iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Xin Xiong 18e6b6e255 xfrm: fix refcount leak in __xfrm_policy_check() 
[ Upstream commit 9c9cb23e00ddf45679b21b4dacc11d1ae7961ebe ]

The issue happens on an error path in __xfrm_policy_check(). When the
fetching process of the object `pols[1]` fails, the function simply
returns 0, forgetting to decrement the reference count of `pols[0]`,
which is incremented earlier by either xfrm_sk_policy_lookup() or
xfrm_policy_lookup(). This may result in memory leaks.

Fix it by decreasing the reference count of `pols[0]` in that path.

Fixes: 134b0fc544ba ("IPsec: propagate security module errors up from flow_cache_lookup")
Signed-off-by: Xin Xiong <xiongx18@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-09-05 10:23:54 +02:00
..
6lowpan
6lowpan: Off by one handling ->nexthdr
2020-01-29 10:24:22 +01:00
9p
net/9p: Initialize the iounit field during fid creation
2022-08-25 11:09:27 +02:00
802
net/802/garp: fix memleak in garp_request_join()
2021-08-04 11:58:02 +02:00
8021q
vlan: fix memory leak in vlan_dev_set_egress_priority
2020-01-12 11:24:27 +01:00
appletalk
appletalk: Fix skb allocation size in loopback case
2021-04-07 12:05:39 +02:00
atm
atm: fix a memory leak of vcc->user_back
2020-10-01 20:40:12 +02:00
ax25
ax25: Fix NULL pointer dereference in ax25_kill_by_device
2022-03-16 12:49:00 +01:00
batman-adv
batman-adv: Don't expect inter-netns unique iflink indices
2022-03-16 12:49:01 +01:00
bluetooth
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
2022-08-25 11:09:27 +02:00
bridge
netfilter: bridge: add support for pppoe filtering
2022-01-27 08:47:33 +01:00
caif
net-caif: avoid user-triggerable WARN_ON(1)
2021-09-22 11:43:09 +02:00
can
can: bcm: fix UAF of bcm op
2022-02-08 18:15:26 +01:00
ceph
libceph: clear con->out_msg on Policy::stateful_server faults
2020-11-10 10:23:59 +01:00
core
net: Rename and export copy_skb_header
2022-07-07 17:30:11 +02:00
dcb
net: dcb: disable softirqs in dcbnl_flush_dev()
2022-03-08 19:00:59 +01:00
dccp
dccp: don't duplicate ccid when cloning dccp sock
2021-09-22 11:43:09 +02:00
decnet
net: decnet: Fix sleeping inside in af_decnet
2021-07-28 09:14:27 +02:00
dns_resolver
KEYS: DNS: fix parsing multiple options
2018-07-22 14:27:39 +02:00
dsa
net: dsa: tag_brcm: Fix skb->fwd_offload_mark location
2020-04-13 10:32:53 +02:00
ethernet
net: add annotations on hh->hh_len lockless accesses
2020-01-12 11:24:19 +01:00
hsr
hsr: use netdev_err() instead of WARN_ONCE()
2021-05-22 10:40:20 +02:00
ieee802154
net: ieee802154: Return meaningful error codes from the netlink helpers
2022-02-08 18:15:29 +01:00
ipv4
tcp: fix over estimation in sk_forced_mem_schedule()
2022-08-25 11:09:27 +02:00
ipv6
net: ping6: Fix memleak in ipv6_renew_options().
2022-08-25 11:09:20 +02:00
ipx
ipx: call ipxitf_put() in ioctl error path
2017-05-25 15:44:41 +02:00
irda
irda: Only insert new objects into the global database via setsockopt
2018-09-15 09:43:01 +02:00
iucv
net/af_iucv: set correct sk_protocol for child sockets
2020-12-11 13:37:56 +01:00
kcm
kcm: switch order of device registration to fix a crash
2019-04-17 08:36:44 +02:00
key
Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
2022-06-14 16:52:40 +02:00
l2tp
l2tp: fix race in pppol2tp_release with session object destroy
2022-06-25 11:45:19 +02:00
l3mdev
lapb
net: lapb: Copy the skb before sending a packet
2021-02-10 09:09:25 +01:00
llc
llc: only change llc->dev when bind() succeeds
2022-03-28 08:06:06 +02:00
mac80211
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
2022-06-14 16:52:35 +02:00
mac802154
net: mac802154: Fix general protection fault
2021-04-16 11:59:10 +02:00
mpls
net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
2021-03-17 16:10:13 +01:00
ncsi
net/ncsi: Use real net-device for response handler
2021-01-12 19:49:01 +01:00
netfilter
netfilter: nf_tables: really skip inactive sets when allocating name
2022-08-25 11:09:30 +02:00
netlabel
cipso,calipso: resolve a number of problems with the DOI refcounts
2022-01-27 08:47:42 +01:00
netlink
netlink: do not reset transport header in netlink_recvmsg()
2022-05-18 09:15:43 +02:00
netrom
netrom: Decrease sock refcount when sock timers expire
2021-07-28 09:14:27 +02:00
nfc
NFC: NULL out the dev->rfkill to prevent UAF
2022-06-14 16:52:31 +02:00
openvswitch
openvswitch: fix OOB access in reserve_sfa_size()
2022-04-27 13:14:11 +02:00
packet
net/packet: fix packet_sock xmit return value checking
2022-04-27 13:14:10 +02:00
phonet
phonet: refcount leak in pep_sock_accep
2022-01-11 13:38:12 +01:00
qrtr
net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
2021-03-30 14:41:42 +02:00
rds
rds: add missing barrier to release_refill
2022-08-25 11:09:28 +02:00
rfkill
rfkill: Fix incorrect check to avoid NULL pointer dereference
2020-01-12 11:24:23 +01:00
rose
net: rose: fix UAF bug caused by rose_t0timer_expiry
2022-07-12 16:26:24 +02:00
rxrpc
rxrpc: Don't try to resend the request if we're receiving the reply
2022-06-14 16:52:33 +02:00
sched
net_sched: cls_route: disallow handle of 0
2022-08-25 11:09:28 +02:00
sctp
sctp: read sk->sk_bound_dev_if once in sctp_rcv()
2022-06-14 16:52:32 +02:00
strparser
strparser: Fix incorrect strp->need_bytes value.
2018-04-29 11:32:02 +02:00
sunrpc
SUNRPC: Reinitialise the backchannel request buffers before reuse
2022-08-25 11:09:29 +02:00
switchdev
tipc
net: tipc: fix possible refcount leak in tipc_sk_create()
2022-07-21 20:40:32 +02:00
unix
af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
2022-01-27 08:47:41 +01:00
vmw_vsock
vsock: Fix memory leak in vsock_connect()
2022-08-25 11:09:29 +02:00
wimax
wireless
nl80211: Update bss channel on channel switch for P2P_CLIENT
2022-03-23 09:00:33 +01:00
x25
net/x25: Fix null-ptr-deref caused by x25_disconnect
2022-04-20 09:06:38 +02:00
xfrm
xfrm: fix refcount leak in __xfrm_policy_check()
2022-09-05 10:23:54 +02:00
compat.c
net: Return the correct errno code
2021-06-30 08:49:12 -04:00
Kconfig
Makefile
net: split out functions related to registering inflight socket files
2021-08-04 11:58:01 +02:00
socket.c
net: Set fput_needed iff FDPUT_FPUT is set
2020-08-21 11:02:04 +02:00
sysctl_net.c