netdev - [PATCH 4.14] phonet: refcount leak in pep_sock

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-Id: <20220107105332.61347-1-aayush.a.agarwal@oracle.com>
Date:   Fri,  7 Jan 2022 02:53:32 -0800
From:   Aayush Agarwal <aayush.a.agarwal@...cle.com>
To:     unlisted-recipients:; (no To-header on input)
Cc:     aayush.a.agarwal@...cle.com, stable@...r.kernel.org,
        Hangyu Hua <hbh25y@...il.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Remi Denis-Courmont <courmisch@...il.com>,
        "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: [PATCH 4.14] phonet: refcount leak in pep_sock_accep

From: Hangyu Hua <hbh25y@...il.com>

commit bcd0f9335332 ("phonet: refcount leak in pep_sock_accep")
upstream.

sock_hold(sk) is invoked in pep_sock_accept(), but __sock_put(sk) is not
invoked in subsequent failure branches(pep_accept_conn() != 0).

Signed-off-by: Hangyu Hua <hbh25y@...il.com>
Link: https://lore.kernel.org/r/20211209082839.33985-1-hbh25y@gmail.com
Signed-off-by: Jakub Kicinski <kuba@...nel.org>
Signed-off-by: Aayush Agarwal <aayush.a.agarwal@...cle.com>
---
 net/phonet/pep.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/phonet/pep.c b/net/phonet/pep.c
index b0d958cd1823..4c4a8a42ee88 100644
--- a/net/phonet/pep.c
+++ b/net/phonet/pep.c
@@ -881,6 +881,7 @@ static struct sock *pep_sock_accept(struct sock *sk, int flags, int *errp,
 
 	err = pep_accept_conn(newsk, skb);
 	if (err) {
+		__sock_put(sk);
 		sock_put(newsk);
 		newsk = NULL;
 		goto drop;
-- 
2.27.0