linux/net/xfrm
Pavel Skripkin 7c1a80e80c net: xfrm: fix memory leak in xfrm_user_rcv_msg
Syzbot reported memory leak in xfrm_user_rcv_msg(). The
problem was is non-freed skb's frag_list.

In skb_release_all() skb_release_data() will be called only
in case of skb->head != NULL, but netlink_skb_destructor()
sets head to NULL. So, allocated frag_list skb should be
freed manualy, since consume_skb() won't take care of it

Fixes: 5106f4a8ac ("xfrm/compat: Add 32=>64-bit messages translator")
Reported-and-tested-by: syzbot+fb347cf82c73a90efcca@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2021-06-29 12:16:08 +02:00
..
espintcp.c espintcp: restore IP CB before handing the packet to xfrm 2020-08-17 15:58:04 +02:00
Kconfig xfrm/compat: Add 32=>64-bit messages translator 2020-09-24 08:53:03 +02:00
Makefile xfrm: Provide API to register translator module 2020-09-24 08:53:03 +02:00
xfrm_algo.c crypto: skcipher - remove the "blkcipher" algorithm type 2019-11-01 13:38:32 +08:00
xfrm_compat.c xfrm/compat: Cleanup WARN()s that can be user-triggered 2021-03-30 07:29:09 +02:00
xfrm_device.c xfrm: Fix xfrm offload fallback fail case 2021-06-22 09:08:15 +02:00
xfrm_hash.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
xfrm_hash.h xfrm: use complete IPv6 addresses for hash 2018-10-15 10:09:18 +02:00
xfrm_inout.h xfrm: move xfrm4_extract_header to common helper 2020-05-06 09:40:08 +02:00
xfrm_input.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2021-01-21 11:05:10 -08:00
xfrm_interface.c xfrm: interface: fix ipv4 pmtu check to honor ip header df 2021-02-23 18:23:58 +01:00
xfrm_ipcomp.c xfrm: ipcomp: remove unnecessary get_cpu() 2021-04-19 12:49:29 +02:00
xfrm_output.c xfrm: remove the fragment check for ipv6 beet mode 2021-06-01 08:22:17 +02:00
xfrm_policy.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2021-06-23 12:34:15 -07:00
xfrm_proc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
xfrm_replay.c xfrm: introduce oseq-may-wrap flag 2020-06-24 07:51:01 +02:00
xfrm_state.c xfrm: xfrm_state_mtu should return at least 1280 for ipv6 2021-04-19 12:43:50 +02:00
xfrm_sysctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm_user.c net: xfrm: fix memory leak in xfrm_user_rcv_msg 2021-06-29 12:16:08 +02:00