| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Jun 2021 22:49:08 +0800
From: Nguyen Dinh Phi <phind.uet@...il.com>
To: edumazet@...gle.com, davem@...emloft.net, yoshfuji@...ux-ipv6.org,
dsahern@...nel.org, kuba@...nel.org, ast@...nel.org,
daniel@...earbox.net, andrii@...nel.org, kafai@...com,
songliubraving@...com, john.fastabend@...il.com, kpsingh@...nel.org
Cc: Nguyen Dinh Phi <phind.uet@...il.com>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, bpf@...r.kernel.org,
linux-kernel-mentees@...ts.linuxfoundation.org,
syzbot+f1e24a0594d4e3a895d3@...kaller.appspotmail.com
Subject: [PATCH] tcp: Do not reset the icsk_ca_initialized in tcp_init_transfer.
icsk_ca_initialized be always set to zero before we examine it in if
block, this makes the congestion control module's initialization be
called even if the CC module was initialized already.
In case the CC module allocates and setups its dynamically allocated
private data in its init() function, e.g, CDG, the memory leak may occur.
Reported-by: syzbot+f1e24a0594d4e3a895d3@...kaller.appspotmail.com
Signed-off-by: Nguyen Dinh Phi <phind.uet@...il.com>
---
net/ipv4/tcp_input.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 7d5e59f688de..855ada2be25e 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5922,7 +5922,6 @@ void tcp_init_transfer(struct sock *sk, int bpf_op, struct sk_buff *skb)
tp->snd_cwnd = tcp_init_cwnd(tp, __sk_dst_get(sk));
tp->snd_cwnd_stamp = tcp_jiffies32;
- icsk->icsk_ca_initialized = 0;
bpf_skops_established(sk, bpf_op, skb);
if (!icsk->icsk_ca_initialized)
tcp_init_congestion_control(sk);
--
2.25.1
Powered by blists - more mailing lists