diff options
author | Dmitry Popov <dp@highloadlab.com> | 2010-07-28 21:59:36 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-07-31 02:04:07 -0400 |
commit | a3bdb549e30e7a263f7a589747c40e9c50110315 (patch) | |
tree | ac14f82ebe454fdbc00c3f1298a293e03e1f1592 /net | |
parent | eeaf61d8891f9c9ed12c1a667e72bf83f0857954 (diff) |
tcp: cookie transactions setsockopt memory leak
There is a bug in do_tcp_setsockopt(net/ipv4/tcp.c),
TCP_COOKIE_TRANSACTIONS case.
In some cases (when tp->cookie_values == NULL) new tcp_cookie_values
structure can be allocated (at cvp), but not bound to
tp->cookie_values. So a memory leak occurs.
Signed-off-by: Dmitry Popov <dp@highloadlab.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/tcp.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 65afeaec15b7..c259714c5596 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c | |||
@@ -2176,6 +2176,8 @@ static int do_tcp_setsockopt(struct sock *sk, int level, | |||
2176 | GFP_KERNEL); | 2176 | GFP_KERNEL); |
2177 | if (cvp == NULL) | 2177 | if (cvp == NULL) |
2178 | return -ENOMEM; | 2178 | return -ENOMEM; |
2179 | |||
2180 | kref_init(&cvp->kref); | ||
2179 | } | 2181 | } |
2180 | lock_sock(sk); | 2182 | lock_sock(sk); |
2181 | tp->rx_opt.cookie_in_always = | 2183 | tp->rx_opt.cookie_in_always = |
@@ -2190,12 +2192,11 @@ static int do_tcp_setsockopt(struct sock *sk, int level, | |||
2190 | */ | 2192 | */ |
2191 | kref_put(&tp->cookie_values->kref, | 2193 | kref_put(&tp->cookie_values->kref, |
2192 | tcp_cookie_values_release); | 2194 | tcp_cookie_values_release); |
2193 | kref_init(&cvp->kref); | ||
2194 | tp->cookie_values = cvp; | ||
2195 | } else { | 2195 | } else { |
2196 | cvp = tp->cookie_values; | 2196 | cvp = tp->cookie_values; |
2197 | } | 2197 | } |
2198 | } | 2198 | } |
2199 | |||
2199 | if (cvp != NULL) { | 2200 | if (cvp != NULL) { |
2200 | cvp->cookie_desired = ctd.tcpct_cookie_desired; | 2201 | cvp->cookie_desired = ctd.tcpct_cookie_desired; |
2201 | 2202 | ||
@@ -2209,6 +2210,8 @@ static int do_tcp_setsockopt(struct sock *sk, int level, | |||
2209 | cvp->s_data_desired = ctd.tcpct_s_data_desired; | 2210 | cvp->s_data_desired = ctd.tcpct_s_data_desired; |
2210 | cvp->s_data_constant = 0; /* false */ | 2211 | cvp->s_data_constant = 0; /* false */ |
2211 | } | 2212 | } |
2213 | |||
2214 | tp->cookie_values = cvp; | ||
2212 | } | 2215 | } |
2213 | release_sock(sk); | 2216 | release_sock(sk); |
2214 | return err; | 2217 | return err; |