From: Patrick McHardy <kaber@trash.net>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>,
Masahide NAKAMURA <nakam@linux-ipv6.org>, jamal <hadi@cyberus.ca>,
netdev <netdev@oss.sgi.com>
Subject: Re: [1/7] [IPSEC] Add complete xfrm event notification
Date: Sat, 07 May 2005 16:51:33 +0200 [thread overview]
Message-ID: <427CD5F5.9010605@trash.net> (raw)
In-Reply-To: <20050507071824.GA5753@gondor.apana.org.au>
[-- Attachment #1: Type: text/plain, Size: 522 bytes --]
Herbert Xu wrote:
> @@ -1254,6 +1326,7 @@ static int pfkey_add(struct sock *sk, st
> if (IS_ERR(x))
> return PTR_ERR(x);
>
> + xfrm_state_hold(x);
This introduces a leak when xfrm_state_add()/xfrm_state_update()
fail. We hold two references (one from xfrm_state_alloc(), one
from xfrm_state_hold()), but only drop one. We need to take the
reference because the reference from xfrm_state_alloc() can
be dropped by __xfrm_state_delete(), so the fix is to drop both
references on error. Same problem in xfrm_user.c.
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1647 bytes --]
[XFRM]: Fix xfrm_state leaks in error path
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit a4222e4b4f4fe6a28204e7960972ef833ac0c4ce
tree c24f26cfe03081d10a3a3f66d5d3e503395090b4
parent 16efae13731912e8cd028a85257fb33726318770
author Patrick McHardy <kaber@trash.net> 1115477180 +0200
committer Patrick McHardy <kaber@trash.net> 1115477180 +0200
Index: net/key/af_key.c
===================================================================
--- 6c0df7e8f613031668cf54aec5735e8b9f76aaa9/net/key/af_key.c (mode:100644 sha1:577f0bb5bb31816bb1ecf94848ae2758d9c2cbcf)
+++ c24f26cfe03081d10a3a3f66d5d3e503395090b4/net/key/af_key.c (mode:100644 sha1:98b72f2024ffd84564530e5973861b908fd8f541)
@@ -1333,7 +1333,7 @@
if (err < 0) {
x->km.state = XFRM_STATE_DEAD;
xfrm_state_put(x);
- return err;
+ goto out;
}
if (hdr->sadb_msg_type == SADB_ADD)
@@ -1343,8 +1343,8 @@
c.seq = hdr->sadb_msg_seq;
c.pid = hdr->sadb_msg_pid;
km_state_notify(x, &c);
+out:
xfrm_state_put(x);
-
return err;
}
Index: net/xfrm/xfrm_user.c
===================================================================
--- 6c0df7e8f613031668cf54aec5735e8b9f76aaa9/net/xfrm/xfrm_user.c (mode:100644 sha1:6c8c6d6924939fe30264caab9f6fca943cf70e3b)
+++ c24f26cfe03081d10a3a3f66d5d3e503395090b4/net/xfrm/xfrm_user.c (mode:100644 sha1:4f37b4f2ea8a238b8ae5f97496b727df7489d5fb)
@@ -287,7 +287,7 @@
if (err < 0) {
x->km.state = XFRM_STATE_DEAD;
xfrm_state_put(x);
- return err;
+ goto out;
}
c.seq = nlh->nlmsg_seq;
@@ -295,8 +295,8 @@
c.event = nlh->nlmsg_type;
km_state_notify(x, &c);
+out:
xfrm_state_put(x);
-
return err;
}
next prev parent reply other threads:[~2005-05-07 14:51 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-05 12:03 PATCH: IPSEC xfrm events jamal
2005-04-05 12:07 ` Herbert Xu
2005-04-05 12:19 ` jamal
2005-04-05 12:24 ` Arnaldo Carvalho de Melo
2005-04-09 10:54 ` [1/4] [IPSEC] Improve xfrm to pfkey SA state conversion Herbert Xu
2005-04-09 11:12 ` [2/4] [IPSEC] Kill spurious hard expire messages Herbert Xu
2005-04-09 11:15 ` [3/4] [IPSEC] Turn km_event.data into a union Herbert Xu
2005-04-10 7:48 ` [4/4] [IPSEC] Set byid for km_event in xfrm_get_policy Herbert Xu
2005-04-10 9:02 ` [5/*] [IPSEC] Use XFRM_MSG_* instead of XFRM_SAP_* Herbert Xu
2005-04-10 9:38 ` [6/*] [IPSEC] Add xfrm_userpolicy_delete for xfrm_user notification Herbert Xu
2005-04-10 14:15 ` [5/*] [IPSEC] Use XFRM_MSG_* instead of XFRM_SAP_* jamal
2005-04-10 21:28 ` Herbert Xu
2005-04-11 5:45 ` Masahide NAKAMURA
2005-04-11 11:26 ` jamal
2005-04-12 8:17 ` Masahide NAKAMURA
2005-04-12 13:37 ` jamal
2005-04-13 5:07 ` Masahide NAKAMURA
2005-04-09 12:30 ` [2/4] [IPSEC] Kill spurious hard expire messages jamal
2005-04-09 19:29 ` Herbert Xu
2005-04-09 20:03 ` Herbert Xu
2005-04-10 14:10 ` jamal
2005-04-10 21:27 ` Herbert Xu
2005-04-11 11:20 ` jamal
2005-04-11 11:30 ` Herbert Xu
2005-04-11 11:57 ` jamal
2005-04-11 12:08 ` Herbert Xu
2005-05-07 7:14 ` [0/7] [IPSEC] IPsec event notification Herbert Xu
2005-05-07 7:18 ` [1/7] [IPSEC] Add complete xfrm " Herbert Xu
2005-05-07 7:18 ` Herbert Xu
2005-05-07 7:19 ` [2/7] [IPSEC] Fix xfrm to pfkey SA state conversion Herbert Xu
2005-05-07 7:20 ` [3/7] [IPSEC] Kill spurious hard expire messages Herbert Xu
2005-05-07 7:21 ` [4/7] [IPSEC] Turn km_event.data into a union Herbert Xu
[not found] ` <20050507072216.GF5753@gondor.apana.org.au>
[not found] ` <20050507072251.GG5753@gondor.apana.org.au>
[not found] ` <20050507072349.GH5753@gondor.apana.org.au>
2005-05-07 12:04 ` [7/7] [IPSEC] Add XFRMA_SA/XFRMA_POLICY for delete notification jamal
2005-05-07 12:25 ` Herbert Xu
2005-05-07 12:46 ` jamal
2005-05-07 19:35 ` Herbert Xu
2005-05-08 13:56 ` jamal
2005-05-08 21:40 ` Herbert Xu
2005-05-09 0:06 ` jamal
2005-05-07 14:51 ` Patrick McHardy [this message]
2005-05-07 19:42 ` [1/7] [IPSEC] Add complete xfrm event notification Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=427CD5F5.9010605@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=hadi@cyberus.ca \
--cc=herbert@gondor.apana.org.au \
--cc=nakam@linux-ipv6.org \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.