[PATCH] net/ipv4: Eliminate kstrdup memory leak

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] net/ipv4: Eliminate kstrdup memory leak
@ 2010-08-27 19:47 Julia Lawall
  2010-08-28  2:32 ` David Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Julia Lawall @ 2010-08-27 19:47 UTC (permalink / raw)
  To: David S. Miller
  Cc: kernel-janitors, Alexey Kuznetsov, Pekka Savola (ipv6),
	James Morris, Hideaki YOSHIFUJI, Patrick McHardy, netdev,
	linux-kernel

The string clone is only used as a temporary copy of the argument val
within the while loop, and so it should be freed before leaving the
function.  The call to strsep, however, modifies clone, so a pointer to the
front of the string is kept in saved_clone, to make it possible to free it.

The sematic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@r exists@
local idexpression x;
expression E;
identifier l;
statement S;
@@

*x= \(kasprintf\|kstrdup\)(...);
...
if (x == NULL) S
... when != kfree(x)
    when != E = x
if (...) {
  <... when != kfree(x)
* goto l;
  ...>
* return ...;
}
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>

---
 net/ipv4/tcp_cong.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/tcp_cong.c b/net/ipv4/tcp_cong.c
index 0ec9bd0..850c737 100644
--- a/net/ipv4/tcp_cong.c
+++ b/net/ipv4/tcp_cong.c
@@ -196,10 +196,10 @@ void tcp_get_allowed_congestion_control(char *buf, size_t maxlen)
 int tcp_set_allowed_congestion_control(char *val)
 {
 	struct tcp_congestion_ops *ca;
-	char *clone, *name;
+	char *saved_clone, *clone, *name;
 	int ret = 0;
 
-	clone = kstrdup(val, GFP_USER);
+	saved_clone = clone = kstrdup(val, GFP_USER);
 	if (!clone)
 		return -ENOMEM;
 
@@ -226,6 +226,7 @@ int tcp_set_allowed_congestion_control(char *val)
 	}
 out:
 	spin_unlock(&tcp_cong_list_lock);
+	kfree(saved_clone);
 
 	return ret;
 }


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] net/ipv4: Eliminate kstrdup memory leak
  2010-08-27 19:47 [PATCH] net/ipv4: Eliminate kstrdup memory leak Julia Lawall
@ 2010-08-28  2:32 ` David Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2010-08-28  2:32 UTC (permalink / raw)
  To: julia
  Cc: kernel-janitors, kuznet, pekkas, jmorris, yoshfuji, kaber, netdev,
	linux-kernel

From: Julia Lawall <julia@diku.dk>
Date: Fri, 27 Aug 2010 21:47:43 +0200

> The string clone is only used as a temporary copy of the argument val
> within the while loop, and so it should be freed before leaving the
> function.  The call to strsep, however, modifies clone, so a pointer to the
> front of the string is kept in saved_clone, to make it possible to free it.
> 
> The sematic match that finds this problem is as follows:
> (http://coccinelle.lip6.fr/)
 ...
> Signed-off-by: Julia Lawall <julia@diku.dk>

Applied, thanks!

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2010-08-28  2:31 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-27 19:47 [PATCH] net/ipv4: Eliminate kstrdup memory leak Julia Lawall
2010-08-28  2:32 ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).