lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20230705053926.GF6455@unreal>
Date: Wed, 5 Jul 2023 08:39:26 +0300
From: Leon Romanovsky <leon@...nel.org>
To: Zhengchao Shao <shaozhengchao@...wei.com>
Cc: netdev@...r.kernel.org, linux-rdma@...r.kernel.org, davem@...emloft.net,
	edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
	borisp@...dia.com, saeedm@...dia.com, raeds@...dia.com,
	ehakim@...dia.com, liorna@...dia.com, nathan@...nel.org,
	weiyongjun1@...wei.com, yuehaibing@...wei.com
Subject: Re: [PATCH net] net/mlx5e: fix double free in
 macsec_fs_tx_create_crypto_table_groups

On Tue, Jul 04, 2023 at 03:06:40PM +0800, Zhengchao Shao wrote:
> In function macsec_fs_tx_create_crypto_table_groups(), when the ft->g
> memory is successfully allocated but the 'in' memory fails to be
> allocated, the memory pointed to by ft->g is released once. And in function
> macsec_fs_tx_create(), macsec_fs_tx_destroy() is called to release the
> memory pointed to by ft->g again. This will cause double free problem.

This is perfect example, why it is anti-pattern to have one global
destroy function like macsec_fs_tx_destroy(), which hides multiple
class of errors: wrong release order, double free e.t.c

> 
> Fixes: e467b283ffd5 ("net/mlx5e: Add MACsec TX steering rules")
> Signed-off-by: Zhengchao Shao <shaozhengchao@...wei.com>
> ---
>  drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.c | 1 +
>  1 file changed, 1 insertion(+)
> 

Thanks,
Reviewed-by: Leon Romanovsky <leonro@...dia.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ