lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20220710235254.568878-6-bpoirier@nvidia.com>
Date:   Mon, 11 Jul 2022 08:52:54 +0900
From:   Benjamin Poirier <bpoirier@...dia.com>
To:     Stephen Hemminger <stephen@...workplumber.org>
Cc:     netdev@...r.kernel.org, Ido Schimmel <idosch@...dia.com>,
        Roopa Prabhu <roopa@...dia.com>,
        Paolo Abeni <pabeni@...hat.com>,
        David Ahern <dsahern@...il.com>
Subject: [PATCH iproute2 5/5] ip neigh: Fix memory leak when doing 'get'

With the following command sequence:

ip link add dummy0 type dummy
ip neigh add 192.168.0.1 dev dummy0
ip neigh get 192.168.0.1 dev dummy0

when running the last command under valgrind, it reports

32,768 bytes in 1 blocks are definitely lost in loss record 2 of 2
   at 0x483F7B5: malloc (vg_replace_malloc.c:381)
   by 0x17A0EC: rtnl_recvmsg (libnetlink.c:838)
   by 0x17A3D1: __rtnl_talk_iov.constprop.0 (libnetlink.c:1040)
   by 0x17B894: __rtnl_talk (libnetlink.c:1141)
   by 0x17B894: rtnl_talk (libnetlink.c:1147)
   by 0x12E49B: ipneigh_get (ipneigh.c:728)
   by 0x1174CB: do_cmd (ip.c:136)
   by 0x116F7C: main (ip.c:324)

Free the answer obtained from rtnl_talk().

Fixes: 62842362370b ("ipneigh: neigh get support")
Suggested-by: Ido Schimmel <idosch@...dia.com>
Reviewed-by: Ido Schimmel <idosch@...dia.com>
Signed-off-by: Benjamin Poirier <bpoirier@...dia.com>
---
 ip/ipneigh.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ip/ipneigh.c b/ip/ipneigh.c
index 7facc399..61b0a4a2 100644
--- a/ip/ipneigh.c
+++ b/ip/ipneigh.c
@@ -731,8 +731,10 @@ static int ipneigh_get(int argc, char **argv)
 	ipneigh_reset_filter(0);
 	if (print_neigh(answer, stdout) < 0) {
 		fprintf(stderr, "An error :-)\n");
+		free(answer);
 		return -1;
 	}
+	free(answer);
 
 	return 0;
 }
-- 
2.36.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ