Patch "ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()" has been added to the 6.7-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()

to the 6.7-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ipv6-fix-potential-struct-net-leak-in-inet6_rtm_geta.patch
and it can be found in the queue-6.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit f90703eef697ccb6048feef85527bfb010b7ebb5
Author: Eric Dumazet <edumazet@xxxxxxxxxx>
Date:   Thu Feb 22 12:17:47 2024 +0000

    ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
    
    [ Upstream commit 10bfd453da64a057bcfd1a49fb6b271c48653cdb ]
    
    It seems that if userspace provides a correct IFA_TARGET_NETNSID value
    but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr()
    returns -EINVAL with an elevated "struct net" refcount.
    
    Fixes: 6ecf4c37eb3e ("ipv6: enable IFA_TARGET_NETNSID for RTM_GETADDR")
    Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
    Cc: Christian Brauner <brauner@xxxxxxxxxx>
    Cc: David Ahern <dsahern@xxxxxxxxxx>
    Reviewed-by: David Ahern <dsahern@xxxxxxxxxx>
    Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 5a839c5fb1a5a..055230b669cf2 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -5509,9 +5509,10 @@ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr *nlh,
 	}
 
 	addr = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL], &peer);
-	if (!addr)
-		return -EINVAL;
-
+	if (!addr) {
+		err = -EINVAL;
+		goto errout;
+	}
 	ifm = nlmsg_data(nlh);
 	if (ifm->ifa_index)
 		dev = dev_get_by_index(tgt_net, ifm->ifa_index);




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux