From: Neil Horman <nhorman@xxxxxxxxxxxxx> Date: Mon, 3 Jun 2019 16:32:59 -0400 > syzbot found the following leak in sctp_process_init > BUG: memory leak > unreferenced object 0xffff88810ef68400 (size 1024): ... > The problem was that the peer.cookie value points to an skb allocated > area on the first pass through this function, at which point it is > overwritten with a heap allocated value, but in certain cases, where a > COOKIE_ECHO chunk is included in the packet, a second pass through > sctp_process_init is made, where the cookie value is re-allocated, > leaking the first allocation. > > Fix is to always allocate the cookie value, and free it when we are done > using it. > > Signed-off-by: Neil Horman <nhorman@xxxxxxxxxxxxx> > Reported-by: syzbot+f7e9153b037eac9b1df8@xxxxxxxxxxxxxxxxxxxxxxxxx Applied and queued up for -stable.
