Skip to content

Commit

Permalink
af_key: fix leaks in key_pol_get_resp and dump_sp.
Browse files Browse the repository at this point in the history 
In both functions, if pfkey_xfrm_policy2msg failed we leaked the newly
allocated sk_buff.  Free it on error.

Fixes: 55569ce ("Fix conversion between IPSEC_MODE_xxx and XFRM_MODE_xxx.")
Reported-by: [email protected]
Signed-off-by: Jeremy Sowden <[email protected]>
Signed-off-by: Steffen Klassert <[email protected]>
  • Loading branch information
@a3a3el @klassert
a3a3el authored and klassert committed May 28, 2019
1 parent b38ff40 commit 7c80eb1
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions net/key/af_key.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2442,8 +2442,10 @@ static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, const struc
goto out;
}
err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
if (err < 0)
if (err < 0) {
kfree_skb(out_skb);
goto out;
}

out_hdr = (struct sadb_msg *) out_skb->data;
out_hdr->sadb_msg_version = hdr->sadb_msg_version;
Expand Down Expand Up @@ -2694,8 +2696,10 @@ static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr)
return PTR_ERR(out_skb);

err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
if (err < 0)
if (err < 0) {
kfree_skb(out_skb);
return err;
}

out_hdr = (struct sadb_msg *) out_skb->data;
out_hdr->sadb_msg_version = pfk->dump.msg_version;
Expand Down

0 comments on commit 7c80eb1

Please sign in to comment.