From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) by dpdk.org (Postfix) with ESMTP id EA59D2C47 for ; Mon, 21 Mar 2016 15:06:27 +0100 (CET) Received: from 1.general.mandel.uk.vpn ([10.172.196.172] helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1ai0TT-0002zo-I4; Mon, 21 Mar 2016 14:06:27 +0000 From: Christian Ehrhardt To: christian.ehrhardt@canonical.com, bruce.richardson@intel.com, dev@dpdk.org, olivier.matz@6wind.com Date: Mon, 21 Mar 2016 15:06:14 +0100 Message-Id: <1458569175-8742-5-git-send-email-christian.ehrhardt@canonical.com> X-Mailer: git-send-email 2.7.3 In-Reply-To: <1458569175-8742-1-git-send-email-christian.ehrhardt@canonical.com> References: <1458131629-21925-1-git-send-email-christian.ehrhardt@canonical.com> <1458569175-8742-1-git-send-email-christian.ehrhardt@canonical.com> Subject: [dpdk-dev] [PATCH v4 4/5] lpm: fix use after free of lpm in rte_lpm_create* X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Mar 2016 14:06:28 -0000 There were further chances for a use after free by returning an already freed pointer in rte_lpm_create for v20 and v1604. Along that is also makes the RTE_LOG messages of the failed allocations unique. Acked-by: Olivier Matz Signed-off-by: Christian Ehrhardt --- lib/librte_lpm/rte_lpm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/librte_lpm/rte_lpm.c b/lib/librte_lpm/rte_lpm.c index d5fa1f8..59ce5a7 100644 --- a/lib/librte_lpm/rte_lpm.c +++ b/lib/librte_lpm/rte_lpm.c @@ -303,8 +303,9 @@ rte_lpm_create_v1604(const char *name, int socket_id, (size_t)rules_size, RTE_CACHE_LINE_SIZE, socket_id); if (lpm->rules_tbl == NULL) { - RTE_LOG(ERR, LPM, "LPM memory allocation failed\n"); + RTE_LOG(ERR, LPM, "LPM rules_tbl memory allocation failed\n"); rte_free(lpm); + lpm = NULL; rte_free(te); goto exit; } @@ -313,8 +314,9 @@ rte_lpm_create_v1604(const char *name, int socket_id, (size_t)tbl8s_size, RTE_CACHE_LINE_SIZE, socket_id); if (lpm->tbl8 == NULL) { - RTE_LOG(ERR, LPM, "LPM memory allocation failed\n"); + RTE_LOG(ERR, LPM, "LPM tbl8 memory allocation failed\n"); rte_free(lpm); + lpm = NULL; rte_free(te); goto exit; } -- 2.7.3