| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZVa2Oha4ahHnYw16@renaissance-vector> Date: Fri, 17 Nov 2023 01:45:51 +0100 From: Andrea Claudi <aclaudi@...hat.com> To: Stephen Hemminger <stephen@...workplumber.org> Cc: heminhong <heminhong@...inos.cn>, petrm@...dia.com, netdev@...r.kernel.org Subject: Re: [PATCH v4] iproute2: prevent memory leak On Thu, Nov 16, 2023 at 03:05:21PM -0800, Stephen Hemminger wrote: > On Thu, 16 Nov 2023 11:13:08 +0800 > heminhong <heminhong@...inos.cn> wrote: > > > When the return value of rtnl_talk() is not less than 0, > > 'answer' will be allocated. The 'answer' should be free > > after using, otherwise it will cause memory leak. > > > > Signed-off-by: heminhong <heminhong@...inos.cn> > > I am skeptical, what is the code path through rtn_talk() that > returns non zero, and allocates answer. If so, that should be fixed > there. > > In current code, the returns are: > - sendmsg() fails > - recvmsg() fails > - truncated message > > The paths that set answer are returning 0 IMHO the memory leak is in the same functions this is patching. For example, in ip/link_gre.c:122 we are effectively returning after having answer allocated correctly by rtnl_talk(). The confusion here stems from the fact we are jumping into the error path of rtnl_talk() after rtnl_talk() executed fine.
Powered by blists - more mailing lists