lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <0552db30b97ec8db87d82ef5d6def490510ce6aa.1607712061.git.aclaudi@redhat.com>
Date:   Fri, 11 Dec 2020 19:53:02 +0100
From:   Andrea Claudi <aclaudi@...hat.com>
To:     netdev@...r.kernel.org
Cc:     stephen@...workplumber.org, dsahern@...il.com
Subject: [PATCH iproute2 1/2] devlink: fix memory leak in cmd_dev_flash()

nlg_ntf is dinamically allocated in mnlg_socket_open(), and is freed on
the out: return path. However, some error paths do not free it,
resulting in memory leak.

This commit fix this using mnlg_socket_close(), and reporting the
correct error number when required.

Fixes: 9b13cddfe268 ("devlink: implement flash status monitoring")
Signed-off-by: Andrea Claudi <aclaudi@...hat.com>
---
 devlink/devlink.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/devlink/devlink.c b/devlink/devlink.c
index ca99732e..43549965 100644
--- a/devlink/devlink.c
+++ b/devlink/devlink.c
@@ -3371,19 +3371,21 @@ static int cmd_dev_flash(struct dl *dl)
 
 	err = _mnlg_socket_group_add(nlg_ntf, DEVLINK_GENL_MCGRP_CONFIG_NAME);
 	if (err)
-		return err;
+		goto err_socket;
 
 	err = pipe(pipe_fds);
-	if (err == -1)
-		return -errno;
+	if (err == -1) {
+		err = -errno;
+		goto err_socket;
+	}
 	pipe_r = pipe_fds[0];
 	pipe_w = pipe_fds[1];
 
 	pid = fork();
 	if (pid == -1) {
-		close(pipe_r);
 		close(pipe_w);
-		return -errno;
+		err = -errno;
+		goto out;
 	} else if (!pid) {
 		/* In child, just execute the flash and pass returned
 		 * value through pipe once it is done.
@@ -3412,6 +3414,7 @@ static int cmd_dev_flash(struct dl *dl)
 	err = _mnlg_socket_recv_run(dl->nlg, NULL, NULL);
 out:
 	close(pipe_r);
+err_socket:
 	mnlg_socket_close(nlg_ntf);
 	return err;
 }
-- 
2.29.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ