lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Sun, 04 Oct 2020 14:48:23 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     anant.thazhemadam@...il.com
Cc:     linux-kernel-mentees@...ts.linuxfoundation.org,
        syzbot+69b804437cfec30deac3@...kaller.appspotmail.com,
        jiri@...nulli.us, kuba@...nel.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: team: fix memory leak in __team_options_register

From: Anant Thazhemadam <anant.thazhemadam@...il.com>
Date: Mon,  5 Oct 2020 02:25:36 +0530

> The variable "i" isn't initialized back correctly after the first loop
> under the label inst_rollback gets executed.
> 
> The value of "i" is assigned to be option_count - 1, and the ensuing 
> loop (under alloc_rollback) begins by initializing i--. 
> Thus, the value of i when the loop begins execution will now become 
> i = option_count - 2.
> 
> Thus, when kfree(dst_opts[i]) is called in the second loop in this 
> order, (i.e., inst_rollback followed by alloc_rollback), 
> dst_optsp[option_count - 2] is the first element freed, and 
> dst_opts[option_count - 1] does not get freed, and thus, a memory 
> leak is caused.
> 
> This memory leak can be fixed, by assigning i = option_count (instead of
> option_count - 1).
> 
> Fixes: 80f7c6683fe0 ("team: add support for per-port options")
> Reported-by: syzbot+69b804437cfec30deac3@...kaller.appspotmail.com
> Tested-by: syzbot+69b804437cfec30deac3@...kaller.appspotmail.com
> Signed-off-by: Anant Thazhemadam <anant.thazhemadam@...il.com>

Applied and queued up for -stable, thank you.

Powered by blists - more mailing lists