• Neil Horman's avatar
    sctp: Free cookie before we memdup a new one · c4964bfa
    Neil Horman authored
    [ Upstream commit ce950f1050cece5e406a5cde723c69bba60e1b26 ]
    Based on comments from Xin, even after fixes for our recent syzbot
    report of cookie memory leaks, its possible to get a resend of an INIT
    chunk which would lead to us leaking cookie memory.
    To ensure that we don't leak cookie memory, free any previously
    allocated cookie first.
    Change notes
    update subsystem tag in subject (davem)
    repeat kfree check for peer_random and peer_hmacs (xin)
    also free peer_chunks
    fix subject tags
    remove cut line
    Signed-off-by: default avatarNeil Horman <nhorman@tuxdriver.com>
    Reported-by: syzbot+f7e9153b037eac9b1df8@syzkaller.appspotmail.com
    CC: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
    CC: Xin Long <lucien.xin@gmail.com>
    CC: "David S. Miller" <davem@davemloft.net>
    CC: netdev@vger.kernel.org
    Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>