]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
projects / thirdparty / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cfe8246)
espintcp: fix skb leaks
authorSabrina Dubroca <sd@queasysnail.net>
Wed, 9 Apr 2025 13:59:56 +0000 (15:59 +0200)
committerSteffen Klassert <steffen.klassert@secunet.com>
Mon, 14 Apr 2025 09:58:50 +0000 (11:58 +0200)
A few error paths are missing a kfree_skb.

Fixes: e27cca96cd68 ("xfrm: add espintcp (RFC 8229)")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
net/ipv4/esp4.c patch | blob | blame | history
net/ipv6/esp6.c patch | blob | blame | history
net/xfrm/espintcp.c patch | blob | blame | history

diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 0e4076866c0a404be041bcf9aa9358dec599aa34..876df672c0bfa55c422644b4a1ba228898fd64be 100644 (file)
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -199,8 +199,10 @@ static int esp_output_tcp_finish(struct xfrm_state *x, struct sk_buff *skb)
 
        sk = esp_find_tcp_sk(x);
        err = PTR_ERR_OR_ZERO(sk);
-       if (err)
+       if (err) {
+               kfree_skb(skb);
                goto out;
+       }
 
        bh_lock_sock(sk);
        if (sock_owned_by_user(sk))
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 9e73944e3b530aee45b0d5ba685e561f920b8af6..574989b82179c13ce64e35ddaa7c294b980c9b2e 100644 (file)
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -216,8 +216,10 @@ static int esp_output_tcp_finish(struct xfrm_state *x, struct sk_buff *skb)
 
        sk = esp6_find_tcp_sk(x);
        err = PTR_ERR_OR_ZERO(sk);
-       if (err)
+       if (err) {
+               kfree_skb(skb);
                goto out;
+       }
 
        bh_lock_sock(sk);
        if (sock_owned_by_user(sk))
diff --git a/net/xfrm/espintcp.c b/net/xfrm/espintcp.c
index fe82e2d073006e5ab1b03868c851147c0422d26d..fc7a603b04f130062440834ad1af7ae6367c0f41 100644 (file)
--- a/net/xfrm/espintcp.c
+++ b/net/xfrm/espintcp.c
@@ -171,8 +171,10 @@ int espintcp_queue_out(struct sock *sk, struct sk_buff *skb)
        struct espintcp_ctx *ctx = espintcp_getctx(sk);
 
        if (skb_queue_len(&ctx->out_queue) >=
-           READ_ONCE(net_hotdata.max_backlog))
+           READ_ONCE(net_hotdata.max_backlog)) {
+               kfree_skb(skb);
                return -ENOBUFS;
+       }
 
        __skb_queue_tail(&ctx->out_queue, skb);
 
A mirror of Linus' kernel repository