git: b7e312c5abad - stable/14 - in_pcb: don't leak credential refcounts on error
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 05 May 2024 06:40:16 UTC
The branch stable/14 has been updated by rscheff:
URL: https://cgit.FreeBSD.org/src/commit/?id=b7e312c5abad2fbae469f434cc0c36257c6bb3b8
commit b7e312c5abad2fbae469f434cc0c36257c6bb3b8
Author: Richard Scheffenegger <rscheff@FreeBSD.org>
AuthorDate: 2024-05-01 06:40:40 +0000
Commit: Richard Scheffenegger <rscheff@FreeBSD.org>
CommitDate: 2024-05-02 23:02:55 +0000
in_pcb: don't leak credential refcounts on error
In the error path during allocating an in_pcb, the credentials
associated with the new struct get their reference count
increased early on, but not decremented when the allocation
fails.
Reported by: cmiller_netapp.com
MFC after: 3 days
Reviewed by: jhb, tuexen
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D45033
(cherry picked from commit 30cf0fbf26243f23631739f406959ce5aaba9f5c)
---
sys/netinet/in_pcb.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 95e162e60f53..0fffd285fb17 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -657,6 +657,10 @@ in_pcballoc(struct socket *so, struct inpcbinfo *pcbinfo)
#if defined(IPSEC) || defined(IPSEC_SUPPORT) || defined(MAC)
out:
+ crfree(inp->inp_cred);
+#ifdef INVARIANTS
+ inp->inp_cred = NULL;
+#endif
uma_zfree_smr(pcbinfo->ipi_zone, inp);
return (error);
#endif