[PATCH] [SECURITY, 2.4] Avoid 'names_cache' memory leak with CONFIG_AUDITSYSCALL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is CAN-2005-3181, and a backport of
829841146878e082613a49581ae252c071057c23 from Linus's 2.6 tree to 2.4.

Original Description and Sign-Off:

Avoid 'names_cache' memory leak with CONFIG_AUDITSYSCALL

The nameidata "last.name" is always allocated with "__getname()", and
should always be free'd with "__putname()".

Using "putname()" without the underscores will leak memory, because the
allocation will have been hidden from the AUDITSYSCALL code.

Arguably the real bug is that the AUDITSYSCALL code is really broken,
but in the meantime this fixes the problem people see.

Reported by Robert Derr, patch by Rick Lindsley.

Acked-by: Al Viro <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>

My sign off, indicating I think it applies to 2.4:

Signed-off-by: Horms <[email protected]>

--- from-0001/fs/namei.c
+++ to-work/fs/namei.c	2005-10-11 18:23:56.000000000 +0900
@@ -1198,18 +1198,18 @@ do_link:
 	if (nd->last_type != LAST_NORM)
 		goto exit;
 	if (nd->last.name[nd->last.len]) {
-		putname(nd->last.name);
+		__putname(nd->last.name);
 		goto exit;
 	}
 	error = -ELOOP;
 	if (count++==32) {
-		putname(nd->last.name);
+		__putname(nd->last.name);
 		goto exit;
 	}
 	dir = nd->dentry;
 	down(&dir->d_inode->i_sem);
 	dentry = lookup_hash(&nd->last, nd->dentry);
-	putname(nd->last.name);
+	__putname(nd->last.name);
 	goto do_last;
 }
 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux