| From foo@baz Tue Aug 8 16:51:58 PDT 2017 |
| From: Xin Long <lucien.xin@gmail.com> |
| Date: Wed, 26 Jul 2017 14:20:15 +0800 |
| Subject: dccp: fix a memleak for dccp_feat_init err process |
| |
| From: Xin Long <lucien.xin@gmail.com> |
| |
| |
| [ Upstream commit e90ce2fc27cad7e7b1e72b9e66201a7a4c124c2b ] |
| |
| In dccp_feat_init, when ccid_get_builtin_ccids failsto alloc |
| memory for rx.val, it should free tx.val before returning an |
| error. |
| |
| Signed-off-by: Xin Long <lucien.xin@gmail.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/dccp/feat.c | 7 +++++-- |
| 1 file changed, 5 insertions(+), 2 deletions(-) |
| |
| --- a/net/dccp/feat.c |
| +++ b/net/dccp/feat.c |
| @@ -1471,9 +1471,12 @@ int dccp_feat_init(struct sock *sk) |
| * singleton values (which always leads to failure). |
| * These settings can still (later) be overridden via sockopts. |
| */ |
| - if (ccid_get_builtin_ccids(&tx.val, &tx.len) || |
| - ccid_get_builtin_ccids(&rx.val, &rx.len)) |
| + if (ccid_get_builtin_ccids(&tx.val, &tx.len)) |
| return -ENOBUFS; |
| + if (ccid_get_builtin_ccids(&rx.val, &rx.len)) { |
| + kfree(tx.val); |
| + return -ENOBUFS; |
| + } |
| |
| if (!dccp_feat_prefer(sysctl_dccp_tx_ccid, tx.val, tx.len) || |
| !dccp_feat_prefer(sysctl_dccp_rx_ccid, rx.val, rx.len)) |