From: Sabrina Dubroca <sd@queasysnail.net>
To: Hangbin Liu <liuhangbin@gmail.com>
Cc: netdev@vger.kernel.org, "David S. Miller" <davem@davemloft.net>,
David Ahern <dsahern@kernel.org>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Vasiliy Kovalev <kovalev@altlinux.org>,
Guillaume Nault <gnault@redhat.com>,
Simon Horman <horms@kernel.org>,
David Lebrun <david.lebrun@uclouvain.be>
Subject: Re: [PATCHv3 net 3/3] ipv6: sr: fix invalid unregister error path
Date: Fri, 10 May 2024 10:32:07 +0200 [thread overview]
Message-ID: <Zj3bh-gE7eT6V6aH@hog> (raw)
In-Reply-To: <20240509131812.1662197-4-liuhangbin@gmail.com>
2024-05-09, 21:18:12 +0800, Hangbin Liu wrote:
> The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL
> is not defined. In that case if seg6_hmac_init() fails, the
> genl_unregister_family() isn't called.
>
> This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control
> lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible
> use-after-free and null-ptr-deref") replaced unregister_pernet_subsys()
> with genl_unregister_family() in this error path.
>
> Fixes: 46738b1317e1 ("ipv6: sr: add option to control lwtunnel support")
> Reported-by: Guillaume Nault <gnault@redhat.com>
> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
seg6_hmac_init_algo also returns without cleaning up the previous
allocations if one fails, so it's going to leak all that memory and
the crypto tfms.
--
Sabrina
next prev parent reply other threads:[~2024-05-10 8:32 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-09 13:18 [PATCHv3 net 0/3] ipv6: sr: fix errors during unregister Hangbin Liu
2024-05-09 13:18 ` [PATCHv3 net 1/3] ipv6: sr: add missing seg6_local_exit Hangbin Liu
2024-05-10 8:05 ` Sabrina Dubroca
2024-05-11 1:48 ` David Ahern
2024-05-09 13:18 ` [PATCHv3 net 2/3] ipv6: sr: fix incorrect unregister order Hangbin Liu
2024-05-10 8:08 ` Sabrina Dubroca
2024-05-11 1:49 ` David Ahern
2024-05-09 13:18 ` [PATCHv3 net 3/3] ipv6: sr: fix invalid unregister error path Hangbin Liu
2024-05-10 8:32 ` Sabrina Dubroca [this message]
2024-05-11 1:52 ` David Ahern
2024-05-11 7:42 ` Hangbin Liu
2024-05-11 2:30 ` [PATCHv3 net 0/3] ipv6: sr: fix errors during unregister patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zj3bh-gE7eT6V6aH@hog \
--to=sd@queasysnail.net \
--cc=davem@davemloft.net \
--cc=david.lebrun@uclouvain.be \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=gnault@redhat.com \
--cc=horms@kernel.org \
--cc=kovalev@altlinux.org \
--cc=kuba@kernel.org \
--cc=liuhangbin@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.