Re: [PATCH V2] Fix memory leak in sctp_process_init

memory leak in sctp_process_init · syzbot <hidden> · 2019-05-28
Re: memory leak in sctp_process_init · Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> · 2019-05-28
Re: memory leak in sctp_process_init · Neil Horman <nhorman@tuxdriver.com> · 2019-05-28
Re: memory leak in sctp_process_init · Neil Horman <nhorman@tuxdriver.com> · 2019-05-29
Re: memory leak in sctp_process_init · Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> · 2019-05-29
Re: memory leak in sctp_process_init · Neil Horman <nhorman@tuxdriver.com> · 2019-05-30
Re: memory leak in sctp_process_init · Neil Horman <nhorman@tuxdriver.com> · 2019-05-30
Re: memory leak in sctp_process_init · Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> · 2019-05-30
Re: memory leak in sctp_process_init · Neil Horman <nhorman@tuxdriver.com> · 2019-05-30
Re: memory leak in sctp_process_init · Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> · 2019-05-31
Re: memory leak in sctp_process_init · Neil Horman <nhorman@tuxdriver.com> · 2019-05-31
[PATCH V2] Fix memory leak in sctp_process_init · Neil Horman <nhorman@tuxdriver.com> · 2019-06-03
Re: [PATCH V2] Fix memory leak in sctp_process_init · Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> · 2019-06-03
Re: [PATCH V2] Fix memory leak in sctp_process_init · Xin Long <lucien.xin@gmail.com> · 2019-06-04
Re: [PATCH V2] Fix memory leak in sctp_process_init · Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> · 2019-06-04
Re: [PATCH V2] Fix memory leak in sctp_process_init · Neil Horman <nhorman@tuxdriver.com> · 2019-06-05
Re: [PATCH V2] Fix memory leak in sctp_process_init · Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> · 2019-06-06
Re: [PATCH V2] Fix memory leak in sctp_process_init · Neil Horman <nhorman@tuxdriver.com> · 2019-06-07
Re: [PATCH V2] Fix memory leak in sctp_process_init · Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> · 2019-06-07
Re: [PATCH V2] Fix memory leak in sctp_process_init · Xin Long <lucien.xin@gmail.com> · 2019-06-08
Re: [PATCH V2] Fix memory leak in sctp_process_init · David Miller <davem@davemloft.net> · 2019-06-06

From: David Miller <davem@davemloft.net>
Date: 2019-06-06 00:14:50
Also in: linux-sctp

From: Neil Horman <nhorman@tuxdriver.com>
Date: Mon,  3 Jun 2019 16:32:59 -0400

syzbot found the following leak in sctp_process_init
BUG: memory leak
unreferenced object 0xffff88810ef68400 (size 1024):

...

The problem was that the peer.cookie value points to an skb allocated
area on the first pass through this function, at which point it is
overwritten with a heap allocated value, but in certain cases, where a
COOKIE_ECHO chunk is included in the packet, a second pass through
sctp_process_init is made, where the cookie value is re-allocated,
leaking the first allocation.

Fix is to always allocate the cookie value, and free it when we are done
using it.

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Reported-by: syzbot+f7e9153b037eac9b1df8@syzkaller.appspotmail.com

Applied and queued up for -stable.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help