diff options
| author | Jakub Kicinski <kuba@kernel.org> | 2022-08-16 09:19:39 -0700 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2022-08-18 10:20:48 -0700 |
| commit | 249801360db3dec4f73768c502192020bfddeacc (patch) | |
| tree | 12f45371df138671e0ef5f3f6b0fdb3692b4dbe2 /net/netlink/genetlink.c | |
| parent | 5c23d6b717e4e956376f3852b90f58e262946b50 (diff) | |
| download | linux-249801360db3dec4f73768c502192020bfddeacc.tar.gz linux-249801360db3dec4f73768c502192020bfddeacc.tar.bz2 linux-249801360db3dec4f73768c502192020bfddeacc.zip | |
net: genl: fix error path memory leak in policy dumping
If construction of the array of policies fails when recording
non-first policy we need to unwind.
netlink_policy_dump_add_policy() itself also needs fixing as
it currently gives up on error without recording the allocated
pointer in the pstate pointer.
Reported-by: syzbot+dc54d9ba8153b216cae0@syzkaller.appspotmail.com
Fixes: 50a896cf2d6f ("genetlink: properly support per-op policy dumping")
Link: https://lore.kernel.org/r/20220816161939.577583-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net/netlink/genetlink.c')
| -rw-r--r-- | net/netlink/genetlink.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index 1afca2a6c2ac..57010927e20a 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c @@ -1174,13 +1174,17 @@ static int ctrl_dumppolicy_start(struct netlink_callback *cb) op.policy, op.maxattr); if (err) - return err; + goto err_free_state; } } if (!ctx->state) return -ENODATA; return 0; + +err_free_state: + netlink_policy_dump_free(ctx->state); + return err; } static void *ctrl_dumppolicy_prep(struct sk_buff *skb, |