@...r.kernel.org>, open list <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] netfilter: ebtables: compat: fix a memory leak bug Wenwen Wang <wang6495@....edu> wrote: > From: Wenwen Wang <wenwen@...uga.edu> > > In compat_do_replace(), a temporary buffer is allocated through vmalloc() > to hold entries copied from the user space. The buffer address is firstly > saved to 'newinfo->entries', and later on assigned to 'entries_tmp'. Then > the entries in this temporary buffer is copied to the internal kernel > structure through compat_copy_entries(). If this copy process fails, > compat_do_replace() should be terminated. However, the allocated temporary > buffer is not freed on this path, leading to a memory leak. > > To fix the bug, free the buffer before returning from compat_do_replace(). > > Signed-off-by: Wenwen Wang <wenwen@...uga.edu> Reviewed-by: Florian Westphal <fw@...len.de>
Powered by blists - more mailing lists