lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 17 Jan 2024 15:44:45 +0800 (GMT+08:00)
From: alexious@....edu.cn
To: "Chuck Lever III" <chuck.lever@...cle.com>
Cc: "Simon Horman" <horms@...nel.org>, "Jeff Layton" <jlayton@...nel.org>,
	"Neil Brown" <neilb@...e.de>, "Olga Kornievskaia" <kolga@...app.com>,
	"Dai Ngo" <dai.ngo@...cle.com>, "Tom Talpey" <tom@...pey.com>,
	"Trond Myklebust" <trond.myklebust@...merspace.com>,
	"Anna Schumaker" <anna@...nel.org>,
	"David S. Miller" <davem@...emloft.net>,
	"Eric Dumazet" <edumazet@...gle.com>,
	"Jakub Kicinski" <kuba@...nel.org>,
	"Paolo Abeni" <pabeni@...hat.com>, "Simo Sorce" <simo@...hat.com>,
	"Steve Dickson" <steved@...hat.com>,
	"Kevin Coffman" <kwc@...i.umich.edu>,
	"Linux NFS Mailing List" <linux-nfs@...r.kernel.org>,
	"open list:NETWORKING [GENERAL]" <netdev@...r.kernel.org>,
	"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>
Subject: Re: Re: [PATCH] [v2] SUNRPC: fix a memleak in gss_import_v2_context


> > On Jan 15, 2024, at 6:09 AM, Simon Horman <horms@...nel.org> wrote:
> > 
> > On Fri, Jan 12, 2024 at 04:45:38PM +0800, Zhipeng Lu wrote:
> >> The ctx->mech_used.data allocated by kmemdup is not freed in neither
> >> gss_import_v2_context nor it only caller radeon_driver_open_kms.
> > 
> > Should radeon_driver_open_kms be gss_krb5_import_sec_context?
> > 
> > Also, perhaps it is useful to write something like this:
> > 
> > ... gss_krb5_import_sec_context, which frees ctx on error.

Yes, you are right, I proberly mixed up it to another patch :(.
And the first sentence of the patch description should be:

The ctx->mech_used.data allocated by kmemdup is not freed in neither
gss_import_v2_context nor it only caller gss_krb5_import_sec_context, 
which frees ctx on error.

> 
> If Zhipeng agrees to this suggestion, I can change the
> patch description in my tree. A v3 is not necessary.

Yes, I agree with Simon's suggestion and I give the corrected description 
above.

> 
> >> Thus, this patch reform the last call of gss_import_v2_context to the
> >> gss_krb5_import_ctx_v2, preventing the memleak while keepping the return
> >> formation.
> >> 
> >> Fixes: 47d848077629 ("gss_krb5: handle new context format from gssd")
> >> Signed-off-by: Zhipeng Lu <alexious@....edu.cn>
> > 
> > Hi Zhipeng Lu,
> > 
> > Other than the comment above, I agree with your analysis.
> > And that although the problem has changed form slightly,
> > it was originally introduced by the cited commit.
> > I also agree that your fix.
> > 
> > ...
> 
> --
> Chuck Lever
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ