Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2069825imm; Thu, 24 May 2018 05:22:19 -0700 (PDT) X-Google-Smtp-Source: AB8JxZq2rY+D4LHaiWV+W/muWg5/wKBNwZHe0UPGfcFd50yB1HLZAU66TtNXgmhJUUnLxaFYazqN X-Received: by 2002:a62:e710:: with SMTP id s16-v6mr7072674pfh.227.1527164539277; Thu, 24 May 2018 05:22:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527164539; cv=none; d=google.com; s=arc-20160816; b=yERqzcNfz+CyiqQmvE5LOL1nulOVYC2uI24cEFdW9LWHpRuXa3fYD8Af3PUo+4LFHD BRAKjAQBVUeENT5RWRsOXfq97RN2i4cfuorb47jcwvT3bujUnjC6d8scKuuP1u6Tm/1r OgbF5a/CrzqXJp2L3WryXE6dBarUIR6Ssks9c8eHdUeMb2EPt+jMU68iawJcSJiy9UDg 0TGy8G7Ap+QKlHARVAAWKm2HU9eNlnqlt6BOyGI+Zzo9d7d3hzd6z2L31sjE4QxcIQS9 B7FEoFtBcFMwEaJnY3TegW+hDC5mk5LWtoMDGoMRgGYA4V/mbmZwb/4MD8MuzccSy6KH xR6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=KVfzl73amKq+DsvpOUDxknSbBhGEFCdEKfHJdDXN+9g=; b=Fe9tczNaDdl3Onk5bPUDjOoYgHz5zl91O8W3YZ7g7UiqODSe5u60B+dH7WdnPaoLAe VE5KM2zITPrkseWlXI4JXG7xJ3YzTo4YHP9dxlOKR1vC7IPdczBeDJMzQursFLPrni4A 3AccY6ATy9AgnafOsNH0+Qom8G4RRQPiIbD6pPZKFyBNk3LFCtFN1qzY0sVeZUOChsG6 WJkxB/jlLKWSdPS0EIjzJ4i0D7wWmaqzXUir5X0YXBY3zL3l05Pu+bdm8m4GEx3yApP4 1rd1MFrjkuC0XQW9Ys5Q/aMxdew9nl5jFJH0Mna11eH4GSckFLrUTunB/s5BEdkBM5DA aVNg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=HmilEjV6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g1-v6si16785855pgo.637.2018.05.24.05.22.03; Thu, 24 May 2018 05:22:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=HmilEjV6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S970024AbeEXMVZ (ORCPT + 99 others); Thu, 24 May 2018 08:21:25 -0400 Received: from mail.kernel.org ([198.145.29.99]:53178 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965759AbeEXJlO (ORCPT ); Thu, 24 May 2018 05:41:14 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5180920896; Thu, 24 May 2018 09:41:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1527154873; bh=I/71zoPNVDdx++8oAmLAphzyz0eM+ymQc4xWupgbzsE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HmilEjV6F6714crHCytqCrgTUBy0zCtpq4atSeFjAmYfMrJSJwSE02yJQYqF1mcSU KHKMnF4n0shMnT9tX8D1Rd1aANqZGD9ujF/HMQoiA4QIkBqQR0EWWWylOAGWUSiVrl nErRJg6DJCK6If2xNCq08vP5hUwlcn7xFkuMGlHM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Andrey Ignatov , "David S. Miller" Subject: [PATCH 3.18 04/45] ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg Date: Thu, 24 May 2018 11:38:12 +0200 Message-Id: <20180524093121.103500882@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180524093120.599252450@linuxfoundation.org> References: <20180524093120.599252450@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Andrey Ignatov [ Upstream commit 1b97013bfb11d66f041de691de6f0fec748ce016 ] Fix more memory leaks in ip_cmsg_send() callers. Part of them were fixed earlier in 919483096bfe. * udp_sendmsg one was there since the beginning when linux sources were first added to git; * ping_v4_sendmsg one was copy/pasted in c319b4d76b9e. Whenever return happens in udp_sendmsg() or ping_v4_sendmsg() IP options have to be freed if they were allocated previously. Add label so that future callers (if any) can use it instead of kfree() before return that is easy to forget. Fixes: c319b4d76b9e (net: ipv4: add IPPROTO_ICMP socket kind) Signed-off-by: Andrey Ignatov Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv4/ping.c | 7 +++++-- net/ipv4/udp.c | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -771,8 +771,10 @@ static int ping_v4_sendmsg(struct kiocb ipc.addr = faddr = daddr; if (ipc.opt && ipc.opt->opt.srr) { - if (!daddr) - return -EINVAL; + if (!daddr) { + err = -EINVAL; + goto out_free; + } faddr = ipc.opt->opt.faddr; } tos = get_rttos(&ipc, inet); @@ -837,6 +839,7 @@ back_from_confirm: out: ip_rt_put(rt); +out_free: if (free) kfree(ipc.opt); if (!err) { --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -975,8 +975,10 @@ int udp_sendmsg(struct kiocb *iocb, stru ipc.addr = faddr = daddr; if (ipc.opt && ipc.opt->opt.srr) { - if (!daddr) - return -EINVAL; + if (!daddr) { + err = -EINVAL; + goto out_free; + } faddr = ipc.opt->opt.faddr; connected = 0; } @@ -1081,6 +1083,7 @@ do_append_data: out: ip_rt_put(rt); +out_free: if (free) kfree(ipc.opt); if (!err)