[PATCH net v2 02/10] rxrpc: Fix key parsing memleak

Next message: Hanne-Lotta M&#xE4;enp&#xE4;&#xE4;: "Re: [PATCH v2] iio: hid-sensors: Use software trigger"
Previous message: Leo Yan: "[PATCH v6 19/24] tools: spi: Append extra cflags"
In reply to: David Howells: "[PATCH net v2 08/10] rxrpc: Fix rack timer warning to report unexpected mode"
Next in thread: David Howells: "[PATCH net v2 05/10] rxrpc: Fix call removal to use RCU safe deletion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Howells

Date: Mon Mar 23 2026 - 11:42:07 EST

In rxrpc_preparse_xdr_yfs_rxgk(), the memory attached to token->rxgk can be
leaked in a few error paths after it's allocated.

Fix this by freeing it in the "reject_token:" case.

Fixes: 0ca100ff4df6 ("rxrpc: Add YFS RxGK (GSSAPI) security class")
Closes: https://sashiko.dev/#/patchset/20260319150150.4189381-1-dhowells%40redhat.com
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
cc: Marc Dionne <marc.dionne@xxxxxxxxxxxx>
cc: Jeffrey Altman <jaltman@xxxxxxxxxxxx>
cc: Eric Dumazet <edumazet@xxxxxxxxxx>
cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
cc: Jakub Kicinski <kuba@xxxxxxxxxx>
cc: Paolo Abeni <pabeni@xxxxxxxxxx>
cc: Simon Horman <horms@xxxxxxxxxx>
cc: linux-afs@xxxxxxxxxxxxxxxxxxx
cc: netdev@xxxxxxxxxxxxxxx
cc: stable@xxxxxxxxxx
---
net/rxrpc/key.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/net/rxrpc/key.c b/net/rxrpc/key.c
index af403f0ccab5..26d4336a4a02 100644
--- a/net/rxrpc/key.c
+++ b/net/rxrpc/key.c
@@ -274,6 +274,7 @@ static int rxrpc_preparse_xdr_yfs_rxgk(struct key_preparsed_payload *prep,
nomem:
return -ENOMEM;
reject_token:
+ kfree(token->rxgk);
kfree(token);
reject:
return -EKEYREJECTED;