From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Nanyong Sun <sunnanyong@huawei.com>,
Hulk Robot <hulkci@huawei.com>, Paul Moore <paul@paul-moore.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 027/109] net: ipv4: fix memory leak in netlbl_cipsov4_add_std
Date: Mon, 28 Jun 2021 10:31:43 -0400 [thread overview]
Message-ID: <20210628143305.32978-28-sashal@kernel.org> (raw)
In-Reply-To: <20210628143305.32978-1-sashal@kernel.org>
From: Nanyong Sun <sunnanyong@huawei.com>
[ Upstream commit d612c3f3fae221e7ea736d196581c2217304bbbc ]
Reported by syzkaller:
BUG: memory leak
unreferenced object 0xffff888105df7000 (size 64):
comm "syz-executor842", pid 360, jiffies 4294824824 (age 22.546s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000e67ed558>] kmalloc include/linux/slab.h:590 [inline]
[<00000000e67ed558>] kzalloc include/linux/slab.h:720 [inline]
[<00000000e67ed558>] netlbl_cipsov4_add_std net/netlabel/netlabel_cipso_v4.c:145 [inline]
[<00000000e67ed558>] netlbl_cipsov4_add+0x390/0x2340 net/netlabel/netlabel_cipso_v4.c:416
[<0000000006040154>] genl_family_rcv_msg_doit.isra.0+0x20e/0x320 net/netlink/genetlink.c:739
[<00000000204d7a1c>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
[<00000000204d7a1c>] genl_rcv_msg+0x2bf/0x4f0 net/netlink/genetlink.c:800
[<00000000c0d6a995>] netlink_rcv_skb+0x134/0x3d0 net/netlink/af_netlink.c:2504
[<00000000d78b9d2c>] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
[<000000009733081b>] netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
[<000000009733081b>] netlink_unicast+0x4a0/0x6a0 net/netlink/af_netlink.c:1340
[<00000000d5fd43b8>] netlink_sendmsg+0x789/0xc70 net/netlink/af_netlink.c:1929
[<000000000a2d1e40>] sock_sendmsg_nosec net/socket.c:654 [inline]
[<000000000a2d1e40>] sock_sendmsg+0x139/0x170 net/socket.c:674
[<00000000321d1969>] ____sys_sendmsg+0x658/0x7d0 net/socket.c:2350
[<00000000964e16bc>] ___sys_sendmsg+0xf8/0x170 net/socket.c:2404
[<000000001615e288>] __sys_sendmsg+0xd3/0x190 net/socket.c:2433
[<000000004ee8b6a5>] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:47
[<00000000171c7cee>] entry_SYSCALL_64_after_hwframe+0x44/0xae
The memory of doi_def->map.std pointing is allocated in
netlbl_cipsov4_add_std, but no place has freed it. It should be
freed in cipso_v4_doi_free which frees the cipso DOI resource.
Fixes: 96cb8e3313c7a ("[NetLabel]: CIPSOv4 and Unlabeled packet integration")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Nanyong Sun <sunnanyong@huawei.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/cipso_ipv4.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index 6a1b52b34e20..e8b8dd1cb157 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -486,6 +486,7 @@ void cipso_v4_doi_free(struct cipso_v4_doi *doi_def)
kfree(doi_def->map.std->lvl.local);
kfree(doi_def->map.std->cat.cipso);
kfree(doi_def->map.std->cat.local);
+ kfree(doi_def->map.std);
break;
}
kfree(doi_def);
--
2.30.2
next prev parent reply other threads:[~2021-06-28 14:45 UTC|newest]
Thread overview: 115+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-28 14:31 [PATCH 4.19 000/109] 4.19.196-rc1 review Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 001/109] net: ieee802154: fix null deref in parse dev addr Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 002/109] HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 003/109] HID: hid-sensor-hub: Return error for hid_set_field() failure Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 004/109] HID: Add BUS_VIRTUAL to hid_connect logging Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 005/109] HID: usbhid: fix info leak in hid_submit_ctrl Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 006/109] ARM: OMAP2+: Fix build warning when mmc_omap is not built Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 007/109] gfs2: Prevent direct-I/O write fallback errors from getting lost Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 008/109] HID: gt683r: add missing MODULE_DEVICE_TABLE Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 009/109] gfs2: Fix use-after-free in gfs2_glock_shrink_scan Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 010/109] scsi: target: core: Fix warning on realtime kernels Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 011/109] ethernet: myri10ge: Fix missing error code in myri10ge_probe() Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 012/109] scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 013/109] nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues() Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 014/109] nvme-loop: clear NVME_LOOP_Q_LIVE when nvme_loop_configure_admin_queue() fails Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 015/109] nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue() Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 016/109] net: ipconfig: Don't override command-line hostnames or domains Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 017/109] rtnetlink: Fix missing error code in rtnl_bridge_notify() Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 018/109] net/x25: Return the correct errno code Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 019/109] net: " Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 020/109] fib: " Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 021/109] dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 022/109] dmaengine: QCOM_HIDMA_MGMT " Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 023/109] dmaengine: stedma40: add missing iounmap() on error in d40_probe() Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 024/109] afs: Fix an IS_ERR() vs NULL check Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 025/109] mm/memory-failure: make sure wait for page writeback in memory_failure Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 026/109] batman-adv: Avoid WARN_ON timing related checks Sasha Levin
2021-06-28 14:31 ` Sasha Levin [this message]
2021-06-28 14:31 ` [PATCH 4.19 028/109] net: rds: fix memory leak in rds_recvmsg Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 029/109] udp: fix race between close() and udp_abort() Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 030/109] rtnetlink: Fix regression in bridge VLAN configuration Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 031/109] net/mlx5e: Remove dependency in IPsec initialization flows Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 032/109] net/mlx5e: Block offload of outer header csum for UDP tunnels Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 033/109] netfilter: synproxy: Fix out of bounds when parsing TCP options Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 034/109] sch_cake: Fix out of bounds when parsing TCP options and header Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 035/109] alx: Fix an error handling path in 'alx_probe()' Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 036/109] net: stmmac: dwmac1000: Fix extended MAC address registers definition Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 037/109] net: add documentation to socket.c Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 038/109] net: make get_net_ns return error if NET_NS is disabled Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 039/109] qlcnic: Fix an error handling path in 'qlcnic_probe()' Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 040/109] netxen_nic: Fix an error handling path in 'netxen_nic_probe()' Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 041/109] net: qrtr: fix OOB Read in qrtr_endpoint_post Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 042/109] ptp: ptp_clock: Publish scaled_ppm_to_ppb Sasha Levin
2021-06-28 14:31 ` [PATCH 4.19 043/109] ptp: improve max_adj check against unreasonable values Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 044/109] net: cdc_ncm: switch to eth%d interface naming Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 045/109] net: usb: fix possible use-after-free in smsc75xx_bind Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 046/109] net: fec_ptp: fix issue caused by refactor the fec_devtype Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 047/109] net: ipv4: fix memory leak in ip_mc_add1_src Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 048/109] net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 049/109] be2net: Fix an error handling path in 'be_probe()' Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 050/109] net: hamradio: fix memory leak in mkiss_close Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 051/109] net: cdc_eem: fix tx fixup skb leak Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 052/109] icmp: don't send out ICMP messages with a source address of 0.0.0.0 Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 053/109] net: ethernet: fix potential use-after-free in ec_bhf_remove Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 054/109] ASoC: rt5659: Fix the lost powers for the HDA header Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 055/109] pinctrl: ralink: rt2880: avoid to error in calls is pin is already enabled Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 056/109] radeon: use memcpy_to/fromio for UVD fw upload Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 057/109] hwmon: (scpi-hwmon) shows the negative temperature properly Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 058/109] can: bcm: fix infoleak in struct bcm_msg_head Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 059/109] can: mcba_usb: fix memory leak in mcba_usb Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 060/109] usb: core: hub: Disable autosuspend for Cypress CY7C65632 Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 061/109] tracing: Do not stop recording cmdlines when tracing is off Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 062/109] tracing: Do not stop recording comms if the trace file is being read Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 063/109] tracing: Do no increment trace_clock_global() by one Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 064/109] PCI: Mark TI C667X to avoid bus reset Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 065/109] PCI: Mark some NVIDIA GPUs " Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 066/109] PCI: Add ACS quirk for Broadcom BCM57414 NIC Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 067/109] PCI: Work around Huawei Intelligent NIC VF FLR erratum Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 068/109] ARCv2: save ABI registers across signal handling Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 069/109] dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 070/109] cfg80211: make certificate generation more robust Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 071/109] net: bridge: fix vlan tunnel dst null pointer dereference Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 072/109] net: bridge: fix vlan tunnel dst refcnt when egressing Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 073/109] mm/slub: clarify verification reporting Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 074/109] mm/slub.c: include swab.h Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 075/109] net: fec_ptp: add clock rate zero check Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 076/109] tools headers UAPI: Sync linux/in.h copy with the kernel sources Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 077/109] KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 078/109] can: bcm/raw/isotp: use per module netdevice notifier Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 079/109] inet: use bigger hash table for IP ID generation Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 080/109] usb: dwc3: debugfs: Add and remove endpoint dirs dynamically Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 081/109] usb: dwc3: core: fix kernel panic when do reboot Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 082/109] x86/fpu: Reset state for all signal restore failures Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 083/109] module: limit enabling module.sig_enforce Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 084/109] drm/nouveau: wait for moving fence after pinning v2 Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 085/109] drm/radeon: wait for moving fence after pinning Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 086/109] ARM: 9081/1: fix gcc-10 thumb2-kernel regression Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 087/109] Makefile: Move -Wno-unused-but-set-variable out of GCC only block Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 088/109] MIPS: generic: Update node names to avoid unit addresses Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 089/109] Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 090/109] mac80211: remove warning in ieee80211_get_sband() Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 091/109] cfg80211: call cfg80211_leave_ocb when switching away from OCB Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 092/109] mac80211: drop multicast fragments Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 093/109] net: ethtool: clear heap allocations for ethtool function Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 094/109] ping: Check return value of function 'ping_queue_rcv_skb' Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 095/109] inet: annotate date races around sk->sk_txhash Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 096/109] net: caif: fix memory leak in ldisc_open Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 097/109] net/packet: annotate accesses to po->bind Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 098/109] net/packet: annotate accesses to po->ifindex Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 099/109] r8152: Avoid memcpy() over-reading of ETH_SS_STATS Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 100/109] sh_eth: " Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 101/109] r8169: " Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 102/109] KVM: selftests: Fix kvm_check_cap() assertion Sasha Levin
2021-06-28 14:32 ` [PATCH 4.19 103/109] net: qed: Fix memcpy() overflow of qed_dcbx_params() Sasha Levin
2021-06-28 14:33 ` [PATCH 4.19 104/109] PCI: Add AMD RS690 quirk to enable 64-bit DMA Sasha Levin
2021-06-28 14:33 ` [PATCH 4.19 105/109] net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY Sasha Levin
2021-06-28 14:33 ` [PATCH 4.19 106/109] pinctrl: stm32: fix the reported number of GPIO lines per bank Sasha Levin
2021-06-28 14:33 ` [PATCH 4.19 107/109] nilfs2: fix memory leak in nilfs_sysfs_delete_device_group Sasha Levin
2021-06-28 14:33 ` [PATCH 4.19 108/109] i2c: robotfuzz-osif: fix control-request directions Sasha Levin
2021-06-28 14:33 ` [PATCH 4.19 109/109] Linux 4.19.196-rc1 Sasha Levin
2021-06-29 10:08 ` [PATCH 4.19 000/109] 4.19.196-rc1 review Naresh Kamboju
2021-06-29 12:11 ` Sudip Mukherjee
2021-06-29 18:19 ` Guenter Roeck
2021-06-30 1:00 ` Samuel Zou
2021-07-01 10:21 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210628143305.32978-28-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=hulkci@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=stable@vger.kernel.org \
--cc=sunnanyong@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox