mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net/sctp
History
Neil Horman c4964bfaf4 sctp: Free cookie before we memdup a new one 
[ Upstream commit ce950f1050 ]

Based on comments from Xin, even after fixes for our recent syzbot
report of cookie memory leaks, its possible to get a resend of an INIT
chunk which would lead to us leaking cookie memory.

To ensure that we don't leak cookie memory, free any previously
allocated cookie first.

Change notes
v1->v2
update subsystem tag in subject (davem)
repeat kfree check for peer_random and peer_hmacs (xin)

v2->v3
net->sctp
also free peer_chunks

v3->v4
fix subject tags

v4->v5
remove cut line

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Reported-by: syzbot+f7e9153b037eac9b1df8@syzkaller.appspotmail.com
CC: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
CC: Xin Long <lucien.xin@gmail.com>
CC: "David S. Miller" <davem@davemloft.net>
CC: netdev@vger.kernel.org
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2019-06-22 08:16:15 +02:00
..
Kconfig sctp: add the sctp_diag.c file 2016-04-15 17:29:36 -04:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
associola.c sctp: kfree_rcu asoc 2018-12-17 09:28:47 +01:00
auth.c sctp: remove the typedef sctp_hmac_algo_param_t 2017-07-16 20:52:14 -07:00
bind_addr.c sctp: remove the typedef sctp_scope_t 2017-08-06 21:33:41 -07:00
chunk.c sctp: fix erroneous inc of snmp SctpFragUsrMsgs 2018-08-24 13:09:03 +02:00
debug.c sctp: remove the typedef sctp_subtype_t 2017-08-06 21:33:42 -07:00
endpointola.c sctp: remove the typedef sctp_subtype_t 2017-08-06 21:33:42 -07:00
input.c sctp: do not pr_err for the duplicated node in transport rhlist 2018-03-08 22:41:14 -08:00
inqueue.c sctp: fix the issue that the cookie-ack with auth can't get processed 2018-05-19 10:20:25 +02:00
ipv6.c sctp: allocate sctp_sockaddr_entry with kzalloc 2019-01-23 08:09:50 +01:00
objcnt.c sctp: remove the typedef sctp_dbg_objcnt_entry_t 2017-08-11 10:02:43 -07:00
offload.c sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment 2019-02-27 10:08:06 +01:00
output.c sctp: remove the typedef sctp_xmit_t 2017-08-06 21:33:42 -07:00
outqueue.c sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune 2018-02-25 11:07:57 +01:00
primitive.c sctp: remove the typedef sctp_subtype_t 2017-08-06 21:33:42 -07:00
probe.c sctp: remove the typedef sctp_disposition_t 2017-08-11 10:02:44 -07:00
proc.c sctp: hold transport before accessing its asoc in sctp_transport_get_next 2018-09-15 09:45:25 +02:00
protocol.c sctp: initialize _pad of sockaddr_in before copying to user memory 2019-04-17 08:37:47 +02:00
sctp_diag.c inet_diag: fix reporting cgroup classid and fallback to priority 2019-02-27 10:08:07 +01:00
sm_make_chunk.c sctp: Free cookie before we memdup a new one 2019-06-22 08:16:15 +02:00
sm_sideeffect.c Fix memory leak in sctp_process_init 2019-06-11 12:21:44 +02:00
sm_statefuns.c sctp: avoid running the sctp state machine recursively 2019-05-08 07:20:44 +02:00
sm_statetable.c sctp: remove the typedef sctp_sm_table_entry_t 2017-08-11 10:02:44 -07:00
socket.c sctp: not allow to set asoc prsctp_enable by sockopt 2018-11-23 08:19:26 +01:00
stream.c sctp: improve the events for sctp stream reset 2019-02-06 17:31:33 +01:00
sysctl.c sctp: remove the typedef sctp_scope_policy_t 2017-08-06 21:33:41 -07:00
transport.c sctp: update dst pmtu with the correct daddr 2018-10-18 09:16:19 +02:00
tsnmap.c
ulpevent.c sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg 2018-05-19 10:20:25 +02:00
ulpqueue.c sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege 2018-03-03 10:24:24 +01:00