Commit 48f486e1 authored Nov 10, 2020 by Yu Kuai Committed by Steffen Klassert Nov 10, 2020

net: xfrm: fix memory leak in xfrm_user_policy()



if xfrm_get_translator() failed, xfrm_user_policy() return without
freeing 'data', which is allocated in memdup_sockptr().

Fixes: 96392ee5 ("xfrm/compat: Translate 32-bit user_policy from sockptr")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

parent bc0230b6

net/xfrm/xfrm_state.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -2382,8 +2382,10 @@ int xfrm_user_policy(struct sock *sk, int optname, sockptr_t optval, int optlen)
		if (in_compat_syscall()) {
		struct xfrm_translator *xtr = xfrm_get_translator();

		if (!xtr)
		if (!xtr) {
		kfree(data);
		return -EOPNOTSUPP;
		}

		err = xtr->xlate_user_policy_sockptr(&data, optlen);
		xfrm_put_translator(xtr);