ieee802154: Don't leak memory in ieee802154_nl_fill_phy

In net/ieee802154/nl-phy.c::ieee802154_nl_fill_phy() I see two small issues. 1) If the allocation of 'buf' fails we may just as well return -EMSGSIZE directly rather than jumping to 'out:' and do a pointless kfree(0). 2) We do not free 'buf' unless we jump to one of the error labels and this leaks memory. This patch should address both. Signed-off-by: N Jesper Juhl <jj@chaosbits.net> Acked-by: N Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Signed-off-by: N David S. Miller <davem@conan.davemloft.net>

ieee802154: Don't leak memory in ieee802154_nl_fill_phy
In net/ieee802154/nl-phy.c::ieee802154_nl_fill_phy() I see two small issues. 1) If the allocation of 'buf' fails we may just as well return -EMSGSIZE directly rather than jumping to 'out:' and do a pointless kfree(0). 2) We do not free 'buf' unless we jump to one of the error labels and this leaks memory. This patch should address both. Signed-off-by: N Jesper Juhl <jj@chaosbits.net> Acked-by: N Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Signed-off-by: N David S. Miller <davem@conan.davemloft.net>
b9cabe52 · Jesper Juhl · David S. Miller · 84860c72 · b9cabe52
显示空白变更内容
内联并排

Showing with 2 addition and 1 deletion

net/ieee802154/nl-phy.c net/ieee802154/nl-phy.c +2 -1

未找到文件。
--- a/net/ieee802154/nl-phy.c
+++ b/net/ieee802154/nl-phy.c
@@ -44,7 +44,7 @@ static int ieee802154_nl_fill_phy(struct sk_buff *msg, u32 pid,
 	pr_debug("%s\n", __func__);
 	if (!buf)
-		goto out;
+		return -EMSGSIZE;
 	hdr = genlmsg_put(msg, 0, seq, &nl802154_family, flags,
 		IEEE802154_LIST_PHY);
@@ -65,6 +65,7 @@ static int ieee802154_nl_fill_phy(struct sk_buff *msg, u32 pid,
 				pages * sizeof(uint32_t), buf);
 	mutex_unlock(&phy->pib_lock);
+	kfree(buf);
 	return genlmsg_end(msg, hdr);
 nla_put_failure: