asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

BACKPORT: net: xfrm: fix memory leak in xfrm_user_policy()

Browse source 
if xfrm_get_translator() failed, xfrm_user_policy() return without
freeing 'data', which is allocated in memdup_sockptr().

Bug: 254441685
Fixes: 96392ee5a13b ("xfrm/compat: Translate 32-bit user_policy from sockptr")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
(cherry picked from commit 48f486e13ffdb49fbb9b38c21d0e108ed60ab1a2)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I0744588549ae7ac9d11ffa6ceec4beb1962e6b4a
This commit is contained in:
Yu Kuai 2020-11-10 09:14:43 +08:00 committed by Lee Jones
parent 63d464fe50
commit 3c7c6e08c9
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
net/xfrm/xfrm_state.c
View file

@ -2213,8 +2213,10 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen
if (in_compat_syscall()) {
struct xfrm_translator *xtr = xfrm_get_translator();
if (!xtr)
if (!xtr) {
kfree(data);
return -EOPNOTSUPP;
}
err = xtr->xlate_user_policy_sockptr(&data, optlen);
xfrm_put_translator(xtr);