2002-12-12 19:00:02

by Krishna Kumar

[permalink] [raw]
Subject: [PATCH RESEND] memory leak in ndisc_router_discovery

Hi,

I had sent this earlier, there is a bug in router advertisement handling code,
where the reference (and memory) to an inet6_dev pointer can get leaked (this
leak can happen atmost once for each interface on a system which receives
invalid RA's). Below is the patch against 2.5.51 to fix it.

thanks,

- KK

-------------------------------------------------------------------------------
diff -ruN linux.org/net/ipv6/ndisc.c linux/net/ipv6/ndisc.c
--- linux.org/net/ipv6/ndisc.c Fri Nov 7 10:02:11 2002
+++ linux/net/ipv6/ndisc.c Fri Nov 8 14:37:27 2002
@@ -871,6 +871,7 @@
}

if (!ndisc_parse_options(opt, optlen, &ndopts)) {
+ in6_dev_put(in6_dev);
if (net_ratelimit())
ND_PRINTK2(KERN_WARNING
"ICMP6 RA: invalid ND option, ignored.\n");
-------------------------------------------------------------------------------


2002-12-16 06:29:13

by YOSHIFUJI Hideaki

[permalink] [raw]
Subject: Re: [PATCH RESEND] memory leak in ndisc_router_discovery

In article <[email protected]> (at Thu, 12 Dec 2002 11:05:43 -0800 (PST)), Krishna Kumar <[email protected]> says:

> I had sent this earlier, there is a bug in router advertisement handling code,
> where the reference (and memory) to an inet6_dev pointer can get leaked (this
> leak can happen atmost once for each interface on a system which receives
> invalid RA's). Below is the patch against 2.5.51 to fix it.

(It would be called "refcnt leakage," or some thing like that, but anyway)
This seems correct fix. please apply...

> -------------------------------------------------------------------------------
> diff -ruN linux.org/net/ipv6/ndisc.c linux/net/ipv6/ndisc.c
> --- linux.org/net/ipv6/ndisc.c Fri Nov 7 10:02:11 2002
> +++ linux/net/ipv6/ndisc.c Fri Nov 8 14:37:27 2002
> @@ -871,6 +871,7 @@
> }
>
> if (!ndisc_parse_options(opt, optlen, &ndopts)) {
> + in6_dev_put(in6_dev);
> if (net_ratelimit())
> ND_PRINTK2(KERN_WARNING
> "ICMP6 RA: invalid ND option, ignored.\n");
> -------------------------------------------------------------------------------

--
Hideaki YOSHIFUJI @ USAGI Project <[email protected]>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF 80D8 4807 F894 E062 0EEA

2002-12-21 07:06:34

by David Miller

[permalink] [raw]
Subject: Re: [PATCH RESEND] memory leak in ndisc_router_discovery

From: Krishna Kumar <[email protected]>
Date: Thu, 12 Dec 2002 11:05:43 -0800 (PST)

I had sent this earlier, there is a bug in router advertisement handling code,
where the reference (and memory) to an inet6_dev pointer can get leaked (this
leak can happen atmost once for each interface on a system which receives
invalid RA's). Below is the patch against 2.5.51 to fix it.

Applied, thanks.