| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231116193109.37ef55b8@hermes.local>
Date: Thu, 16 Nov 2023 19:31:09 -0800
From: Stephen Hemminger <stephen@...workplumber.org>
To: Andrea Claudi <aclaudi@...hat.com>
Cc: heminhong <heminhong@...inos.cn>, petrm@...dia.com,
netdev@...r.kernel.org
Subject: Re: [PATCH v4] iproute2: prevent memory leak
On Fri, 17 Nov 2023 01:45:51 +0100
Andrea Claudi <aclaudi@...hat.com> wrote:
> On Thu, Nov 16, 2023 at 03:05:21PM -0800, Stephen Hemminger wrote:
> > On Thu, 16 Nov 2023 11:13:08 +0800
> > heminhong <heminhong@...inos.cn> wrote:
> >
> > > When the return value of rtnl_talk() is not less than 0,
> > > 'answer' will be allocated. The 'answer' should be free
> > > after using, otherwise it will cause memory leak.
> > >
> > > Signed-off-by: heminhong <heminhong@...inos.cn>
> >
> > I am skeptical, what is the code path through rtn_talk() that
> > returns non zero, and allocates answer. If so, that should be fixed
> > there.
> >
> > In current code, the returns are:
> > - sendmsg() fails
> > - recvmsg() fails
> > - truncated message
> >
> > The paths that set answer are returning 0
>
> IMHO the memory leak is in the same functions this is patching.
> For example, in ip/link_gre.c:122 we are effectively returning after
> having answer allocated correctly by rtnl_talk().
>
> The confusion here stems from the fact we are jumping into the error
> path of rtnl_talk() after rtnl_talk() executed fine.
>
So looks like a GRE etc bug introduced by the change to parsing.
Should add:
Fixes: a066cc6623e1 ("gre/gre6: Unify local/remote endpoint address parsing")
Cc: serhe.popovych@...il.com
Powered by blists - more mailing lists