Re: [PATCH 1/2] ip_gre: fix potential memory leak in erspan_rcv
From: 严海双
Date: Thu Dec 14 2017 - 20:17:15 EST
> On 2017年12月15日, at 上午2:47, William Tu <u9012063@xxxxxxxxx> wrote:
>
> On Thu, Dec 14, 2017 at 7:15 AM, Haishuang Yan
> <yanhaishuang@xxxxxxxxxxxxxxxxxxxx> wrote:
>> If md is NULL, tun_dst must be freed, otherwise it will cause memory
>> leak.
>>
>> Fixes: 84e54fe0a5ea ("gre: introduce native tunnel support for ERSPAN")
>> Cc: William Tu <u9012063@xxxxxxxxx>
>> Signed-off-by: Haishuang Yan <yanhaishuang@xxxxxxxxxxxxxxxxxxxx>
>> ---
>> net/ipv4/ip_gre.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
>> index d828821..9253d6f 100644
>> --- a/net/ipv4/ip_gre.c
>> +++ b/net/ipv4/ip_gre.c
>> @@ -304,8 +304,10 @@ static int erspan_rcv(struct sk_buff *skb, struct tnl_ptk_info *tpi,
>> return PACKET_REJECT;
>>
>> md = ip_tunnel_info_opts(&tun_dst->u.tun_info);
>> - if (!md)
>> + if (!md) {
>> + dst_release((struct dst_entry *)tun_dst);
>> return PACKET_REJECT;
>> + }
> I'm not sure about this. Maybe we don't even need to check "if (!md)"
> since ip_tun_rx_dst does the memory allocation.
> William
>
Hi, William
I think we need to check “if (!md)”, if md is okay, ip_tunnel_rcv will be responsible to free
tun_dst:
448 drop:
449 if (tun_dst)
450 dst_release((struct dst_entry *)tun_dst);
Thanks.