diff options
author | Andrew Morton <akpm@osdl.org> | 2005-08-10 00:29:19 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-08-10 00:29:19 +0200 |
commit | d64d3873721cfe870d49d73c3744f06260779ce7 (patch) | |
tree | b49a930e65ed4f30b4f8f2aac4ddb08c41bc4b79 /fs/pipe.c | |
parent | [SUNRPC]: Fix nsec --> usec conversion. (diff) | |
download | linux-d64d3873721cfe870d49d73c3744f06260779ce7.tar.xz linux-d64d3873721cfe870d49d73c3744f06260779ce7.zip |
[NET]: Fix memory leak in sys_{send,recv}msg() w/compat
From: Dave Johnson <djohnson+linux-kernel@sw.starentnetworks.com>
sendmsg()/recvmsg() syscalls from o32/n32 apps to a 64bit kernel will
cause a kernel memory leak if iov_len > UIO_FASTIOV for each syscall!
This is because both sys_sendmsg() and verify_compat_iovec() kmalloc a
new iovec structure. Only the one from sys_sendmsg() is free'ed.
I wrote a simple test program to confirm this after identifying the
problem:
http://davej.org/programs/testsendmsg.c
Note that the below fix will break solaris_sendmsg()/solaris_recvmsg() as
it also calls verify_compat_iovec() but expects it to malloc internally.
[ I fixed that. -DaveM ]
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'fs/pipe.c')
0 files changed, 0 insertions, 0 deletions