Date: Thu, 2 May 2024 07:20:58 GMT From: Richard Scheffenegger <rscheff@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 30cf0fbf2624 - main - in_pcb: don't leak credential refcounts on error Message-ID: <202405020720.4427Kwv7063537@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by rscheff: URL: https://cgit.FreeBSD.org/src/commit/?id=30cf0fbf26243f23631739f406959ce5aaba9f5c commit 30cf0fbf26243f23631739f406959ce5aaba9f5c Author: Richard Scheffenegger <rscheff@FreeBSD.org> AuthorDate: 2024-05-01 06:40:40 +0000 Commit: Richard Scheffenegger <rscheff@FreeBSD.org> CommitDate: 2024-05-01 06:41:26 +0000 in_pcb: don't leak credential refcounts on error In the error path during allocating an in_pcb, the credentials associated with the new struct get their reference count increased early on, but not decremented when the allocation fails. Reported by: cmiller_netapp.com MFC after: 3 days Reviewed by: jhb, tuexen Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D45033 --- sys/netinet/in_pcb.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index d9caad6417ef..1a341d421f31 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -655,6 +655,10 @@ in_pcballoc(struct socket *so, struct inpcbinfo *pcbinfo) #if defined(IPSEC) || defined(IPSEC_SUPPORT) || defined(MAC) out: + crfree(inp->inp_cred); +#ifdef INVARIANTS + inp->inp_cred = NULL; +#endif uma_zfree_smr(pcbinfo->ipi_zone, inp); return (error); #endif
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202405020720.4427Kwv7063537>