diff options
author | Richard Scheffenegger <rscheff@FreeBSD.org> | 2024-05-01 06:40:40 +0000 |
---|---|---|
committer | Richard Scheffenegger <rscheff@FreeBSD.org> | 2024-05-01 06:41:26 +0000 |
commit | 30cf0fbf26243f23631739f406959ce5aaba9f5c (patch) | |
tree | fada877fc9840c9bd55e66d7e14b696a5e9a3d6e | |
parent | b07689d1f2a268317bead0d785407b2f7dd7de78 (diff) | |
download | src-30cf0fbf26243f23631739f406959ce5aaba9f5c.tar.gz src-30cf0fbf26243f23631739f406959ce5aaba9f5c.zip |
in_pcb: don't leak credential refcounts on error
In the error path during allocating an in_pcb, the credentials
associated with the new struct get their reference count
increased early on, but not decremented when the allocation
fails.
Reported by: cmiller_netapp.com
MFC after: 3 days
Reviewed by: jhb, tuexen
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D45033
-rw-r--r-- | sys/netinet/in_pcb.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index d9caad6417ef..1a341d421f31 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -655,6 +655,10 @@ in_pcballoc(struct socket *so, struct inpcbinfo *pcbinfo) #if defined(IPSEC) || defined(IPSEC_SUPPORT) || defined(MAC) out: + crfree(inp->inp_cred); +#ifdef INVARIANTS + inp->inp_cred = NULL; +#endif uma_zfree_smr(pcbinfo->ipi_zone, inp); return (error); #endif |