lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <9b028652-eb5b-4faf-bf9c-6d64f0ed7a9f@app.fastmail.com>
Date: Mon, 26 Jan 2026 11:43:18 -0500
From: "Chuck Lever" <cel@...nel.org>
To: "Haoxiang Li" <lihaoxiang@...c.iscas.ac.cn>,
 "Trond Myklebust" <trondmy@...nel.org>, "Anna Schumaker" <anna@...nel.org>,
 davem@...emloft.net, edumazet@...gle.com, "Jakub Kicinski" <kuba@...nel.org>,
 pabeni@...hat.com, "Simon Horman" <horms@...nel.org>, llfamsec@...il.com,
 simo@...hat.com, bfields@...ldses.org
Cc: linux-nfs@...r.kernel.org, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH] sunrpc: fix a resource leak in gss_proxy_save_rsc()



On Sun, Jan 25, 2026, at 9:10 PM, Haoxiang Li wrote:
> In gss_proxy_save_rsc(), if gss_import_sec_context() fails,
> call gss_mech_put() to release the reources acquired by
> gss_mech_get_by_OID().
>
> Fixes: 030d794bf498 ("SUNRPC: Use gssproxy upcall for server RPCGSS 
> authentication.")
> Cc: stable@...r.kernel.org
> Signed-off-by: Haoxiang Li <lihaoxiang@...c.iscas.ac.cn>
> ---
>  net/sunrpc/auth_gss/svcauth_gss.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/net/sunrpc/auth_gss/svcauth_gss.c 
> b/net/sunrpc/auth_gss/svcauth_gss.c
> index a8ec30759a18..cdae1f23adfc 100644
> --- a/net/sunrpc/auth_gss/svcauth_gss.c
> +++ b/net/sunrpc/auth_gss/svcauth_gss.c
> @@ -1268,8 +1268,10 @@ static int gss_proxy_save_rsc(struct 
> cache_detail *cd,
>  						ud->out_handle.len,
>  						gm, &rsci.mechctx,
>  						&expiry, GFP_KERNEL);
> -		if (status)
> +		if (status) {
> +			gss_mech_put(gm);
>  			goto out;
> +		}

Is the reference already released via free_svc_cred() ? This
change might introduce a double-free bug.


> 
>  		getboottime64(&boot);
>  		expiry -= boot.tv_sec;
> -- 
> 2.25.1

-- 
Chuck Lever

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ