From: Patrick McHardy <kaber@trash.net>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>,
Masahide NAKAMURA <nakam@linux-ipv6.org>, jamal <hadi@cyberus.ca>,
netdev <netdev@oss.sgi.com>
Subject: Re: [1/7] [IPSEC] Add complete xfrm event notification
Date: Sat, 07 May 2005 16:51:33 +0200 [thread overview]
Message-ID: <427CD5F5.9010605@trash.net> (raw)
In-Reply-To: <20050507071824.GA5753@gondor.apana.org.au>
[-- Attachment #1: Type: text/plain, Size: 522 bytes --]
Herbert Xu wrote:
> @@ -1254,6 +1326,7 @@ static int pfkey_add(struct sock *sk, st
> if (IS_ERR(x))
> return PTR_ERR(x);
>
> + xfrm_state_hold(x);
This introduces a leak when xfrm_state_add()/xfrm_state_update()
fail. We hold two references (one from xfrm_state_alloc(), one
from xfrm_state_hold()), but only drop one. We need to take the
reference because the reference from xfrm_state_alloc() can
be dropped by __xfrm_state_delete(), so the fix is to drop both
references on error. Same problem in xfrm_user.c.
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1647 bytes --]
[XFRM]: Fix xfrm_state leaks in error path
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit a4222e4b4f4fe6a28204e7960972ef833ac0c4ce
tree c24f26cfe03081d10a3a3f66d5d3e503395090b4
parent 16efae13731912e8cd028a85257fb33726318770
author Patrick McHardy <kaber@trash.net> 1115477180 +0200
committer Patrick McHardy <kaber@trash.net> 1115477180 +0200
Index: net/key/af_key.c
===================================================================
--- 6c0df7e8f613031668cf54aec5735e8b9f76aaa9/net/key/af_key.c (mode:100644 sha1:577f0bb5bb31816bb1ecf94848ae2758d9c2cbcf)
+++ c24f26cfe03081d10a3a3f66d5d3e503395090b4/net/key/af_key.c (mode:100644 sha1:98b72f2024ffd84564530e5973861b908fd8f541)
@@ -1333,7 +1333,7 @@
if (err < 0) {
x->km.state = XFRM_STATE_DEAD;
xfrm_state_put(x);
- return err;
+ goto out;
}
if (hdr->sadb_msg_type == SADB_ADD)
@@ -1343,8 +1343,8 @@
c.seq = hdr->sadb_msg_seq;
c.pid = hdr->sadb_msg_pid;
km_state_notify(x, &c);
+out:
xfrm_state_put(x);
-
return err;
}
Index: net/xfrm/xfrm_user.c
===================================================================
--- 6c0df7e8f613031668cf54aec5735e8b9f76aaa9/net/xfrm/xfrm_user.c (mode:100644 sha1:6c8c6d6924939fe30264caab9f6fca943cf70e3b)
+++ c24f26cfe03081d10a3a3f66d5d3e503395090b4/net/xfrm/xfrm_user.c (mode:100644 sha1:4f37b4f2ea8a238b8ae5f97496b727df7489d5fb)
@@ -287,7 +287,7 @@
if (err < 0) {
x->km.state = XFRM_STATE_DEAD;
xfrm_state_put(x);
- return err;
+ goto out;
}
c.seq = nlh->nlmsg_seq;
@@ -295,8 +295,8 @@
c.event = nlh->nlmsg_type;
km_state_notify(x, &c);
+out:
xfrm_state_put(x);
-
return err;
}
next prev parent reply other threads:[~2005-05-07 14:51 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-05 12:03 PATCH: IPSEC xfrm events jamal
2005-04-05 12:07 ` Herbert Xu
2005-04-05 12:19 ` jamal
2005-04-05 12:24 ` Arnaldo Carvalho de Melo
2005-04-09 10:54 ` [1/4] [IPSEC] Improve xfrm to pfkey SA state conversion Herbert Xu
2005-04-09 11:12 ` [2/4] [IPSEC] Kill spurious hard expire messages Herbert Xu
2005-04-09 11:15 ` [3/4] [IPSEC] Turn km_event.data into a union Herbert Xu
2005-04-10 7:48 ` [4/4] [IPSEC] Set byid for km_event in xfrm_get_policy Herbert Xu
2005-04-10 9:02 ` [5/*] [IPSEC] Use XFRM_MSG_* instead of XFRM_SAP_* Herbert Xu
2005-04-10 9:38 ` [6/*] [IPSEC] Add xfrm_userpolicy_delete for xfrm_user notification Herbert Xu
2005-04-10 14:15 ` [5/*] [IPSEC] Use XFRM_MSG_* instead of XFRM_SAP_* jamal
2005-04-10 21:28 ` Herbert Xu
2005-04-11 5:45 ` Masahide NAKAMURA
2005-04-11 11:26 ` jamal
2005-04-12 8:17 ` Masahide NAKAMURA
2005-04-12 13:37 ` jamal
2005-04-13 5:07 ` Masahide NAKAMURA
2005-04-09 12:30 ` [2/4] [IPSEC] Kill spurious hard expire messages jamal
2005-04-09 19:29 ` Herbert Xu
2005-04-09 20:03 ` Herbert Xu
2005-04-10 14:10 ` jamal
2005-04-10 21:27 ` Herbert Xu
2005-04-11 11:20 ` jamal
2005-04-11 11:30 ` Herbert Xu
2005-04-11 11:57 ` jamal
2005-04-11 12:08 ` Herbert Xu
2005-05-07 7:14 ` [0/7] [IPSEC] IPsec event notification Herbert Xu
2005-05-07 7:18 ` [1/7] [IPSEC] Add complete xfrm " Herbert Xu
2005-05-07 7:18 ` Herbert Xu
2005-05-07 7:19 ` [2/7] [IPSEC] Fix xfrm to pfkey SA state conversion Herbert Xu
2005-05-07 7:20 ` [3/7] [IPSEC] Kill spurious hard expire messages Herbert Xu
2005-05-07 7:21 ` [4/7] [IPSEC] Turn km_event.data into a union Herbert Xu
[not found] ` <20050507072216.GF5753@gondor.apana.org.au>
[not found] ` <20050507072251.GG5753@gondor.apana.org.au>
[not found] ` <20050507072349.GH5753@gondor.apana.org.au>
2005-05-07 12:04 ` [7/7] [IPSEC] Add XFRMA_SA/XFRMA_POLICY for delete notification jamal
2005-05-07 12:25 ` Herbert Xu
2005-05-07 12:46 ` jamal
2005-05-07 19:35 ` Herbert Xu
2005-05-08 13:56 ` jamal
2005-05-08 21:40 ` Herbert Xu
2005-05-09 0:06 ` jamal
2005-05-07 14:51 ` Patrick McHardy [this message]
2005-05-07 19:42 ` [1/7] [IPSEC] Add complete xfrm event notification Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=427CD5F5.9010605@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=hadi@cyberus.ca \
--cc=herbert@gondor.apana.org.au \
--cc=nakam@linux-ipv6.org \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).