Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-01 18:55:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

af_unix: fix struct pid memory leak

Browse Source 
commit fa0dc04df2 upstream.

Dmitry reported a struct pid leak detected by a syzkaller program.

Bug happens in unix_stream_recvmsg() when we break the loop when a
signal is pending, without properly releasing scm.

Fixes: b3ca9b02b0 ("net: fix multithreaded signal handling in unix recv routines")
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Ben Hutchings <ben@decadent.org.uk>
[wt: note, according to Rainer & Ben the bug was really introduced in
 2.5.65, not by the commit mentionned in Fixes. 2.6.32 uses siocb->scm
 instead of scm]
Signed-off-by: Willy Tarreau <w@1wt.eu>
This commit is contained in:
Eric Dumazet 2016-01-24 13:53:50 -08:00 committed by Willy Tarreau
parent 42646fbfde
commit 2a890807f4
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
net/unix/af_unix.c
View File

@ -2018,6 +2018,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
if (signal_pending(current)) {
err = sock_intr_errno(timeo);
scm_destroy(siocb->scm);
goto out;
}
mutex_lock(&u->readlock);