Message ID | 20190211021828.6145-1-hoang.h.le@dektech.com.au |
---|---|
State | Accepted |
Delegated to: | David Miller |
Headers | show |
Series | [net] tipc: fix skb may be leaky in tipc_link_input | expand |
From: Hoang Le <hoang.h.le@dektech.com.au> Date: Mon, 11 Feb 2019 09:18:28 +0700 > When we free skb at tipc_data_input, we return a 'false' boolean. > Then, skb passed to subcalling tipc_link_input in tipc_link_rcv, > > <snip> > 1303 int tipc_link_rcv: > ... > 1354 if (!tipc_data_input(l, skb, l->inputq)) > 1355 rc |= tipc_link_input(l, skb, l->inputq); > </snip> > > Fix it by simple changing to a 'true' boolean when skb is being free-ed. > Then, tipc_link_rcv will bypassed to subcalling tipc_link_input as above > condition. > > Acked-by: Ying Xue <ying.xue@windriver.com> > Acked-by: Jon Maloy <maloy@donjonn.com> > Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au> Applied, thanks.
diff --git a/net/tipc/link.c b/net/tipc/link.c index ac306d17f8ad..d31f83a9a2c5 100644 --- a/net/tipc/link.c +++ b/net/tipc/link.c @@ -1145,7 +1145,7 @@ static bool tipc_data_input(struct tipc_link *l, struct sk_buff *skb, default: pr_warn("Dropping received illegal msg type\n"); kfree_skb(skb); - return false; + return true; }; }