Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1908889imm; Thu, 24 May 2018 02:45:10 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpP1N1KdKWh1pGcvkpfOLt14S32Jt1xA/ibQaduOFjkrpLTTMMYUGBbHs6zskF2x2nGXRLO X-Received: by 2002:a65:4188:: with SMTP id a8-v6mr5247813pgq.118.1527155110134; Thu, 24 May 2018 02:45:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527155110; cv=none; d=google.com; s=arc-20160816; b=PXDylcoeuDRePzwL2mj0VAVQp3UAzu5ABlSoU8U7boi91hHMKsjlbR8F9peLOxbE3y P8Hlz7OODwK4Nq0ExB5EXp8ElFhvtLEyGqMwITHE2DrW1PtpaSpHStQXuw/V4OenkfnL /9ocoRAAPcalg/Kho97aCZJnpm1Vy6sP0D4Qa4ndMWyl5aMxb4huEyVbQrtwOMTFn3Yq +ZhXVnkDR3nVELH6BrRNuQTlXBK/Xe2NtojBSoebfcU/ks3xyPfivqNKbkAtGkQdIWFY 5ipK0/VI4dNtvL27Njxhf7uVjrUealLzYb2zKAdIF+eTimE7KnKnVEVVXQMaDZ+c+QjE l0Ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=lRHngEF289VHYGQBWUctdq1Vl4CKzkvKksclNvCjlqg=; b=ElltsXzE4l0F5UQjJEu4RpX4slewMWdT8S1uXvukSwTPMTP1FAx9fCE8KUQA2IPU87 wCCmChXd6FoTbwVXwIU4x7rxF3a16PhIG/OqEKyO0hCeuK7tnSh1xs/QCr8/fZRnw0eT V9Uu+P0cZEF3FgvwT4Xs1oA1WxQuj08MFvaKsDOLpsw2A++fUc5g4LY78pOrKyXdZqz5 J68jB22qccRMGPaxDHjRlYvA+mDmAgVWgleTh1MpJ4hnc2dZtgonBCplR1PIyJxDFcvY tq6/WkEygji+Goh+tvwm9RMKqQIBIO+Aao5gcLMn3cegzDvLC/+1K7yLj7jkzFeZoMfO iY7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=sQavlRHJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m197-v6si4608801pga.107.2018.05.24.02.44.55; Thu, 24 May 2018 02:45:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=sQavlRHJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966438AbeEXJnH (ORCPT + 99 others); Thu, 24 May 2018 05:43:07 -0400 Received: from mail.kernel.org ([198.145.29.99]:54546 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965972AbeEXJnB (ORCPT ); Thu, 24 May 2018 05:43:01 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C489920893; Thu, 24 May 2018 09:43:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1527154981; bh=e4+CON73ptzEEfFPwo3TgXSvCmjwoykzhbb3wrq9Ehk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sQavlRHJ8qjzu3i7UFmwxW43iR8e4OHSneZjwD24gBi0BZOEjdafT0WawdNkpW5DS uQ6SD1KD3IwXyWeq8Nevzgg6TCWwjuUfX4hbYBHgSJIliTw4g64PiAUVZI1QOkoy6U Uxbg+VqSzUsHUvtHumpXy44mPZpmaC0vopzO1xrA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Andrey Ignatov , "David S. Miller" Subject: [PATCH 4.4 04/92] ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg Date: Thu, 24 May 2018 11:37:41 +0200 Message-Id: <20180524093159.669935648@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180524093159.286472249@linuxfoundation.org> References: <20180524093159.286472249@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Andrey Ignatov [ Upstream commit 1b97013bfb11d66f041de691de6f0fec748ce016 ] Fix more memory leaks in ip_cmsg_send() callers. Part of them were fixed earlier in 919483096bfe. * udp_sendmsg one was there since the beginning when linux sources were first added to git; * ping_v4_sendmsg one was copy/pasted in c319b4d76b9e. Whenever return happens in udp_sendmsg() or ping_v4_sendmsg() IP options have to be freed if they were allocated previously. Add label so that future callers (if any) can use it instead of kfree() before return that is easy to forget. Fixes: c319b4d76b9e (net: ipv4: add IPPROTO_ICMP socket kind) Signed-off-by: Andrey Ignatov Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv4/ping.c | 7 +++++-- net/ipv4/udp.c | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -777,8 +777,10 @@ static int ping_v4_sendmsg(struct sock * ipc.addr = faddr = daddr; if (ipc.opt && ipc.opt->opt.srr) { - if (!daddr) - return -EINVAL; + if (!daddr) { + err = -EINVAL; + goto out_free; + } faddr = ipc.opt->opt.faddr; } tos = get_rttos(&ipc, inet); @@ -843,6 +845,7 @@ back_from_confirm: out: ip_rt_put(rt); +out_free: if (free) kfree(ipc.opt); if (!err) { --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -991,8 +991,10 @@ int udp_sendmsg(struct sock *sk, struct ipc.addr = faddr = daddr; if (ipc.opt && ipc.opt->opt.srr) { - if (!daddr) - return -EINVAL; + if (!daddr) { + err = -EINVAL; + goto out_free; + } faddr = ipc.opt->opt.faddr; connected = 0; } @@ -1105,6 +1107,7 @@ do_append_data: out: ip_rt_put(rt); +out_free: if (free) kfree(ipc.opt); if (!err)