| Message ID | 20170425184734.26563-3-Jason@zx2c4.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
2017-04-25, 20:47:32 +0200, Jason A. Donenfeld wrote: > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> > --- > net/rxrpc/rxkad.c | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > > diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c > index 4374e7b9c7bf..dcf46c9c3ece 100644 > --- a/net/rxrpc/rxkad.c > +++ b/net/rxrpc/rxkad.c [...] > @@ -429,7 +432,8 @@ static int rxkad_verify_packet_2(struct rxrpc_call *call, struct sk_buff *skb, > } > Adding a few more lines of context: sg = _sg; if (unlikely(nsg > 4)) { sg = kmalloc(sizeof(*sg) * nsg, GFP_NOIO); if (!sg) goto nomem; } > sg_init_table(sg, nsg); > - skb_to_sgvec(skb, sg, offset, len); > + if (unlikely(skb_to_sgvec(skb, sg, offset, len) < 0)) > + goto nomem; You're leaking sg when nsg > 4, you'll need to add this: if (sg != _sg) kfree(sg); BTW, when you resubmit, please Cc: the maintainers of the files you're changing for each patch, so that they can review this stuff. And send patch 1 to all of them, otherwise they might be surprised that we even need <0 checking after calls to skb_to_sgvec. You might also want to add a cover letter.
Hi Sabrina, Thanks for the review. On Fri, Apr 28, 2017 at 1:41 PM, Sabrina Dubroca <sd@queasysnail.net> wrote: > > sg_init_table(sg, nsg); > > - skb_to_sgvec(skb, sg, offset, len); > > + if (unlikely(skb_to_sgvec(skb, sg, offset, len) < 0)) > > + goto nomem; > > You're leaking sg when nsg > 4, you'll need to add this: > > if (sg != _sg) > kfree(sg); Nice catch. I'll fix this up in the next revision. > > > > BTW, when you resubmit, please Cc: the maintainers of the files you're > changing for each patch, so that they can review this stuff. And send > patch 1 to all of them, otherwise they might be surprised that we even > need <0 checking after calls to skb_to_sgvec. > > You might also want to add a cover letter. Both good ideas. Will do. Jason
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c index 4374e7b9c7bf..dcf46c9c3ece 100644 --- a/net/rxrpc/rxkad.c +++ b/net/rxrpc/rxkad.c @@ -229,7 +229,9 @@ static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call, len &= ~(call->conn->size_align - 1); sg_init_table(sg, nsg); - skb_to_sgvec(skb, sg, 0, len); + err = skb_to_sgvec(skb, sg, 0, len); + if (unlikely(err < 0)) + goto out; skcipher_request_set_crypt(req, sg, sg, len, iv.x); crypto_skcipher_encrypt(req); @@ -342,7 +344,8 @@ static int rxkad_verify_packet_1(struct rxrpc_call *call, struct sk_buff *skb, goto nomem; sg_init_table(sg, nsg); - skb_to_sgvec(skb, sg, offset, 8); + if (unlikely(skb_to_sgvec(skb, sg, offset, 8) < 0)) + goto nomem; /* start the decryption afresh */ memset(&iv, 0, sizeof(iv)); @@ -429,7 +432,8 @@ static int rxkad_verify_packet_2(struct rxrpc_call *call, struct sk_buff *skb, } sg_init_table(sg, nsg); - skb_to_sgvec(skb, sg, offset, len); + if (unlikely(skb_to_sgvec(skb, sg, offset, len) < 0)) + goto nomem; /* decrypt from the session key */ token = call->conn->params.key->payload.data[0];
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> --- net/rxrpc/rxkad.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-)