From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Jianwen Ji <jiji@redhat.com>,
Hannes Frederic Sowa <hannes@stressinduktion.org>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 3.18 145/145] dccp: fix memory leak during tear-down of unsuccessful connection request
Date: Sun, 16 Apr 2017 12:50:38 +0200 [thread overview]
Message-ID: <20170416080208.199573252@linuxfoundation.org> (raw)
In-Reply-To: <20170416080200.205458595@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hannes Frederic Sowa <hannes@stressinduktion.org>
commit 72ef9c4125c7b257e3a714d62d778ab46583d6a3 upstream.
This patch fixes a memory leak, which happens if the connection request
is not fulfilled between parsing the DCCP options and handling the SYN
(because e.g. the backlog is full), because we forgot to free the
list of ack vectors.
Reported-by: Jianwen Ji <jiji@redhat.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/dccp/ccids/ccid2.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/dccp/ccids/ccid2.c
+++ b/net/dccp/ccids/ccid2.c
@@ -749,6 +749,7 @@ static void ccid2_hc_tx_exit(struct sock
for (i = 0; i < hc->tx_seqbufc; i++)
kfree(hc->tx_seqbuf[i]);
hc->tx_seqbufc = 0;
+ dccp_ackvec_parsed_cleanup(&hc->tx_av_chunks);
}
static void ccid2_hc_rx_packet_recv(struct sock *sk, struct sk_buff *skb)
next prev parent reply other threads:[~2017-04-16 10:50 UTC|newest]
Thread overview: 145+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-16 10:48 [PATCH 3.18 000/145] 3.18.49-stable review Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 001/145] Revert "af_unix: Fix splice-bind deadlock" Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 002/145] can: Fix kernel panic at security_sock_rcv_skb Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 003/145] ipv6: fix ip6_tnl_parse_tlv_enc_lim() Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 004/145] ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim() Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 005/145] tcp: fix 0 divide in __tcp_select_window() Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 006/145] net: use a work queue to defer net_disable_timestamp() work Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 007/145] ipv4: keep skb->dst around in presence of IP options Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 008/145] netlabel: out of bound access in cipso_v4_validate() Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 009/145] mlx4: Invoke softirqs after napi_reschedule Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 010/145] sctp: avoid BUG_ON on sctp_wait_for_sndbuf Greg Kroah-Hartman
2017-04-17 20:00 ` Marcelo Ricardo Leitner
2017-04-18 4:56 ` Greg Kroah-Hartman
2017-04-19 13:11 ` Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 011/145] sit: fix a double free on error path Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 012/145] ping: fix a null pointer dereference Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 013/145] l2tp: do not use udp_ioctl() Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 014/145] ip6_gre: fix ip6gre_err() invalid reads Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 015/145] [PATCH 084/760] ipv6: tcp: restore IP6CB for pktoptions skbs Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 016/145] ipv6: tcp: add a missing tcp_v6_restore_cb() Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 017/145] tcp: avoid infinite loop in tcp_splice_read() Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 019/145] usb: chipidea: move the lock initialization to core file Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 020/145] tcp: fix overflow in __tcp_retransmit_skb() Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 023/145] ALSA: usb-audio: Add quirk for Syntek STK1160 Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 024/145] Fix potential infoleak in older kernels Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 026/145] ARM: 8584/1: floppy: avoid gcc-6 warning Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 027/145] drm/exynos: fix error handling in exynos_drm_subdrv_open Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 028/145] smc91x: avoid self-comparison warning Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 029/145] UBI: fastmap: scrub PEB when bitflips are detected in a free PEB EC header Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 030/145] pwm: Unexport children before chip removal Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 031/145] HID: usbhid: add ATEN CS962 to list of quirky devices Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 032/145] selinux: fix off-by-one in setprocattr Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 033/145] fbdev: color map copying bounds checking Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 034/145] [PATCH 073/760] tcp: fix wrong checksum calculation on MTU probing Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 035/145] [PATCH 074/760] tcp: fix a compile error in DBGUNDO() Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 036/145] [PATCH 075/760] ip6_gre: fix flowi6_proto value in ip6gre_xmit_other() Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 037/145] [PATCH 076/760] ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 038/145] [PATCH 081/760] net: Add netdev all_adj_list refcnt propagation to fix panic Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 039/145] [PATCH 082/760] packet: call fanout_release, while UNREGISTERING a netdev Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 040/145] [PATCH 086/760] ipv6: correctly add local routes when lo goes up Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 041/145] [PATCH 087/760] net: pktgen: remove rcu locking in pktgen_change_name() Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 042/145] [PATCH 091/760] ipv4: disable BH in set_ping_group_range() Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 043/145] [PATCH 093/760] net: sctp, forbid negative length Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 044/145] [PATCH 096/760] sctp: validate chunk len before actually using it Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 045/145] [PATCH 097/760] packet: on direct_xmit, limit tso and csum to supported devices Greg Kroah-Hartman
2017-04-16 10:48 ` [PATCH 3.18 046/145] [PATCH 083/760] netlink: do not enter direct reclaim from netlink_dump() Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 047/145] ASoC: cs4270: fix DAPM stream name mismatch Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 049/145] swapfile: fix memory corruption via malformed swapfile Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 050/145] coredump: fix unfreezable coredumping task Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 051/145] staging: iio: ad5933: avoid uninitialized variable in error case Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 052/145] drivers: staging: nvec: remove bogus reset command for PS/2 interface Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 053/145] Revert "staging: nvec: ps2: change serio type to passthrough" Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 054/145] USB: cdc-acm: fix TIOCMIWAIT Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 056/145] drbd: Fix kernel_sendmsg() usage - potential NULL deref Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 057/145] net/llc: avoid BUG_ON() in skb_orphan() Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 058/145] dccp: fix freeing skb too early for IPV6_RECVPKTINFO Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 059/145] net: socket: fix recvmmsg not returning error from sock_error Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 060/145] lib/vsprintf.c: improve sanity check in vsnprintf() Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 061/145] TTY: n_hdlc, fix lockdep false positive Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 062/145] tty: n_hdlc: get rid of racy n_hdlc.tbuf Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 063/145] cancel the setfilesize transation when io error happen Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 064/145] raid10: increment write counter after bio is split Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 065/145] xfrm: policy: init locks early Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 066/145] xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 067/145] xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 068/145] staging: android: ashmem: lseek failed due to no FMODE_LSEEK Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 069/145] serial: 8250_pci: Add MKS Tenta SCOM-0800 and SCOM-0801 cards Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 070/145] KVM: s390: Disable dirty log retrieval for UCONTROL guests Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 071/145] Bluetooth: Add another AR3012 04ca:3018 device Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 072/145] IB/ipoib: Fix deadlock between rmmod and set_mode Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 073/145] USB: serial: digi_acceleport: fix OOB data sanity check Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 074/145] USB: serial: digi_acceleport: fix OOB-event processing Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 075/145] nlm: Ensure callback code also checks that the files match Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 076/145] xtensa: move parse_tag_fdt out of #ifdef CONFIG_BLK_DEV_INITRD Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 077/145] mac80211: flush delayed work when entering suspend Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 078/145] libceph: use BUG() instead of BUG_ON(1) Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 079/145] fat: fix using uninitialized fields of fat_inode/fsinfo_inode Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 080/145] ktest: Fix child exit code processing Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 081/145] crypto: improve gcc optimization flags for serpent and wp512 Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 082/145] mtd: pmcmsp: use kstrndup instead of kmalloc+strncpy Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 083/145] usb: gadget: dummy_hcd: clear usb_gadget region before registration Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 084/145] usb: dwc3: gadget: make Set Endpoint Configuration macros safe Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 085/145] usb: gadget: function: f_fs: pass companion descriptor along Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 086/145] usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci controllers Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 087/145] USB: serial: safe_serial: fix information leak in completion handler Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 088/145] USB: serial: omninet: fix reference leaks at open Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 089/145] USB: iowarrior: fix NULL-deref at probe Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 090/145] USB: iowarrior: fix NULL-deref in write Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 091/145] USB: serial: io_ti: fix NULL-deref in interrupt callback Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 092/145] USB: serial: io_ti: fix information leak in completion handler Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 093/145] mvsas: fix misleading indentation Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 094/145] dm: flush queued bios when process blocks to avoid deadlock Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 095/145] padata: avoid race in reordering Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 096/145] samples: move mic/mpssd example code from Documentation Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 097/145] drm/ast: Fix test for VGA enabled Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 098/145] drm/ast: Call open_key before enable_mmio in POST code Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 099/145] drm/ast: Fix AST2400 POST failure without BMC FW or VBIOS Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 101/145] cpmac: remove hopeless #warning Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 102/145] tracing: Add #undef to fix compile error Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 103/145] netlink: remove mmapped netlink support Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 104/145] vxlan: correctly validate VXLAN ID against VXLAN_N_VID Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 105/145] vti6: return GRE_KEY for vti6 Greg Kroah-Hartman
2017-04-16 10:49 ` [PATCH 3.18 106/145] ipv4: mask tos for input route Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 108/145] net: dont call strlen() on the user buffer in packet_bind_spkt() Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 109/145] dccp: Unlock sock before calling sk_free() Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 110/145] net/packet: fix overflow in check for priv area size Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 111/145] usb: hub: Wait for connection to be reestablished after port reset Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 112/145] net/mlx4_en: Fix bad WQE issue Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 113/145] net/mlx4_core: Fix racy CQ (Completion Queue) free Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 114/145] net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 115/145] futex: Fix potential use-after-free in FUTEX_REQUEUE_PI Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 116/145] futex: Add missing error handling to FUTEX_REQUEUE_PI Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 117/145] crypto: cryptd - Assign statesize properly Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 118/145] crypto: mcryptd - Fix load failure Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 119/145] crypto: algif_hash - avoid zero-sized array Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 120/145] crypto: ghash-clmulni - Fix load failure Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 121/145] s390/qdio: clear DSCI prior to scanning multiple input queues Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 122/145] s390: TASK_SIZE for kernel threads Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 123/145] s390: make setup_randomness work Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 124/145] s390: use correct input data address for setup_randomness Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 125/145] KVM: s390: Fix guest migration for huge guests resulting in panic Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 127/145] usb: gadget: f_uvc: Fix SuperSpeed companion descriptors wBytesPerInterval Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 128/145] usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 129/145] USB: uss720: fix NULL-deref at probe Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 130/145] USB: lvtest: " Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 131/145] USB: idmouse: " Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 132/145] USB: wusbcore: " Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 133/145] usb: hub: Fix crash after failure to read BOS descriptor Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 134/145] USB: fix linked-list corruption in rh_call_control() Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 135/145] MIPS: ip27: Disable qlge driver in defconfig Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 136/145] MIPS: ip22: Fix ip28 build for modern gcc Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 137/145] MIPS: DEC: Avoid la pseudo-instruction in delay slots Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 138/145] powerpc: Emulation support for load/store instructions on LE Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 139/145] libceph: dont set weight to IN when OSD is destroyed Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 140/145] tcp: fix various issues for sockets morphing to listen state Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 141/145] net: fix socket refcounting in skb_complete_wifi_ack() Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 142/145] net: fix socket refcounting in skb_complete_tx_timestamp() Greg Kroah-Hartman
2017-04-16 10:50 ` [PATCH 3.18 143/145] uapi: fix linux/packet_diag.h userspace compilation error Greg Kroah-Hartman
2017-04-16 10:50 ` Greg Kroah-Hartman [this message]
2017-04-16 23:30 ` [PATCH 3.18 000/145] 3.18.49-stable review Guenter Roeck
2017-04-17 6:56 ` Greg Kroah-Hartman
2017-04-17 8:07 ` Amit Pundir
2017-04-17 8:26 ` Greg Kroah-Hartman
2017-04-17 18:18 ` Shuah Khan
2017-04-18 4:57 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170416080208.199573252@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=hannes@stressinduktion.org \
--cc=jiji@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).