aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
authorDan Carpenter <dan.carpenter@linaro.org>2025-04-23 11:25:45 +0300
committerJakub Kicinski <kuba@kernel.org>2025-04-24 18:06:05 -0700
commit3a4236c379543878e957004d3415152d28955481 (patch)
treed7952eef3ae297bba197952d49f45c9d29815424 /net
parentffb0c5c4cf666380b8786e87c954967cbad22ad8 (diff)
downloadath-3a4236c379543878e957004d3415152d28955481.tar.gz
rxrpc: rxgk: Fix some reference count leaks
These paths should call rxgk_put(gk) but they don't. In the rxgk_construct_response() function the "goto error;" will free the "response" skb as well calling rxgk_put() so that's a bonus. Fixes: 9d1d2b59341f ("rxrpc: rxgk: Implement the yfs-rxgk security class (GSSAPI)") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Acked-by: David Howells <dhowells@redhat.com> Link: https://patch.msgid.link/aAikCbsnnzYtVmIA@stanley.mountain Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net')
-rw-r--r--net/rxrpc/rxgk.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/net/rxrpc/rxgk.c b/net/rxrpc/rxgk.c
index ba8bc201b8d38..1e19c605bcc82 100644
--- a/net/rxrpc/rxgk.c
+++ b/net/rxrpc/rxgk.c
@@ -440,8 +440,10 @@ static int rxgk_secure_packet(struct rxrpc_call *call, struct rxrpc_txbuf *txb)
return PTR_ERR(gk) == -ESTALE ? -EKEYREJECTED : PTR_ERR(gk);
ret = key_validate(call->conn->key);
- if (ret < 0)
+ if (ret < 0) {
+ rxgk_put(gk);
return ret;
+ }
call->security_enctype = gk->krb5->etype;
txb->cksum = htons(gk->key_number);
@@ -483,7 +485,7 @@ static int rxgk_verify_packet_integrity(struct rxrpc_call *call,
hdr = kzalloc(sizeof(*hdr), GFP_NOFS);
if (!hdr)
- return -ENOMEM;
+ goto put_gk;
hdr->epoch = htonl(call->conn->proto.epoch);
hdr->cid = htonl(call->cid);
@@ -505,6 +507,7 @@ static int rxgk_verify_packet_integrity(struct rxrpc_call *call,
sp->len = len;
}
+put_gk:
rxgk_put(gk);
_leave(" = %d", ret);
return ret;
@@ -594,6 +597,7 @@ static int rxgk_verify_packet(struct rxrpc_call *call, struct sk_buff *skb)
call->security_enctype = gk->krb5->etype;
switch (call->conn->security_level) {
case RXRPC_SECURITY_PLAIN:
+ rxgk_put(gk);
return 0;
case RXRPC_SECURITY_AUTH:
return rxgk_verify_packet_integrity(call, gk, skb);
@@ -969,7 +973,7 @@ static int rxgk_construct_response(struct rxrpc_connection *conn,
ret = rxgk_pad_out(response, authx_len, authx_offset + authx_len);
if (ret < 0)
- return ret;
+ goto error;
len = authx_offset + authx_len + ret;
if (len != response->len) {