| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Nov 2019 12:08:28 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: jouni.hogander@...kie.com
Cc: netdev@...r.kernel.org, socketcan@...tkopp.net,
lukas.bulwahn@...il.com
Subject: Re: [PATCH] slip: Fix memory leak in slip_open error path
From: jouni.hogander@...kie.com
Date: Wed, 13 Nov 2019 13:45:02 +0200
> From: Jouni Hogander <jouni.hogander@...kie.com>
>
> Driver/net/can/slcan.c is derived from slip.c. Memory leak was detected
> by Syzkaller in slcan. Same issue exists in slip.c and this patch is
> addressing the leak in slip.c.
>
> Here is the slcan memory leak trace reported by Syzkaller:
...
> Signed-off-by: Jouni Hogander <jouni.hogander@...kie.com>
Applied and queued up for -stable.
Looking at slip_open() while reviewing this patch, it has this test:
if (!test_bit(SLF_INUSE, &sl->flags)) {
/* Perform the low-level SLIP initialization. */
err = sl_alloc_bufs(sl, SL_MTU);
if (err)
goto err_free_chan;
which seems bogus, because 'sl' here is always a freshly allocated object
from sl_alloc(), which always provides an all-zeros value on sl->flags
so this test always passes.
It can therefore be removed.
Powered by blists - more mailing lists