[net] ipv6: fix possible mem leaks in ipv6_make_skb()

Message ID 1515584749.131759.21.camel@gmail.com
State Accepted
Delegated to: David Miller
Headers show
Series
  • [net] ipv6: fix possible mem leaks in ipv6_make_skb()
Related show

Commit Message

Eric Dumazet Jan. 10, 2018, 11:45 a.m.
From: Eric Dumazet <edumazet@google.com>

ip6_setup_cork() might return an error, while memory allocations have
been done and must be rolled back.

Fixes: 6422398c2ab0 ("ipv6: introduce ipv6_make_skb")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Vlad Yasevich <vyasevich@gmail.com>
Reported-by: Mike Maloney <maloney@google.com>
---
 net/ipv6/ip6_output.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Comments

Mike Maloney Jan. 10, 2018, 2 p.m. | #1
Acked-by:  Mike Maloney <maloney@google.com>

Thanks Eric!

On Wed, Jan 10, 2018 at 6:45 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> From: Eric Dumazet <edumazet@google.com>
>
> ip6_setup_cork() might return an error, while memory allocations have
> been done and must be rolled back.
>
> Fixes: 6422398c2ab0 ("ipv6: introduce ipv6_make_skb")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Cc: Vlad Yasevich <vyasevich@gmail.com>
> Reported-by: Mike Maloney <maloney@google.com>
> ---
>  net/ipv6/ip6_output.c |    5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
> index f7dd51c4231415fd1321fd431194d896ea2d1689..688ba5f7516b37c87b879036dce781bdcfa01739 100644
> --- a/net/ipv6/ip6_output.c
> +++ b/net/ipv6/ip6_output.c
> @@ -1735,9 +1735,10 @@ struct sk_buff *ip6_make_skb(struct sock *sk,
>         cork.base.opt = NULL;
>         v6_cork.opt = NULL;
>         err = ip6_setup_cork(sk, &cork, &v6_cork, ipc6, rt, fl6);
> -       if (err)
> +       if (err) {
> +               ip6_cork_release(&cork, &v6_cork);
>                 return ERR_PTR(err);
> -
> +       }
>         if (ipc6->dontfrag < 0)
>                 ipc6->dontfrag = inet6_sk(sk)->dontfrag;
>
David Miller Jan. 10, 2018, 9:02 p.m. | #2
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Wed, 10 Jan 2018 03:45:49 -0800

> From: Eric Dumazet <edumazet@google.com>
> 
> ip6_setup_cork() might return an error, while memory allocations have
> been done and must be rolled back.
> 
> Fixes: 6422398c2ab0 ("ipv6: introduce ipv6_make_skb")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Cc: Vlad Yasevich <vyasevich@gmail.com>
> Reported-by: Mike Maloney <maloney@google.com>

Applied and queeud up for -stable, thanks.

Patch

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index f7dd51c4231415fd1321fd431194d896ea2d1689..688ba5f7516b37c87b879036dce781bdcfa01739 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1735,9 +1735,10 @@  struct sk_buff *ip6_make_skb(struct sock *sk,
 	cork.base.opt = NULL;
 	v6_cork.opt = NULL;
 	err = ip6_setup_cork(sk, &cork, &v6_cork, ipc6, rt, fl6);
-	if (err)
+	if (err) {
+		ip6_cork_release(&cork, &v6_cork);
 		return ERR_PTR(err);
-
+	}
 	if (ipc6->dontfrag < 0)
 		ipc6->dontfrag = inet6_sk(sk)->dontfrag;