Commit 22dd4850 authored by Denis V. Lunev's avatar Denis V. Lunev Committed by David S. Miller
Browse files

raw: Raw socket leak. 



The program below just leaks the raw kernel socket

int main() {
        int fd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
        struct sockaddr_in addr;

        memset(&addr, 0, sizeof(addr));
        inet_aton("127.0.0.1", &addr.sin_addr);
        addr.sin_family = AF_INET;
        addr.sin_port = htons(2048);
        sendto(fd,  "a", 1, MSG_MORE, &addr, sizeof(addr));
        return 0;
}

Corked packet is allocated via sock_wmalloc which holds the owner socket,
so one should uncork it and flush all pending data on close. Do this in the
same way as in UDP.

Signed-off-by: default avatarDenis V. Lunev <den@openvz.org>
Acked-by: default avatarAlexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 199f7d24

net/ipv4/raw.c

+9 −0
Original line number Diff line number Diff line
@@ -608,6 +608,14 @@ static void raw_close(struct sock *sk, long timeout) 
	sk_common_release(sk);

}



static int raw_destroy(struct sock *sk)

{

	lock_sock(sk);

	ip_flush_pending_frames(sk);

	release_sock(sk);

	return 0;

}



/* This gets rid of all the nasties in af_inet. -DaveM */

static int raw_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)

{
@@ -820,6 +828,7 @@ struct proto raw_prot = { 
	.name		   = "RAW",

	.owner		   = THIS_MODULE,

	.close		   = raw_close,

	.destroy	   = raw_destroy,

	.connect	   = ip4_datagram_connect,

	.disconnect	   = udp_disconnect,

	.ioctl		   = raw_ioctl,

net/ipv6/raw.c

+9 −0
Original line number Diff line number Diff line
@@ -1164,6 +1164,14 @@ static void rawv6_close(struct sock *sk, long timeout) 
	sk_common_release(sk);

}



static int raw6_destroy(struct sock *sk)

{

	lock_sock(sk);

	ip6_flush_pending_frames(sk);

	release_sock(sk);

	return 0;

}



static int rawv6_init_sk(struct sock *sk)

{

	struct raw6_sock *rp = raw6_sk(sk);
@@ -1187,6 +1195,7 @@ struct proto rawv6_prot = { 
	.name		   = "RAWv6",

	.owner		   = THIS_MODULE,

	.close		   = rawv6_close,

	.destroy	   = raw6_destroy,

	.connect	   = ip6_datagram_connect,

	.disconnect	   = udp_disconnect,

	.ioctl		   = rawv6_ioctl,

CRA Git | Maintained and supported by SUSTech CRA and CCSE