git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Qingfang Deng <dqfext@gmail.com>
	Wed, 3 Sep 2025 10:07:26 +0000 (18:07 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 9 Sep 2025 16:56:25 +0000 (18:56 +0200)
commit	85c1c86a67e09143aa464e9bf09c397816772348
tree	d4719b42d3a43de1ad297beca23595896dac0bc8	tree \| snapshot
parent	01d2690c09e6471c956b1d38e2faded73ffba47e	commit \| diff

ppp: fix memory leak in pad_compress_skb

[ Upstream commit 4844123fe0b853a4982c02666cb3fd863d701d50 ]

If alloc_skb() fails in pad_compress_skb(), it returns NULL without
releasing the old skb. The caller does:

    skb = pad_compress_skb(ppp, skb);
    if (!skb)
        goto drop;

drop:
    kfree_skb(skb);

When pad_compress_skb() returns NULL, the reference to the old skb is
lost and kfree_skb(skb) ends up doing nothing, leading to a memory leak.

Align pad_compress_skb() semantics with realloc(): only free the old
skb if allocation and compression succeed.  At the call site, use the
new_skb variable so the original skb is not lost when pad_compress_skb()
fails.

Fixes: b3f9b92a6ec1 ("[PPP]: add PPP MPPE encryption module")
Signed-off-by: Qingfang Deng <dqfext@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Yue Haibing <yuehaibing@huawei.com>
Link: https://patch.msgid.link/20250903100726.269839-1-dqfext@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>