lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID:
 <AS4PR05MB9647B06CA91FC75EDE6A2BA288182@AS4PR05MB9647.eurprd05.prod.outlook.com>
Date: Thu, 2 May 2024 00:43:18 +0000
From: Tung Quang Nguyen <tung.q.nguyen@...tech.com.au>
To: Xin Long <lucien.xin@...il.com>, network dev <netdev@...r.kernel.org>,
	"tipc-discussion@...ts.sourceforge.net"
	<tipc-discussion@...ts.sourceforge.net>
CC: "davem@...emloft.net" <davem@...emloft.net>, "kuba@...nel.org"
	<kuba@...nel.org>, Eric Dumazet <edumazet@...gle.com>, Paolo Abeni
	<pabeni@...hat.com>, Jon Maloy <jmaloy@...hat.com>, Ying Xue
	<ying.xue@...driver.com>
Subject: RE: [PATCH net] tipc: fix a possible memleak in tipc_buf_append

>Subject: [PATCH net] tipc: fix a possible memleak in tipc_buf_append
>
>__skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after __skb_linearize(), so that the skb can be freed on the
>err path.
>
>Fixes: b7df21cf1b79 ("tipc: skb_linearize the head skb when reassembling msgs")
>Reported-by: Paolo Abeni <pabeni@...hat.com>
>Signed-off-by: Xin Long <lucien.xin@...il.com>
>---
> net/tipc/msg.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/net/tipc/msg.c b/net/tipc/msg.c index 5c9fd4791c4b..c52ab423082c 100644
>--- a/net/tipc/msg.c
>+++ b/net/tipc/msg.c
>@@ -142,9 +142,9 @@ int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf)
> 	if (fragid == FIRST_FRAGMENT) {
> 		if (unlikely(head))
> 			goto err;
>-		*buf = NULL;
> 		if (skb_has_frag_list(frag) && __skb_linearize(frag))
> 			goto err;
>+		*buf = NULL;
> 		frag = skb_unshare(frag, GFP_ATOMIC);
> 		if (unlikely(!frag))
> 			goto err;
>--
>2.43.0
Reviewed-by: Tung Nguyen <tung.q.nguyen@...tech.com.au>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ