lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Tue, 11 Aug 2020 16:10:29 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     xiyou.wangcong@...il.com
Cc:     linmiaohe@...wei.com, kuba@...nel.org, edumazet@...gle.com,
        kafai@...com, daniel@...earbox.net, jakub@...udflare.com,
        keescook@...omium.org, zhang.lin16@....com.cn,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: Fix potential memory leak in proto_register()

From: Cong Wang <xiyou.wangcong@...il.com>
Date: Tue, 11 Aug 2020 16:02:51 -0700

>> @@ -3406,6 +3406,16 @@ static void sock_inuse_add(struct net *net, int val)
>>  }
>>  #endif
>>
>> +static void tw_prot_cleanup(struct timewait_sock_ops *twsk_prot)
>> +{
>> +       if (!twsk_prot)
>> +               return;
>> +       kfree(twsk_prot->twsk_slab_name);
>> +       twsk_prot->twsk_slab_name = NULL;
>> +       kmem_cache_destroy(twsk_prot->twsk_slab);
> 
> Hmm, are you sure you can free the kmem cache name before
> kmem_cache_destroy()? To me, it seems kmem_cache_destroy()
> frees the name via slab_kmem_cache_release() via kfree_const().
> With your patch, we have a double-free on the name?
> 
> Or am I missing anything?

Yep, there is a double free here.

Please fix this.

Powered by blists - more mailing lists