* [PATCH] net: xfrm: fix memory leak in xfrm_user_policy()
@ 2020-11-10 1:14 Yu Kuai
2020-11-12 6:52 ` Steffen Klassert
0 siblings, 1 reply; 2+ messages in thread
From: Yu Kuai @ 2020-11-10 1:14 UTC (permalink / raw)
To: steffen.klassert, herbert, davem, kuba, 0x7f454c46
Cc: netdev, linux-kernel, yukuai3, yi.zhang, zhangxiaoxu5
if xfrm_get_translator() failed, xfrm_user_policy() return without
freeing 'data', which is allocated in memdup_sockptr().
Fixes: 96392ee5a13b ("xfrm/compat: Translate 32-bit user_policy from sockptr")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
---
net/xfrm/xfrm_state.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index a77da7aae6fe..2f1517827995 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -2382,8 +2382,10 @@ int xfrm_user_policy(struct sock *sk, int optname, sockptr_t optval, int optlen)
if (in_compat_syscall()) {
struct xfrm_translator *xtr = xfrm_get_translator();
- if (!xtr)
+ if (!xtr) {
+ kfree(data);
return -EOPNOTSUPP;
+ }
err = xtr->xlate_user_policy_sockptr(&data, optlen);
xfrm_put_translator(xtr);
--
2.25.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] net: xfrm: fix memory leak in xfrm_user_policy()
2020-11-10 1:14 [PATCH] net: xfrm: fix memory leak in xfrm_user_policy() Yu Kuai
@ 2020-11-12 6:52 ` Steffen Klassert
0 siblings, 0 replies; 2+ messages in thread
From: Steffen Klassert @ 2020-11-12 6:52 UTC (permalink / raw)
To: Yu Kuai
Cc: herbert, davem, kuba, 0x7f454c46, netdev, linux-kernel, yi.zhang,
zhangxiaoxu5
On Tue, Nov 10, 2020 at 09:14:43AM +0800, Yu Kuai wrote:
> if xfrm_get_translator() failed, xfrm_user_policy() return without
> freeing 'data', which is allocated in memdup_sockptr().
>
> Fixes: 96392ee5a13b ("xfrm/compat: Translate 32-bit user_policy from sockptr")
> Reported-by: Hulk Robot <hulkci@huawei.com>
> Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Patch applied, thanks!
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-11-12 6:52 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-10 1:14 [PATCH] net: xfrm: fix memory leak in xfrm_user_policy() Yu Kuai
2020-11-12 6:52 ` Steffen Klassert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).