Patch "rxrpc: Fix leak of rxgk context in rxgk_verify_response()" has been added to the 6.18-stable tree
gregkh at linuxfoundation.org
gregkh at linuxfoundation.org
Mon Apr 13 05:39:05 PDT 2026
This is a note to let you know that I've just added the patch titled
rxrpc: Fix leak of rxgk context in rxgk_verify_response()
to the 6.18-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
rxrpc-fix-leak-of-rxgk-context-in-rxgk_verify_response.patch
and it can be found in the queue-6.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable at vger.kernel.org> know about it.
>From 7e1876caa8363056f58a21d3b31b82c2daf7e608 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells at redhat.com>
Date: Wed, 8 Apr 2026 13:12:46 +0100
Subject: rxrpc: Fix leak of rxgk context in rxgk_verify_response()
From: David Howells <dhowells at redhat.com>
commit 7e1876caa8363056f58a21d3b31b82c2daf7e608 upstream.
Fix rxgk_verify_response() to clean up the rxgk context it creates.
Fixes: 9d1d2b59341f ("rxrpc: rxgk: Implement the yfs-rxgk security class (GSSAPI)")
Closes: https://sashiko.dev/#/patchset/20260401105614.1696001-10-dhowells@redhat.com
Signed-off-by: David Howells <dhowells at redhat.com>
cc: Marc Dionne <marc.dionne at auristor.com>
cc: Jeffrey Altman <jaltman at auristor.com>
cc: Simon Horman <horms at kernel.org>
cc: linux-afs at lists.infradead.org
cc: stable at kernel.org
Link: https://patch.msgid.link/20260408121252.2249051-19-dhowells@redhat.com
Signed-off-by: Jakub Kicinski <kuba at kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
---
net/rxrpc/rxgk.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/net/rxrpc/rxgk.c
+++ b/net/rxrpc/rxgk.c
@@ -1270,16 +1270,18 @@ static int rxgk_verify_response(struct r
if (ret < 0) {
rxrpc_abort_conn(conn, skb, RXGK_SEALEDINCON, ret,
rxgk_abort_resp_auth_dec);
- goto out;
+ goto out_gk;
}
ret = rxgk_verify_authenticator(conn, krb5, skb, auth_offset, auth_len);
if (ret < 0)
- goto out;
+ goto out_gk;
conn->key = key;
key = NULL;
ret = 0;
+out_gk:
+ rxgk_put(gk);
out:
key_put(key);
_leave(" = %d", ret);
Patches currently in stable-queue which might be from dhowells at redhat.com are
queue-6.18/rxrpc-fix-rxgk-token-loading-to-check-bounds.patch
queue-6.18/rxrpc-only-put-the-call-ref-if-one-was-acquired.patch
queue-6.18/rxrpc-proc-size-address-buffers-for-pispc-output.patch
queue-6.18/rxrpc-fix-buffer-overread-in-rxgk_do_verify_authenticator.patch
queue-6.18/rxrpc-reject-undecryptable-rxkad-response-tickets.patch
queue-6.18/rxrpc-fix-missing-error-checks-for-rxkad-encryption-decryption-failure.patch
queue-6.18/rxrpc-fix-use-of-wrong-skb-when-comparing-queued-resp-challenge-serial.patch
queue-6.18/rxrpc-fix-integer-overflow-in-rxgk_verify_response.patch
queue-6.18/rxrpc-fix-reference-count-leak-in-rxrpc_server_keyring.patch
queue-6.18/rxrpc-fix-key-reference-count-leak-from-call-key.patch
queue-6.18/rxrpc-fix-leak-of-rxgk-context-in-rxgk_verify_response.patch
queue-6.18/rxrpc-fix-anonymous-key-handling.patch
queue-6.18/rxrpc-fix-to-request-an-ack-if-window-is-limited.patch
queue-6.18/rxrpc-fix-call-removal-to-use-rcu-safe-deletion.patch
queue-6.18/rxrpc-fix-key-quota-calculation-for-multitoken-keys.patch
queue-6.18/mm-filemap-fix-nr_pages-calculation-overflow-in-filemap_map_pages.patch
queue-6.18/rxrpc-fix-key-parsing-memleak.patch
queue-6.18/rxrpc-fix-rack-timer-warning-to-report-unexpected-mode.patch
queue-6.18/rxrpc-fix-response-authenticator-parser-oob-read.patch
queue-6.18/rxrpc-fix-key-keyring-checks-in-setsockopt-rxrpc_security_key-keyring.patch
queue-6.18/rxrpc-fix-oversized-response-authenticator-length-check.patch
queue-6.18/rxrpc-only-handle-response-during-service-challenge.patch
More information about the linux-afs
mailing list