| Message ID | 20191122221759.32271-1-navid.emamdoost@gmail.com |
|---|---|
| State | Accepted |
| Delegated to: | David Miller |
| Headers | show |
| Series | sctp: Fix memory leak in sctp_sf_do_5_2_4_dupcook | expand |
On Fri, Nov 22, 2019 at 04:17:56PM -0600, Navid Emamdoost wrote: > In the implementation of sctp_sf_do_5_2_4_dupcook() the allocated > new_asoc is leaked if security_sctp_assoc_request() fails. Release it > via sctp_association_free(). > > Fixes: 2277c7cd75e3 ("sctp: Add LSM hooks") > Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
On Fri, 22 Nov 2019 16:17:56 -0600, Navid Emamdoost wrote: > In the implementation of sctp_sf_do_5_2_4_dupcook() the allocated > new_asoc is leaked if security_sctp_assoc_request() fails. Release it > via sctp_association_free(). > > Fixes: 2277c7cd75e3 ("sctp: Add LSM hooks") > Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> Applied, queued for stable, thanks!
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c index 0c21c52fc408..4ab8208a2dd4 100644 --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c @@ -2160,8 +2160,10 @@ enum sctp_disposition sctp_sf_do_5_2_4_dupcook( /* Update socket peer label if first association. */ if (security_sctp_assoc_request((struct sctp_endpoint *)ep, - chunk->skb)) + chunk->skb)) { + sctp_association_free(new_asoc); return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); + } /* Set temp so that it won't be added into hashtable */ new_asoc->temp = 1;
In the implementation of sctp_sf_do_5_2_4_dupcook() the allocated new_asoc is leaked if security_sctp_assoc_request() fails. Release it via sctp_association_free(). Fixes: 2277c7cd75e3 ("sctp: Add LSM hooks") Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> --- net/sctp/sm_statefuns.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)