On 2019-06-14, at 10:53:46 +0200, Steffen Klassert wrote: > On Fri, Jun 14, 2019 at 04:26:26PM +0800, Young Xiao wrote: > > We leak the allocated out_skb in case pfkey_xfrm_policy2msg() fails. > > Fix this by freeing it on error. > > > > Signed-off-by: Young Xiao <92siuy...@gmail.com> > > --- > > net/key/af_key.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/net/key/af_key.c b/net/key/af_key.c > > index 4af1e1d..ec414f6 100644 > > --- a/net/key/af_key.c > > +++ b/net/key/af_key.c > > @@ -2443,6 +2443,7 @@ static int key_pol_get_resp(struct sock *sk, struct > > xfrm_policy *xp, const struc > > } > > err = pfkey_xfrm_policy2msg(out_skb, xp, dir); > > if (err < 0) > > + kfree_skb(out_skb); > > goto out; > > Did you test this? > > You need to add braces, otherwise 'goto out' will happen unconditionally. > > > > > out_hdr = (struct sadb_msg *) out_skb->data; > > @@ -2695,6 +2696,7 @@ static int dump_sp(struct xfrm_policy *xp, int dir, > > int count, void *ptr) > > > > err = pfkey_xfrm_policy2msg(out_skb, xp, dir); > > if (err < 0) > > + kfree_skb(out_skb); > > return err; > > Same here.
There's already a patch for this: https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git/commit/?id=7c80eb1c7e2b8420477fbc998971d62a648035d9 J.
signature.asc
Description: PGP signature