releases/4.9.72/netfilter-nfnetlink_queue-fix-secctx-memory-leak.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From foo@baz Thu Dec 21 09:02:40 CET 2017
 From: Liping Zhang <zlpnobody@gmail.com>
 Date: Tue, 28 Mar 2017 22:59:25 +0800
 Subject: netfilter: nfnetlink_queue: fix secctx memory leak

 From: Liping Zhang <zlpnobody@gmail.com>


 [ Upstream commit 77c1c03c5b8ef28e55bb0aff29b1e006037ca645 ]

 We must call security_release_secctx to free the memory returned by
 security_secid_to_secctx, otherwise memory may be leaked forever.

 Fixes: ef493bd930ae ("netfilter: nfnetlink_queue: add security context information")
 Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  net/netfilter/nfnetlink_queue.c |    9 +++++++--
  1 file changed, 7 insertions(+), 2 deletions(-)

 --- a/net/netfilter/nfnetlink_queue.c
 +++ b/net/netfilter/nfnetlink_queue.c
 @@ -443,7 +443,7 @@ nfqnl_build_packet_message(struct net *n
  	skb = alloc_skb(size, GFP_ATOMIC);
  	if (!skb) {
  		skb_tx_error(entskb);
 -		return NULL;
 +		goto nlmsg_failure;
  	}

  	nlh = nlmsg_put(skb, 0, 0,
 @@ -452,7 +452,7 @@ nfqnl_build_packet_message(struct net *n
  	if (!nlh) {
  		skb_tx_error(entskb);
  		kfree_skb(skb);
 -		return NULL;
 +		goto nlmsg_failure;
  	}
  	nfmsg = nlmsg_data(nlh);
  	nfmsg->nfgen_family = entry->state.pf;
 @@ -598,12 +598,17 @@ nfqnl_build_packet_message(struct net *n
  	}

  	nlh->nlmsg_len = skb->len;
 +	if (seclen)
 +		security_release_secctx(secdata, seclen);
  	return skb;

  nla_put_failure:
  	skb_tx_error(entskb);
  	kfree_skb(skb);
  	net_err_ratelimited("nf_queue: error creating packet message\n");
 +nlmsg_failure:
 +	if (seclen)
 +		security_release_secctx(secdata, seclen);
  	return NULL;
  }
	From foo@baz Thu Dec 21 09:02:40 CET 2017
	From: Liping Zhang <zlpnobody@gmail.com>
	Date: Tue, 28 Mar 2017 22:59:25 +0800
	Subject: netfilter: nfnetlink_queue: fix secctx memory leak

	From: Liping Zhang <zlpnobody@gmail.com>


	[ Upstream commit 77c1c03c5b8ef28e55bb0aff29b1e006037ca645 ]

	We must call security_release_secctx to free the memory returned by
	security_secid_to_secctx, otherwise memory may be leaked forever.

	Fixes: ef493bd930ae ("netfilter: nfnetlink_queue: add security context information")
	Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
	Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
	Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	net/netfilter/nfnetlink_queue.c \| 9 +++++++--
	1 file changed, 7 insertions(+), 2 deletions(-)

	--- a/net/netfilter/nfnetlink_queue.c
	+++ b/net/netfilter/nfnetlink_queue.c
	@@ -443,7 +443,7 @@ nfqnl_build_packet_message(struct net *n
	skb = alloc_skb(size, GFP_ATOMIC);
	if (!skb) {
	skb_tx_error(entskb);
	- return NULL;
	+ goto nlmsg_failure;
	}

	nlh = nlmsg_put(skb, 0, 0,
	@@ -452,7 +452,7 @@ nfqnl_build_packet_message(struct net *n
	if (!nlh) {
	skb_tx_error(entskb);
	kfree_skb(skb);
	- return NULL;
	+ goto nlmsg_failure;
	}
	nfmsg = nlmsg_data(nlh);
	nfmsg->nfgen_family = entry->state.pf;
	@@ -598,12 +598,17 @@ nfqnl_build_packet_message(struct net *n
	}

	nlh->nlmsg_len = skb->len;
	+ if (seclen)
	+ security_release_secctx(secdata, seclen);
	return skb;

	nla_put_failure:
	skb_tx_error(entskb);
	kfree_skb(skb);
	net_err_ratelimited("nf_queue: error creating packet message\n");
	+nlmsg_failure:
	+ if (seclen)
	+ security_release_secctx(secdata, seclen);
	return NULL;
	}