diff options
author | Jesper Juhl <jj@chaosbits.net> | 2011-06-12 04:28:16 +0000 |
---|---|---|
committer | David S. Miller <davem@conan.davemloft.net> | 2011-06-13 18:03:22 -0400 |
commit | b9cabe52c27cf834137f3aaa46da23bcf32284e8 (patch) | |
tree | c620f63c1314e08f50033de489ea39ef92538b9c /net/ieee802154 | |
parent | 84860c725364372a331589a600ce6a00437a14f8 (diff) | |
download | kernel_samsung_tuna-b9cabe52c27cf834137f3aaa46da23bcf32284e8.zip kernel_samsung_tuna-b9cabe52c27cf834137f3aaa46da23bcf32284e8.tar.gz kernel_samsung_tuna-b9cabe52c27cf834137f3aaa46da23bcf32284e8.tar.bz2 |
ieee802154: Don't leak memory in ieee802154_nl_fill_phy
In net/ieee802154/nl-phy.c::ieee802154_nl_fill_phy() I see two small
issues.
1) If the allocation of 'buf' fails we may just as well return -EMSGSIZE
directly rather than jumping to 'out:' and do a pointless kfree(0).
2) We do not free 'buf' unless we jump to one of the error labels and this
leaks memory.
This patch should address both.
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: David S. Miller <davem@conan.davemloft.net>
Diffstat (limited to 'net/ieee802154')
-rw-r--r-- | net/ieee802154/nl-phy.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ieee802154/nl-phy.c b/net/ieee802154/nl-phy.c index ed0eab3..02548b2 100644 --- a/net/ieee802154/nl-phy.c +++ b/net/ieee802154/nl-phy.c @@ -44,7 +44,7 @@ static int ieee802154_nl_fill_phy(struct sk_buff *msg, u32 pid, pr_debug("%s\n", __func__); if (!buf) - goto out; + return -EMSGSIZE; hdr = genlmsg_put(msg, 0, seq, &nl802154_family, flags, IEEE802154_LIST_PHY); @@ -65,6 +65,7 @@ static int ieee802154_nl_fill_phy(struct sk_buff *msg, u32 pid, pages * sizeof(uint32_t), buf); mutex_unlock(&phy->pib_lock); + kfree(buf); return genlmsg_end(msg, hdr); nla_put_failure: |