]> pilppa.com Git - linux-2.6-omap-h63xx.git/commit
[NET]: Fix memory leak in sys_{send,recv}msg() w/compat
authorAndrew Morton <akpm@osdl.org>
Tue, 9 Aug 2005 22:29:19 +0000 (15:29 -0700)
committerDavid S. Miller <davem@davemloft.net>
Tue, 9 Aug 2005 22:29:19 +0000 (15:29 -0700)
commitd64d3873721cfe870d49d73c3744f06260779ce7
treeb49a930e65ed4f30b4f8f2aac4ddb08c41bc4b79
parent3501466941347f0e1992b2672affb3feb92925fd
[NET]: Fix memory leak in sys_{send,recv}msg() w/compat

From: Dave Johnson <djohnson+linux-kernel@sw.starentnetworks.com>

sendmsg()/recvmsg() syscalls from o32/n32 apps to a 64bit kernel will
cause a kernel memory leak if iov_len > UIO_FASTIOV for each syscall!

This is because both sys_sendmsg() and verify_compat_iovec() kmalloc a
new iovec structure.  Only the one from sys_sendmsg() is free'ed.

I wrote a simple test program to confirm this after identifying the
problem:

http://davej.org/programs/testsendmsg.c

Note that the below fix will break solaris_sendmsg()/solaris_recvmsg() as
it also calls verify_compat_iovec() but expects it to malloc internally.

[ I fixed that. -DaveM ]

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
arch/sparc64/solaris/socket.c
net/compat.c