lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 11 Jul 2022 08:52:50 +0900
From:   Benjamin Poirier <bpoirier@...dia.com>
To:     Stephen Hemminger <stephen@...workplumber.org>
Cc:     netdev@...r.kernel.org, Ido Schimmel <idosch@...dia.com>,
        Roopa Prabhu <roopa@...dia.com>,
        Paolo Abeni <pabeni@...hat.com>,
        David Ahern <dsahern@...il.com>
Subject: [PATCH iproute2 1/5] ip address: Fix memory leak when specifying device

Running a command like `ip addr show dev lo` under valgrind informs us that

32,768 bytes in 1 blocks are definitely lost in loss record 4 of 4
   at 0x483577F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
   by 0x16CBE2: rtnl_recvmsg (libnetlink.c:775)
   by 0x16CF04: __rtnl_talk_iov (libnetlink.c:954)
   by 0x16E257: __rtnl_talk (libnetlink.c:1059)
   by 0x16E257: rtnl_talk (libnetlink.c:1065)
   by 0x115CB1: ipaddr_link_get (ipaddress.c:1833)
   by 0x11A0D1: ipaddr_list_flush_or_save (ipaddress.c:2030)
   by 0x1152EB: do_cmd (ip.c:115)
   by 0x114D6F: main (ip.c:321)

After calling store_nlmsg(), the original buffer should be freed. That is
the pattern used elsewhere through the rtnl_dump_filter() call chain.

Fixes: 884709785057 ("ip address: Set device index in dump request")
Reported-by: Binu Gopalakrishnapillai <binug@...dia.com>
Reviewed-by: Ido Schimmel <idosch@...dia.com>
Signed-off-by: Benjamin Poirier <bpoirier@...dia.com>
---
 ip/ipaddress.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ip/ipaddress.c b/ip/ipaddress.c
index a288341c..59ef1e4b 100644
--- a/ip/ipaddress.c
+++ b/ip/ipaddress.c
@@ -2030,8 +2030,10 @@ static int ipaddr_link_get(int index, struct nlmsg_chain *linfo)
 
 	if (store_nlmsg(answer, linfo) < 0) {
 		fprintf(stderr, "Failed to process link information\n");
+		free(answer);
 		return 1;
 	}
+	free(answer);
 
 	return 0;
 }
-- 
2.36.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ