Patchwork [5/5] caif: Plug memory leak for checksum error

login
register
mail settings
Submitter sjur.brandeland@stericsson.com
Date May 22, 2011, 9:18 p.m.
Message ID <1306099134-12989-5-git-send-email-sjur.brandeland@stericsson.com>
Download mbox | patch
Permalink /patch/96786/
State Accepted
Delegated to: David Miller
Headers show

Comments

sjur.brandeland@stericsson.com - May 22, 2011, 9:18 p.m.
In case of checksum error, the framing layer returns -EILSEQ, but
does not free the packet. Plug this hole by freeing the packet if
-EILSEQ is returned.

Signed-off-by: Sjur Brændeland <sjur.brandeland@stericsson.com>
---
 net/caif/caif_dev.c |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)
David Miller - May 23, 2011, 12:14 a.m.
From: Sjur Brændeland <sjur.brandeland@stericsson.com>
Date: Sun, 22 May 2011 23:18:54 +0200

> In case of checksum error, the framing layer returns -EILSEQ, but
> does not free the packet. Plug this hole by freeing the packet if
> -EILSEQ is returned.
> 
> Signed-off-by: Sjur Brændeland <sjur.brandeland@stericsson.com>

Appied.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/caif/caif_dev.c b/net/caif/caif_dev.c
index 366ca0f..682c0fe 100644
--- a/net/caif/caif_dev.c
+++ b/net/caif/caif_dev.c
@@ -142,6 +142,7 @@  static int receive(struct sk_buff *skb, struct net_device *dev,
 {
 	struct cfpkt *pkt;
 	struct caif_device_entry *caifd;
+	int err;
 
 	pkt = cfpkt_fromnative(CAIF_DIR_IN, skb);
 
@@ -159,7 +160,11 @@  static int receive(struct sk_buff *skb, struct net_device *dev,
 	caifd_hold(caifd);
 	rcu_read_unlock();
 
-	caifd->layer.up->receive(caifd->layer.up, pkt);
+	err = caifd->layer.up->receive(caifd->layer.up, pkt);
+
+	/* For -EILSEQ the packet is not freed so so it now */
+	if (err == -EILSEQ)
+		cfpkt_destroy(pkt);
 
 	/* Release reference to stack upwards */
 	caifd_put(caifd);