| Message ID | 20190401013554.17488-1-yuehaibing@huawei.com |
|---|---|
| State | Accepted |
| Delegated to: | David Miller |
| Headers | show |
| Series | dccp: Fix memleak in __feat_register_sp | expand |
On 4/1/2019 7:05 AM, Yue Haibing wrote: > From: YueHaibing <yuehaibing@huawei.com> > > If dccp_feat_push_change fails, we forget free the mem > which is alloced by kmemdup in dccp_feat_clone_sp_val. > > Reported-by: Hulk Robot <hulkci@huawei.com> > Fixes: e8ef967a54f4 ("dccp: Registration routines for changing feature values") > Reviewed-by: Mukesh Ojha <mojha@codeaurora.org> > Signed-off-by: YueHaibing <yuehaibing@huawei.com> > --- I don't think it is the first version. Do keep in mind to put detail here . -Mukesh > net/dccp/feat.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/net/dccp/feat.c b/net/dccp/feat.c > index f227f00..db87d9f 100644 > --- a/net/dccp/feat.c > +++ b/net/dccp/feat.c > @@ -738,7 +738,12 @@ static int __feat_register_sp(struct list_head *fn, u8 feat, u8 is_local, > if (dccp_feat_clone_sp_val(&fval, sp_val, sp_len)) > return -ENOMEM; > > - return dccp_feat_push_change(fn, feat, is_local, mandatory, &fval); > + if (dccp_feat_push_change(fn, feat, is_local, mandatory, &fval)) { > + kfree(fval.sp.vec); > + return -ENOMEM; > + } > + > + return 0; > } > > /**
On 2019/4/1 16:24, Mukesh Ojha wrote: > > On 4/1/2019 7:05 AM, Yue Haibing wrote: >> From: YueHaibing <yuehaibing@huawei.com> >> >> If dccp_feat_push_change fails, we forget free the mem >> which is alloced by kmemdup in dccp_feat_clone_sp_val. >> >> Reported-by: Hulk Robot <hulkci@huawei.com> >> Fixes: e8ef967a54f4 ("dccp: Registration routines for changing feature values") >> Reviewed-by: Mukesh Ojha <mojha@codeaurora.org> >> Signed-off-by: YueHaibing <yuehaibing@huawei.com> >> --- > > > I don't think it is the first version. Do keep in mind to put detail here . Yes, this is the v3 resend. > > -Mukesh > >> net/dccp/feat.c | 7 ++++++- >> 1 file changed, 6 insertions(+), 1 deletion(-) >> >> diff --git a/net/dccp/feat.c b/net/dccp/feat.c >> index f227f00..db87d9f 100644 >> --- a/net/dccp/feat.c >> +++ b/net/dccp/feat.c >> @@ -738,7 +738,12 @@ static int __feat_register_sp(struct list_head *fn, u8 feat, u8 is_local, >> if (dccp_feat_clone_sp_val(&fval, sp_val, sp_len)) >> return -ENOMEM; >> - return dccp_feat_push_change(fn, feat, is_local, mandatory, &fval); >> + if (dccp_feat_push_change(fn, feat, is_local, mandatory, &fval)) { >> + kfree(fval.sp.vec); >> + return -ENOMEM; >> + } >> + >> + return 0; >> } >> /** > >
From: Yue Haibing <yuehaibing@huawei.com> Date: Mon, 1 Apr 2019 09:35:54 +0800 > From: YueHaibing <yuehaibing@huawei.com> > > If dccp_feat_push_change fails, we forget free the mem > which is alloced by kmemdup in dccp_feat_clone_sp_val. > > Reported-by: Hulk Robot <hulkci@huawei.com> > Fixes: e8ef967a54f4 ("dccp: Registration routines for changing feature values") > Reviewed-by: Mukesh Ojha <mojha@codeaurora.org> > Signed-off-by: YueHaibing <yuehaibing@huawei.com> Applied.
diff --git a/net/dccp/feat.c b/net/dccp/feat.c index f227f00..db87d9f 100644 --- a/net/dccp/feat.c +++ b/net/dccp/feat.c @@ -738,7 +738,12 @@ static int __feat_register_sp(struct list_head *fn, u8 feat, u8 is_local, if (dccp_feat_clone_sp_val(&fval, sp_val, sp_len)) return -ENOMEM; - return dccp_feat_push_change(fn, feat, is_local, mandatory, &fval); + if (dccp_feat_push_change(fn, feat, is_local, mandatory, &fval)) { + kfree(fval.sp.vec); + return -ENOMEM; + } + + return 0; } /**