Thread (18 messages) 18 messages, 4 authors, 2019-06-15

Re: [PATCH v4 net] sctp: Free cookie before we memdup a new one

From: Neil Horman <nhorman@tuxdriver.com>
Date: 2019-06-12 20:32:47
Also in: linux-sctp

On Wed, Jun 12, 2019 at 03:07:15PM -0300, Marcelo Ricardo Leitner wrote:
On Tue, Jun 11, 2019 at 08:38:14PM -0400, Neil Horman wrote:
quoted
Based on comments from Xin, even after fixes for our recent syzbot
report of cookie memory leaks, its possible to get a resend of an INIT
chunk which would lead to us leaking cookie memory.

To ensure that we don't leak cookie memory, free any previously
allocated cookie first.

---
This marker can't be here, as it causes git to loose everything below.
thats intentional so that, when Dave commits it, the change notes arent carried
into the changelog (I.e. the change notes are useful for email review, but not
especially useful in the permanent commit history).

Neil
quoted
Change notes
v1->v2
update subsystem tag in subject (davem)
repeat kfree check for peer_random and peer_hmacs (xin)

v2->v3
net->sctp
also free peer_chunks

v3->v4
fix subject tags

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Reported-by: syzbot+f7e9153b037eac9b1df8@syzkaller.appspotmail.com
CC: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
CC: Xin Long <lucien.xin@gmail.com>
CC: "David S. Miller" <davem@davemloft.net>
CC: netdev@vger.kernel.org
Anyhow, LGTM and reproducer didn't give any hits in 2 runs of 50mins.
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help