| From: Xin Long <lucien.xin@gmail.com> |
| Date: Tue, 25 Jun 2019 00:21:45 +0800 |
| Subject: sctp: change to hold sk after auth shkey is created successfully |
| |
| commit 25bff6d5478b2a02368097015b7d8eb727c87e16 upstream. |
| |
| Now in sctp_endpoint_init(), it holds the sk then creates auth |
| shkey. But when the creation fails, it doesn't release the sk, |
| which causes a sk defcnf leak, |
| |
| Here to fix it by only holding the sk when auth shkey is created |
| successfully. |
| |
| Fixes: a29a5bd4f5c3 ("[SCTP]: Implement SCTP-AUTH initializations.") |
| Reported-by: syzbot+afabda3890cc2f765041@syzkaller.appspotmail.com |
| Reported-by: syzbot+276ca1c77a19977c0130@syzkaller.appspotmail.com |
| Signed-off-by: Xin Long <lucien.xin@gmail.com> |
| Acked-by: Neil Horman <nhorman@redhat.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| [bwh: Backported to 3.16: adjust context] |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| net/sctp/endpointola.c | 8 ++++---- |
| 1 file changed, 4 insertions(+), 4 deletions(-) |
| |
| --- a/net/sctp/endpointola.c |
| +++ b/net/sctp/endpointola.c |
| @@ -126,10 +126,6 @@ static struct sctp_endpoint *sctp_endpoi |
| /* Initialize the bind addr area */ |
| sctp_bind_addr_init(&ep->base.bind_addr, 0); |
| |
| - /* Remember who we are attached to. */ |
| - ep->base.sk = sk; |
| - sock_hold(ep->base.sk); |
| - |
| /* Create the lists of associations. */ |
| INIT_LIST_HEAD(&ep->asocs); |
| |
| @@ -165,6 +161,10 @@ static struct sctp_endpoint *sctp_endpoi |
| ep->auth_hmacs_list = auth_hmacs; |
| ep->auth_chunk_list = auth_chunks; |
| |
| + /* Remember who we are attached to. */ |
| + ep->base.sk = sk; |
| + sock_hold(ep->base.sk); |
| + |
| return ep; |
| |
| nomem_hmacs: |