1
linux/net
Andrew Morton d64d387372 [NET]: Fix memory leak in sys_{send,recv}msg() w/compat
From: Dave Johnson <djohnson+linux-kernel@sw.starentnetworks.com>

sendmsg()/recvmsg() syscalls from o32/n32 apps to a 64bit kernel will
cause a kernel memory leak if iov_len > UIO_FASTIOV for each syscall!

This is because both sys_sendmsg() and verify_compat_iovec() kmalloc a
new iovec structure.  Only the one from sys_sendmsg() is free'ed.

I wrote a simple test program to confirm this after identifying the
problem:

http://davej.org/programs/testsendmsg.c

Note that the below fix will break solaris_sendmsg()/solaris_recvmsg() as
it also calls verify_compat_iovec() but expects it to malloc internally.

[ I fixed that. -DaveM ]

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-09 15:29:19 -07:00
..
802 [NET]: __be'ify *_type_trans() 2005-07-12 12:08:43 -07:00
8021q [VLAN]: Fix early vlan adding leads to not functional device 2005-07-12 12:13:49 -07:00
appletalk [ATALK] aarp: replace schedule_timeout() with msleep() 2005-06-22 22:11:44 -07:00
atm [ATM]: Trivial spelling fix patch for net/Kconfig 2005-07-19 13:56:53 -07:00
ax25 [AX25] Introduce ax25_type_trans 2005-04-24 18:53:06 -07:00
bluetooth [Bluetooth] Add direction and timestamp to stack internal events 2005-08-06 12:36:54 +02:00
bridge [NET]: BRIDGE_EBT_ARPREPLY must depend on INET 2005-07-19 14:00:13 -07:00
core [NET] Fix too aggressive backoff in dst garbage collection 2005-07-30 17:47:25 -07:00
decnet [NET]: move config options out to individual protocols 2005-07-11 21:13:56 -07:00
econet [NET]: move config options out to individual protocols 2005-07-11 21:13:56 -07:00
ethernet [NET]: __be'ify *_type_trans() 2005-07-12 12:08:43 -07:00
ipv4 Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2005-08-08 16:06:01 -07:00
ipv6 [IPSEC]: Restrict socket policy loading to CAP_NET_ADMIN. 2005-08-06 06:33:15 -07:00
ipx [NET]: move config options out to individual protocols 2005-07-11 21:13:56 -07:00
irda [NET]: Transform skb_queue_len() binary tests into skb_queue_empty() 2005-07-08 14:57:23 -07:00
key [IPSEC]: Add XFRM_STATE_NOPMTUDISC flag 2005-06-20 13:21:43 -07:00
lapb [NET]: move config options out to individual protocols 2005-07-11 21:13:56 -07:00
llc [NET]: Transform skb_queue_len() binary tests into skb_queue_empty() 2005-07-08 14:57:23 -07:00
netlink [NETLINK]: Fix "nocast type" warnings 2005-07-18 13:35:43 -07:00
netrom Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
packet [NETFILTER]: Revert nf_reset change 2005-07-12 11:57:52 -07:00
rose Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
rxrpc [PATCH] Cleanup patch for process freezing 2005-06-25 17:10:13 -07:00
sched [EMATCH]: Remove feature ifdefs in meta ematch. 2005-07-24 19:44:23 -07:00
sctp [SCTP]: Fix potential null pointer dereference while handling an icmp error 2005-07-18 13:44:10 -07:00
sunrpc [SUNRPC]: Fix nsec --> usec conversion. 2005-08-09 14:57:12 -07:00
unix [NET]: move config options out to individual protocols 2005-07-11 21:13:56 -07:00
wanrouter [NET]: __be'ify *_type_trans() 2005-07-12 12:08:43 -07:00
x25 [NET]: move config options out to individual protocols 2005-07-11 21:13:56 -07:00
xfrm [XFRM]: Fix possible overflow of sock->sk_policy 2005-07-26 15:43:17 -07:00
compat.c [NET]: Fix memory leak in sys_{send,recv}msg() w/compat 2005-08-09 15:29:19 -07:00
Kconfig [NET]: Kconfig: NETCONSOLE and NETPOLL together 2005-07-18 13:45:12 -07:00
Makefile Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
nonet.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
socket.c [NET]: dont use strlen() but the result from a prior sprintf() 2005-06-22 14:32:51 -07:00
sysctl_net.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
TUNABLE Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00