linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] net: xfrm: fix memory leak in xfrm_user_policy()
@ 2020-11-10  1:14 Yu Kuai
  2020-11-12  6:52 ` Steffen Klassert
  0 siblings, 1 reply; 2+ messages in thread
From: Yu Kuai @ 2020-11-10  1:14 UTC (permalink / raw)
  To: steffen.klassert, herbert, davem, kuba, 0x7f454c46
  Cc: netdev, linux-kernel, yukuai3, yi.zhang, zhangxiaoxu5

if xfrm_get_translator() failed, xfrm_user_policy() return without
freeing 'data', which is allocated in memdup_sockptr().

Fixes: 96392ee5a13b ("xfrm/compat: Translate 32-bit user_policy from sockptr")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
---
 net/xfrm/xfrm_state.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index a77da7aae6fe..2f1517827995 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -2382,8 +2382,10 @@ int xfrm_user_policy(struct sock *sk, int optname, sockptr_t optval, int optlen)
 	if (in_compat_syscall()) {
 		struct xfrm_translator *xtr = xfrm_get_translator();
 
-		if (!xtr)
+		if (!xtr) {
+			kfree(data);
 			return -EOPNOTSUPP;
+		}
 
 		err = xtr->xlate_user_policy_sockptr(&data, optlen);
 		xfrm_put_translator(xtr);
-- 
2.25.4


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] net: xfrm: fix memory leak in xfrm_user_policy()
  2020-11-10  1:14 [PATCH] net: xfrm: fix memory leak in xfrm_user_policy() Yu Kuai
@ 2020-11-12  6:52 ` Steffen Klassert
  0 siblings, 0 replies; 2+ messages in thread
From: Steffen Klassert @ 2020-11-12  6:52 UTC (permalink / raw)
  To: Yu Kuai
  Cc: herbert, davem, kuba, 0x7f454c46, netdev, linux-kernel, yi.zhang,
	zhangxiaoxu5

On Tue, Nov 10, 2020 at 09:14:43AM +0800, Yu Kuai wrote:
> if xfrm_get_translator() failed, xfrm_user_policy() return without
> freeing 'data', which is allocated in memdup_sockptr().
> 
> Fixes: 96392ee5a13b ("xfrm/compat: Translate 32-bit user_policy from sockptr")
> Reported-by: Hulk Robot <hulkci@huawei.com>
> Signed-off-by: Yu Kuai <yukuai3@huawei.com>

Patch applied, thanks!

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-11-12  6:52 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-10  1:14 [PATCH] net: xfrm: fix memory leak in xfrm_user_policy() Yu Kuai
2020-11-12  6:52 ` Steffen Klassert

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).