lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <95a8beb95aee10b20492dd01813f2da985e31ba9.camel@kernel.org>
Date: Fri, 12 Jan 2024 08:23:39 -0500
From: Jeff Layton <jlayton@...nel.org>
To: Zhipeng Lu <alexious@....edu.cn>
Cc: Chuck Lever <chuck.lever@...cle.com>, Neil Brown <neilb@...e.de>, Olga
 Kornievskaia <kolga@...app.com>, Dai Ngo <Dai.Ngo@...cle.com>, Tom Talpey
 <tom@...pey.com>, Trond Myklebust <trond.myklebust@...merspace.com>, Anna
 Schumaker <anna@...nel.org>, "David S. Miller" <davem@...emloft.net>, Eric
 Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,  Paolo
 Abeni <pabeni@...hat.com>, Simo Sorce <simo@...hat.com>, Steve Dickson
 <steved@...hat.com>, Kevin Coffman <kwc@...i.umich.edu>,
 linux-nfs@...r.kernel.org, netdev@...r.kernel.org, 
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH] [v2] SUNRPC: fix a memleak in gss_import_v2_context

On Fri, 2024-01-12 at 16:45 +0800, Zhipeng Lu wrote:
> The ctx->mech_used.data allocated by kmemdup is not freed in neither
> gss_import_v2_context nor it only caller radeon_driver_open_kms.


I'm not sure what this has to do with the radeon driver? The changelog
probably needs to be revised.

> Thus, this patch reform the last call of gss_import_v2_context to the
> gss_krb5_import_ctx_v2, preventing the memleak while keepping the return
> formation.
> 
> Fixes: 47d848077629 ("gss_krb5: handle new context format from gssd")
> Signed-off-by: Zhipeng Lu <alexious@....edu.cn>
> ---
> Changelog:
> 
> v2: add non-error case
> ---
>  net/sunrpc/auth_gss/gss_krb5_mech.c | 11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
> index e31cfdf7eadc..5e6f90d73858 100644
> --- a/net/sunrpc/auth_gss/gss_krb5_mech.c
> +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
> @@ -398,6 +398,7 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx,
>  	u64 seq_send64;
>  	int keylen;
>  	u32 time32;
> +	int ret;
>  
>  	p = simple_get_bytes(p, end, &ctx->flags, sizeof(ctx->flags));
>  	if (IS_ERR(p))
> @@ -450,8 +451,16 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx,
>  	}
>  	ctx->mech_used.len = gss_kerberos_mech.gm_oid.len;
>  
> -	return gss_krb5_import_ctx_v2(ctx, gfp_mask);
> +	ret = gss_krb5_import_ctx_v2(ctx, gfp_mask);
> +	if (ret) {
> +		p = ERR_PTR(ret);
> +		goto out_free;
> +	};
>  
> +	return 0;
> +
> +out_free:
> +	kfree(ctx->mech_used.data);
>  out_err:
>  	return PTR_ERR(p);
>  }

Nice catch!

Reviewed-by: Jeff Layton <jlayton@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ