]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: faa83a7)
tipc: fix a possible memleak in tipc_buf_append
authorXin Long <lucien.xin@gmail.com>
Tue, 30 Apr 2024 14:03:38 +0000 (10:03 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 17 May 2024 09:48:01 +0000 (11:48 +0200)
[ Upstream commit 97bf6f81b29a8efaf5d0983251a7450e5794370d ]

__skb_linearize() doesn't free the skb when it fails, so move
'*buf = NULL' after __skb_linearize(), so that the skb can be
freed on the err path.

Fixes: b7df21cf1b79 ("tipc: skb_linearize the head skb when reassembling msgs")
Reported-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Tung Nguyen <tung.q.nguyen@dektech.com.au>
Link: https://lore.kernel.org/r/90710748c29a1521efac4f75ea01b3b7e61414cf.1714485818.git.lucien.xin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/tipc/msg.c patch | blob | blame | history

diff --git a/net/tipc/msg.c b/net/tipc/msg.c
index 91dcf648d32bbc704d4f233d2a160946c1e0b4df..b2b102d6f58198ceb8f0e126003d8bbbb6e2e7f9 100644 (file)
--- a/net/tipc/msg.c
+++ b/net/tipc/msg.c
@@ -148,9 +148,9 @@ int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf)
        if (fragid == FIRST_FRAGMENT) {
                if (unlikely(head))
                        goto err;
-               *buf = NULL;
                if (skb_has_frag_list(frag) && __skb_linearize(frag))
                        goto err;
+               *buf = NULL;
                frag = skb_unshare(frag, GFP_ATOMIC);
                if (unlikely(!frag))
                        goto err;
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git