Re: Problems in kernel packet filtering code?

Andi Kleen (ak@muc.de)
11 Feb 1999 07:34:07 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andries.Brouwer@cwi.nl: "Re: mount corrupts ramdisk"
Previous message: Zygo Blaxell: "Re: Kernel interface changes (was Re: cdrecord problems on"

In article <199902102239.RAA00868@mcintosh.research.bellcore.com>,
mcintosh@research.bellcore.com (Allen Mcintosh) writes:
> It looks to me like there are a few bugs lurking in the kernel packet
> filtering code (net/core/filter.c and net/core/sock.c):

[...]

There are other bugs and races too.

They all should fixed in the patch at ftp.inr.ac.ru:/ip-routing/kernel-ss990203-2.2.1.dif.gz

If you find any bugs in this fixed version please report.

> 1) It allocates kernel memory thus:
> kmalloc(sizeof(struct sock_filter)*len, GFP_KERNEL)
> and frees it thus:
> kfree_s(old_filter, sizeof(struct sock_filter*) * sk->filter);

> Is this a memory leak? (sizeof(struct sock_filter) == 8)

Definitely. In pre-slab based versions of Linux kfree_s() was just a
macro for kfree, so there were still lots of bogus kfree_s()s. Unfortunately
Linux still doesn't have real regression testing so not all were catched :/

Anyways, it should be fixed in the patch mentioned above.

> 3) The bare htons() and htonl() calls in sk_run_filter() are likely problematic
> on big-endians.

I don't see any hton[sl] in sk_run_filter.

-Andi

-- This is like TV. I don't like TV.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Andries.Brouwer@cwi.nl: "Re: mount corrupts ramdisk"
Previous message: Zygo Blaxell: "Re: Kernel interface changes (was Re: cdrecord problems on"