| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Oct 2019 20:39:19 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: lucien.xin@...il.com
Cc: netdev@...r.kernel.org, linux-sctp@...r.kernel.org,
marcelo.leitner@...il.com, nhorman@...driver.com
Subject: Re: [PATCH net] sctp: change sctp_prot .no_autobind with true
From: Xin Long <lucien.xin@...il.com>
Date: Tue, 15 Oct 2019 15:24:38 +0800
> syzbot reported a memory leak:
>
> BUG: memory leak, unreferenced object 0xffff888120b3d380 (size 64):
> backtrace:
...
> It was caused by when sending msgs without binding a port, in the path:
> inet_sendmsg() -> inet_send_prepare() -> inet_autobind() ->
> .get_port/sctp_get_port(), sp->bind_hash will be set while bp->port is
> not. Later when binding another port by sctp_setsockopt_bindx(), a new
> bucket will be created as bp->port is not set.
>
> sctp's autobind is supposed to call sctp_autobind() where it does all
> things including setting bp->port. Since sctp_autobind() is called in
> sctp_sendmsg() if the sk is not yet bound, it should have skipped the
> auto bind.
>
> THis patch is to avoid calling inet_autobind() in inet_send_prepare()
> by changing sctp_prot .no_autobind with true, also remove the unused
> .get_port.
>
> Reported-by: syzbot+d44f7bbebdea49dbc84a@...kaller.appspotmail.com
> Signed-off-by: Xin Long <lucien.xin@...il.com>
Applied and queued up for -stable.
Xin, in the future please always provide a Fixes: even if it is the
initial kernel repository commit.
Thanks.
Powered by blists - more mailing lists