Re: Linux 2.2.* remote exploit fix

Andy Sloane (andy@guildsoftware.com)
Tue, 1 Jun 1999 20:43:23 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Richard Gooch: "Re: SGI's XFS DONATED AS OPEN SOURCE!!!!!!!!!"

On Tue, Jun 01, 1999 at 06:20:10PM -0700, Ian Eure wrote:
> Alan Cox wrote:
> > error:
> > if (skb) {
> > icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl((pp_ptr-iph)<<24));
> > - kfree_skb(skb);
> > }
> > return -EINVAL;
> > }
> I'm not very familiar with the kernel code, but won't this introduce a
> memory leak?

No, this is in ip_options_compile() which from what I can see is only
called by ip_rcv() (ip_input.c) which kfrees the same skb if
ip_options_compile returns an error:

if (ip_options_compile(NULL, skb))
goto inhdr_error;
...

inhdr_error:
ip_statistics.IpInHdrErrors++;
drop:
kfree_skb(skb);
return(0);

So it was a double-free if an error occurred in this case.

-Andy.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Previous message: Richard Gooch: "Re: SGI's XFS DONATED AS OPEN SOURCE!!!!!!!!!"