Message ID | 20180110205025.7124-1-xiyou.wangcong@gmail.com |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
Series | [net] tipc: fix a memory leak in tipc_nl_node_get_link() | expand |
On 01/11/2018 04:50 AM, Cong Wang wrote: > When tipc_node_find_by_name() fails, the nlmsg is not > freed. > > While on it, switch to a goto label to properly > free it. > > Fixes: be9c086715c ("tipc: narrow down exposure of struct tipc_node") > Reported-by: Dmitry Vyukov <dvyukov@google.com> > Cc: Jon Maloy <jon.maloy@ericsson.com> > Cc: Ying Xue <ying.xue@windriver.com> > Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Acked-by: Ying Xue <ying.xue@windriver.com> > --- > net/tipc/node.c | 26 ++++++++++++++------------ > 1 file changed, 14 insertions(+), 12 deletions(-) > > diff --git a/net/tipc/node.c b/net/tipc/node.c > index 507017fe0f1b..9036d8756e73 100644 > --- a/net/tipc/node.c > +++ b/net/tipc/node.c > @@ -1880,36 +1880,38 @@ int tipc_nl_node_get_link(struct sk_buff *skb, struct genl_info *info) > > if (strcmp(name, tipc_bclink_name) == 0) { > err = tipc_nl_add_bc_link(net, &msg); > - if (err) { > - nlmsg_free(msg.skb); > - return err; > - } > + if (err) > + goto err_free; > } else { > int bearer_id; > struct tipc_node *node; > struct tipc_link *link; > > node = tipc_node_find_by_name(net, name, &bearer_id); > - if (!node) > - return -EINVAL; > + if (!node) { > + err = -EINVAL; > + goto err_free; > + } > > tipc_node_read_lock(node); > link = node->links[bearer_id].link; > if (!link) { > tipc_node_read_unlock(node); > - nlmsg_free(msg.skb); > - return -EINVAL; > + err = -EINVAL; > + goto err_free; > } > > err = __tipc_nl_add_link(net, &msg, link, 0); > tipc_node_read_unlock(node); > - if (err) { > - nlmsg_free(msg.skb); > - return err; > - } > + if (err) > + goto err_free; > } > > return genlmsg_reply(msg.skb, info); > + > +err_free: > + nlmsg_free(msg.skb); > + return err; > } > > int tipc_nl_node_reset_link_stats(struct sk_buff *skb, struct genl_info *info) >
From: Cong Wang <xiyou.wangcong@gmail.com> Date: Wed, 10 Jan 2018 12:50:25 -0800 > When tipc_node_find_by_name() fails, the nlmsg is not > freed. > > While on it, switch to a goto label to properly > free it. > > Fixes: be9c086715c ("tipc: narrow down exposure of struct tipc_node") > Reported-by: Dmitry Vyukov <dvyukov@google.com> > Cc: Jon Maloy <jon.maloy@ericsson.com> > Cc: Ying Xue <ying.xue@windriver.com> > Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Applied, thanks.
diff --git a/net/tipc/node.c b/net/tipc/node.c index 507017fe0f1b..9036d8756e73 100644 --- a/net/tipc/node.c +++ b/net/tipc/node.c @@ -1880,36 +1880,38 @@ int tipc_nl_node_get_link(struct sk_buff *skb, struct genl_info *info) if (strcmp(name, tipc_bclink_name) == 0) { err = tipc_nl_add_bc_link(net, &msg); - if (err) { - nlmsg_free(msg.skb); - return err; - } + if (err) + goto err_free; } else { int bearer_id; struct tipc_node *node; struct tipc_link *link; node = tipc_node_find_by_name(net, name, &bearer_id); - if (!node) - return -EINVAL; + if (!node) { + err = -EINVAL; + goto err_free; + } tipc_node_read_lock(node); link = node->links[bearer_id].link; if (!link) { tipc_node_read_unlock(node); - nlmsg_free(msg.skb); - return -EINVAL; + err = -EINVAL; + goto err_free; } err = __tipc_nl_add_link(net, &msg, link, 0); tipc_node_read_unlock(node); - if (err) { - nlmsg_free(msg.skb); - return err; - } + if (err) + goto err_free; } return genlmsg_reply(msg.skb, info); + +err_free: + nlmsg_free(msg.skb); + return err; } int tipc_nl_node_reset_link_stats(struct sk_buff *skb, struct genl_info *info)
When tipc_node_find_by_name() fails, the nlmsg is not freed. While on it, switch to a goto label to properly free it. Fixes: be9c086715c ("tipc: narrow down exposure of struct tipc_node") Reported-by: Dmitry Vyukov <dvyukov@google.com> Cc: Jon Maloy <jon.maloy@ericsson.com> Cc: Ying Xue <ying.xue@windriver.com> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> --- net/tipc/node.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-)