Home Home > GIT Browse > SLE15
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Slaby <jslaby@suse.cz>2019-07-18 08:26:13 +0200
committerJiri Slaby <jslaby@suse.cz>2019-07-18 09:30:36 +0200
commit04ecac82115fa4b0337d4d60de0274f386d0baf1 (patch)
tree934e6368467f450323b5d9cba97f36542f4a45cf
parent2c5a465daeb6adef4f2d9c1f4cc37788ea7cd993 (diff)
Fix memory leak in sctp_process_init
(networking-stable-19_06_09). suse-commit: 19f2ac5590e2e7e189cf443f7d906e5aaebbd652
-rw-r--r--net/sctp/sm_make_chunk.c13
-rw-r--r--net/sctp/sm_sideeffect.c5
2 files changed, 8 insertions, 10 deletions
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index fe5b2b46384b..b870c4cc2dbd 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -2321,7 +2321,6 @@ int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk,
struct list_head *pos, *temp;
struct sctp_af *af;
union sctp_addr addr;
- char *cookie;
int src_match = 0;
/* We must include the address that the INIT packet came from.
@@ -2426,14 +2425,6 @@ int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk,
/* Peer Rwnd : Current calculated value of the peer's rwnd. */
asoc->peer.rwnd = asoc->peer.i.a_rwnd;
- /* Copy cookie in case we need to resend COOKIE-ECHO. */
- cookie = asoc->peer.cookie;
- if (cookie) {
- asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp);
- if (!asoc->peer.cookie)
- goto clean_up;
- }
-
/* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily
* high (for example, implementations MAY use the size of the receiver
* advertised window).
@@ -2599,7 +2590,9 @@ do_addr_param:
case SCTP_PARAM_STATE_COOKIE:
asoc->peer.cookie_len =
ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
- asoc->peer.cookie = param.cookie->body;
+ asoc->peer.cookie = kmemdup(param.cookie->body, asoc->peer.cookie_len, gfp);
+ if (!asoc->peer.cookie)
+ retval = 0;
break;
case SCTP_PARAM_HEARTBEAT_INFO:
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index eb3dd7213bd7..a2ca30a167f2 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -854,6 +854,11 @@ static void sctp_cmd_new_state(sctp_cmd_seq_t *cmds,
asoc->rto_initial;
}
+ if (sctp_state(asoc, ESTABLISHED)) {
+ kfree(asoc->peer.cookie);
+ asoc->peer.cookie = NULL;
+ }
+
if (sctp_state(asoc, ESTABLISHED) ||
sctp_state(asoc, CLOSED) ||
sctp_state(asoc, SHUTDOWN_RECEIVED)) {