| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20251224123513.180257-1-zilin@seu.edu.cn>
Date: Wed, 24 Dec 2025 12:35:13 +0000
From: Zilin Guan <zilin@....edu.cn>
To: dhowells@...hat.com
Cc: marc.dionne@...istor.com,
davem@...emloft.net,
edumazet@...gle.com,
kuba@...nel.org,
pabeni@...hat.com,
horms@...nel.org,
linux-afs@...ts.infradead.org,
netdev@...r.kernel.org,
linux-kernel@...r.kernel.org,
jianhao.xu@....edu.cn,
Zilin Guan <zilin@....edu.cn>
Subject: [PATCH net] rxrpc: Fix memory leak in rxkad_verify_response()
In rxkad_verify_response(), if skb_copy_bits() fails, the function jumps to
the protocol_error label without freeing the allocated ticket, leading to
a memory leak.
Fix this by jumping to the protocol_error_free label to ensure the ticket
is freed.
Fixes: 57af281e5389b ("rxrpc: Tidy up abort generation infrastructure")
Signed-off-by: Zilin Guan <zilin@....edu.cn>
---
net/rxrpc/rxkad.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 3657c0661cdc..4679c2be4235 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -1184,7 +1184,7 @@ static int rxkad_verify_response(struct rxrpc_connection *conn,
ticket, ticket_len) < 0) {
rxrpc_abort_conn(conn, skb, RXKADPACKETSHORT, -EPROTO,
rxkad_abort_resp_short_tkt);
- goto protocol_error;
+ goto protocol_error_free;
}
ret = rxkad_decrypt_ticket(conn, server_key, skb, ticket, ticket_len,
--
2.34.1
Powered by blists - more mailing lists