[PATCH 2.6] Fix IPv6 esp mem leak in esp6

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 2.6] Fix IPv6 esp mem leak in esp6_input
@ 2003-08-02 11:50 Daniel Ritz
  2003-08-03  5:56 ` David S. Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Daniel Ritz @ 2003-08-02 11:50 UTC (permalink / raw)
  To: David S. Miller; +Cc: linux-net, linux-netdev

fixes a mem leak in esp6_input() in the error paths. and return -ENOMEM,
not -EINVAL when out of memory. against 2.6.0-test2-bk

--- 1.19/net/ipv6/esp6.c	Mon Jul 21 02:46:12 2003
+++ edited/net/ipv6/esp6.c	Sat Aug  2 13:02:11 2003
@@ -200,18 +200,24 @@
 
 	int hdr_len = skb->h.raw - skb->nh.raw;
 	int nfrags;
-	u8 ret_nexthdr = 0;
 	unsigned char *tmp_hdr = NULL;
+	int ret = 0;
 
-	if (!pskb_may_pull(skb, sizeof(struct ipv6_esp_hdr)))
-		goto out;
+	if (!pskb_may_pull(skb, sizeof(struct ipv6_esp_hdr))) {
+		ret = -EINVAL;
+		goto out_nofree;
+	}
 
-	if (elen <= 0 || (elen & (blksize-1)))
-		goto out;
+	if (elen <= 0 || (elen & (blksize-1))) {
+		ret = -EINVAL;
+		goto out_nofree;
+	}
 
 	tmp_hdr = kmalloc(hdr_len, GFP_ATOMIC);
-	if (!tmp_hdr)
-		goto out;
+	if (!tmp_hdr) {
+		ret = -ENOMEM;
+		goto out_nofree;
+	}
 	memcpy(tmp_hdr, skb->nh.raw, hdr_len);
 
 	/* If integrity check is required, do this. */
@@ -226,12 +232,15 @@
 
 		if (unlikely(memcmp(sum, sum1, alen))) {
 			x->stats.integrity_failed++;
+			ret = -EINVAL;
 			goto out;
 		}
 	}
 
-	if ((nfrags = skb_cow_data(skb, 0, &trailer)) < 0)
+	if ((nfrags = skb_cow_data(skb, 0, &trailer)) < 0) {
+		ret = -EINVAL;
 		goto out;
+	}
 
 	skb->ip_summed = CHECKSUM_NONE;
 
@@ -251,8 +260,10 @@
 
 		if (unlikely(nfrags > MAX_SG_ONSTACK)) {
 			sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
-			if (!sg)
+			if (!sg) {
+				ret = -ENOMEM;
 				goto out;
+			}
 		}
 		skb_to_sgvec(skb, sg, sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen, elen);
 		crypto_cipher_decrypt(esp->conf.tfm, sg, sg, elen);
@@ -267,6 +278,7 @@
 			if (net_ratelimit()) {
 				printk(KERN_WARNING "ipsec esp packet is garbage padlen=%d, elen=%d\n", padlen+2, elen);
 			}
+			ret = -EINVAL;
 			goto out;
 		}
 		/* ... check padding bits here. Silly. :-) */ 
@@ -277,13 +289,13 @@
 		memcpy(skb->nh.raw, tmp_hdr, hdr_len);
 		skb->nh.ipv6h->payload_len = htons(skb->len - sizeof(struct ipv6hdr));
 		ip6_find_1stfragopt(skb, &prevhdr);
-		ret_nexthdr = *prevhdr = nexthdr[1];
+		ret = *prevhdr = nexthdr[1];
 	}
-	kfree(tmp_hdr);
-	return ret_nexthdr;
 
 out:
-	return -EINVAL;
+	kfree(tmp_hdr);
+out_nofree:
+	return ret;
 }
 
 static u32 esp6_get_max_size(struct xfrm_state *x, int mtu)

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH 2.6] Fix IPv6 esp mem leak in esp6_input
  2003-08-02 11:50 [PATCH 2.6] Fix IPv6 esp mem leak in esp6_input Daniel Ritz
@ 2003-08-03  5:56 ` David S. Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David S. Miller @ 2003-08-03  5:56 UTC (permalink / raw)
  To: Daniel Ritz; +Cc: linux-net, netdev

On Sat, 2 Aug 2003 13:50:23 +0200
Daniel Ritz <daniel.ritz@gmx.ch> wrote:

> fixes a mem leak in esp6_input() in the error paths. and return -ENOMEM,
> not -EINVAL when out of memory. against 2.6.0-test2-bk

Patch applied, thanks Daniel.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2003-08-03  5:56 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-08-02 11:50 [PATCH 2.6] Fix IPv6 esp mem leak in esp6_input Daniel Ritz
2003-08-03  5:56 ` David S. Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).