MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2025-09-03 02:16:09 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
lf-6.6.y
linux-imx/drivers/net/ppp
History
Gavrilov Ilia 5fbbd952e7 pppoe: Fix memory leak in pppoe_sendmsg() 
[ Upstream commit dc34ebd5c0 ]

syzbot reports a memory leak in pppoe_sendmsg [1].

The problem is in the pppoe_recvmsg() function that handles errors
in the wrong order. For the skb_recv_datagram() function, check
the pointer to skb for NULL first, and then check the 'error' variable,
because the skb_recv_datagram() function can set 'error'
to -EAGAIN in a loop but return a correct pointer to socket buffer
after a number of attempts, though 'error' remains set to -EAGAIN.

skb_recv_datagram
      __skb_recv_datagram          // Loop. if (err == -EAGAIN) then
                                   // go to the next loop iteration
          __skb_try_recv_datagram  // if (skb != NULL) then return 'skb'
                                   // else if a signal is received then
                                   // return -EAGAIN

Found by InfoTeCS on behalf of Linux Verification Center
(linuxtesting.org) with Syzkaller.

Link: https://syzkaller.appspot.com/bug?extid=6bdfd184eac7709e5cc9 [1]

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Reported-by: syzbot+6bdfd184eac7709e5cc9@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=6bdfd184eac7709e5cc9
Signed-off-by: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>
Reviewed-by: Guillaume Nault <gnault@redhat.com>
Link: https://lore.kernel.org/r/20240214085814.3894917-1-Ilia.Gavrilov@infotecs.ru
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-08-19 06:04:27 +02:00
..
bsd_comp.c net: ppp: remove leading spaces before tabs 2021-05-20 15:10:57 -07:00
Kconfig net/pppoe: fix a typo for the PPPOE_HASH_BITS_1 definition 2023-06-06 13:28:30 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ppp_async.c ppp_async: limit MRU to 64K 2024-02-16 19:10:50 +01:00
ppp_deflate.c ppp: deflate: Remove useless call "zlib_inflateEnd" 2021-03-30 16:59:30 -07:00
ppp_generic.c ppp: reject claimed-as-LCP but actually malformed packets 2024-07-18 13:21:14 +02:00
ppp_mppe.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
ppp_mppe.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ppp_synctty.c ppp: limit MRU to 64K 2023-11-28 17:19:51 +00:00
pppoe.c pppoe: Fix memory leak in pppoe_sendmsg() 2024-08-19 06:04:27 +02:00
pppox.c compat_ioctl: pppoe: fix PPPOEIOCSFWD handling 2019-07-30 14:42:13 -07:00
pptp.c net: ppp: Remove unnecessary (void*) conversions 2023-07-18 19:00:47 -07:00