leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0c2232b0a7
linux/net/dccp
History
Xin Long 0c2232b0a7 dccp: fix a memleak that dccp_ipv6 doesn't put reqsk properly 
In dccp_v6_conn_request, after reqsk gets alloced and hashed into
ehash table, reqsk's refcnt is set 3. one is for req->rsk_timer,
one is for hlist, and the other one is for current using.

The problem is when dccp_v6_conn_request returns and finishes using
reqsk, it doesn't put reqsk. This will cause reqsk refcnt leaks and
reqsk obj never gets freed.

Jianlin found this issue when running dccp_memleak.c in a loop, the
system memory would run out.

dccp_memleak.c:
  int s1 = socket(PF_INET6, 6, IPPROTO_IP);
  bind(s1, &sa1, 0x20);
  listen(s1, 0x9);
  int s2 = socket(PF_INET6, 6, IPPROTO_IP);
  connect(s2, &sa1, 0x20);
  close(s1);
  close(s2);

This patch is to put the reqsk before dccp_v6_conn_request returns,
just as what tcp_conn_request does.

Reported-by: Jianlin Shi <jishi@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-27 00:01:05 -07:00
..
ccids dccp: do not use tcp_time_stamp 2017-05-17 16:06:01 -04:00
ackvec.c dccp: drop null test before destroy functions 2015-09-15 16:49:43 -07:00
ackvec.h net: dccp: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
ccid.c dccp: drop null test before destroy functions 2015-09-15 16:49:43 -07:00
ccid.h net: dccp: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
dccp.h net: snmp: kill STATS_BH macros 2016-04-27 22:48:25 -04:00
diag.c sock_diag: specify info_size per inet protocol 2015-06-15 19:49:22 -07:00
feat.c dccp: kerneldoc warning fixes 2014-11-18 15:26:31 -05:00
feat.h net: dccp: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
input.c dccp: make const array error_code static 2017-07-13 09:24:02 -07:00
ipv4.c dccp: call inet_add_protocol after register_pernet_subsys in dccp_v4_init 2017-06-20 15:31:43 -04:00
ipv6.c dccp: fix a memleak that dccp_ipv6 doesn't put reqsk properly 2017-07-27 00:01:05 -07:00
ipv6.h inet: includes a sock_common in request_sock 2013-10-10 00:08:07 -04:00
Kconfig net/dccp: remove depends on CONFIG_EXPERIMENTAL 2013-01-11 11:39:34 -08:00
Makefile
minisocks.c dccp: fix use-after-free in dccp_feat_activate_values 2017-03-07 14:15:27 -08:00
options.c networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
output.c sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
probe.c Use 64-bit timekeeping 2015-11-01 17:01:16 -05:00
proto.c dccp: do not send reset to already closed sockets 2016-11-03 16:16:51 -04:00
qpolicy.c
sysctl.c dccp: make the request_retries minimum is 1 2014-05-14 15:34:16 -04:00
timer.c net: rename NET_{ADD|INC}_STATS_BH() 2016-04-27 22:48:24 -04:00