Re: [PATCH net-next 1/2] ipv6: remove unnecessary codes in tcp_ipv6.c
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
From: RongQing Li <roy.qing.li@xxxxxxxxx>
Date: Mon, 2 Jul 2012 13:23:09 +0800

> 2012/7/2 David Miller <davem@xxxxxxxxxxxxx>:
>> From: roy.qing.li@xxxxxxxxx
>> Date: Mon,  2 Jul 2012 11:18:59 +0800
>>
>>> -     if (opt) {
>>> -             newnp->opt = ipv6_dup_options(newsk, opt);
>>> -             if (opt != np->opt)
>>> -                     sock_kfree_s(sk, opt, opt->tot_len);
>>
>> This is bogus, if we copy the options into a new copy in
>> ipv6_dup_options() we have to free the old one or else we
>> leak it.
> 
> Do you mean I should free newnp->opt firstly ?
> 
> If I understand it right, I think we do not need to free it. the
> process is below:
> 
> newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
> ..
> newnp = inet6_sk(newsk);
> ..
> memcpy(newnp, np, sizeof(struct ipv6_pinfo));
> ..
> newnp->opt         = NULL;
> 
> So newnp->opt is not a effective memory.

ipv6_dup_options() allocates new memory for the options and this call
statement assigns that new pointer to np->opt.

If you do not free the old (before ipv6_dup_options()) np->opt memory
here, it is lost forever.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Linux Kernel Discussion]     [Ethernet Bridging]     [Linux Wireless Networking]     [Linux Bluetooth Networking]     [Linux Networking Users]     [VLAN]     [Git]     [IETF Annouce]     [Linux Assembly]     [Security]     [Bugtraq]     [Photo]     [Singles Social Networking]     [Yosemite Information]     [MIPS Linux]     [ARM Linux Kernel]     [ARM Linux]     [Linux Virtualization]     [Linux Security]     [Linux IDE]     [Linux RAID]     [Linux SCSI]     [Free Dating]

Add to Google Powered by Linux