* [Patch net] tipc: fix a memory leak in tipc_nl_node_get_link()
@ 2018-01-10 20:50 Cong Wang
2018-01-11 10:21 ` Ying Xue
2018-01-15 18:46 ` David Miller
0 siblings, 2 replies; 3+ messages in thread
From: Cong Wang @ 2018-01-10 20:50 UTC (permalink / raw)
To: netdev; +Cc: dvyukov, Cong Wang, Jon Maloy, Ying Xue
When tipc_node_find_by_name() fails, the nlmsg is not
freed.
While on it, switch to a goto label to properly
free it.
Fixes: be9c086715c ("tipc: narrow down exposure of struct tipc_node")
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Jon Maloy <jon.maloy@ericsson.com>
Cc: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
---
net/tipc/node.c | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/net/tipc/node.c b/net/tipc/node.c
index 507017fe0f1b..9036d8756e73 100644
--- a/net/tipc/node.c
+++ b/net/tipc/node.c
@@ -1880,36 +1880,38 @@ int tipc_nl_node_get_link(struct sk_buff *skb, struct genl_info *info)
if (strcmp(name, tipc_bclink_name) == 0) {
err = tipc_nl_add_bc_link(net, &msg);
- if (err) {
- nlmsg_free(msg.skb);
- return err;
- }
+ if (err)
+ goto err_free;
} else {
int bearer_id;
struct tipc_node *node;
struct tipc_link *link;
node = tipc_node_find_by_name(net, name, &bearer_id);
- if (!node)
- return -EINVAL;
+ if (!node) {
+ err = -EINVAL;
+ goto err_free;
+ }
tipc_node_read_lock(node);
link = node->links[bearer_id].link;
if (!link) {
tipc_node_read_unlock(node);
- nlmsg_free(msg.skb);
- return -EINVAL;
+ err = -EINVAL;
+ goto err_free;
}
err = __tipc_nl_add_link(net, &msg, link, 0);
tipc_node_read_unlock(node);
- if (err) {
- nlmsg_free(msg.skb);
- return err;
- }
+ if (err)
+ goto err_free;
}
return genlmsg_reply(msg.skb, info);
+
+err_free:
+ nlmsg_free(msg.skb);
+ return err;
}
int tipc_nl_node_reset_link_stats(struct sk_buff *skb, struct genl_info *info)
--
2.13.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Patch net] tipc: fix a memory leak in tipc_nl_node_get_link()
2018-01-10 20:50 [Patch net] tipc: fix a memory leak in tipc_nl_node_get_link() Cong Wang
@ 2018-01-11 10:21 ` Ying Xue
2018-01-15 18:46 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: Ying Xue @ 2018-01-11 10:21 UTC (permalink / raw)
To: Cong Wang, netdev; +Cc: dvyukov, Jon Maloy
On 01/11/2018 04:50 AM, Cong Wang wrote:
> When tipc_node_find_by_name() fails, the nlmsg is not
> freed.
>
> While on it, switch to a goto label to properly
> free it.
>
> Fixes: be9c086715c ("tipc: narrow down exposure of struct tipc_node")
> Reported-by: Dmitry Vyukov <dvyukov@google.com>
> Cc: Jon Maloy <jon.maloy@ericsson.com>
> Cc: Ying Xue <ying.xue@windriver.com>
> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Ying Xue <ying.xue@windriver.com>
> ---
> net/tipc/node.c | 26 ++++++++++++++------------
> 1 file changed, 14 insertions(+), 12 deletions(-)
>
> diff --git a/net/tipc/node.c b/net/tipc/node.c
> index 507017fe0f1b..9036d8756e73 100644
> --- a/net/tipc/node.c
> +++ b/net/tipc/node.c
> @@ -1880,36 +1880,38 @@ int tipc_nl_node_get_link(struct sk_buff *skb, struct genl_info *info)
>
> if (strcmp(name, tipc_bclink_name) == 0) {
> err = tipc_nl_add_bc_link(net, &msg);
> - if (err) {
> - nlmsg_free(msg.skb);
> - return err;
> - }
> + if (err)
> + goto err_free;
> } else {
> int bearer_id;
> struct tipc_node *node;
> struct tipc_link *link;
>
> node = tipc_node_find_by_name(net, name, &bearer_id);
> - if (!node)
> - return -EINVAL;
> + if (!node) {
> + err = -EINVAL;
> + goto err_free;
> + }
>
> tipc_node_read_lock(node);
> link = node->links[bearer_id].link;
> if (!link) {
> tipc_node_read_unlock(node);
> - nlmsg_free(msg.skb);
> - return -EINVAL;
> + err = -EINVAL;
> + goto err_free;
> }
>
> err = __tipc_nl_add_link(net, &msg, link, 0);
> tipc_node_read_unlock(node);
> - if (err) {
> - nlmsg_free(msg.skb);
> - return err;
> - }
> + if (err)
> + goto err_free;
> }
>
> return genlmsg_reply(msg.skb, info);
> +
> +err_free:
> + nlmsg_free(msg.skb);
> + return err;
> }
>
> int tipc_nl_node_reset_link_stats(struct sk_buff *skb, struct genl_info *info)
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Patch net] tipc: fix a memory leak in tipc_nl_node_get_link()
2018-01-10 20:50 [Patch net] tipc: fix a memory leak in tipc_nl_node_get_link() Cong Wang
2018-01-11 10:21 ` Ying Xue
@ 2018-01-15 18:46 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: David Miller @ 2018-01-15 18:46 UTC (permalink / raw)
To: xiyou.wangcong; +Cc: netdev, dvyukov, jon.maloy, ying.xue
From: Cong Wang <xiyou.wangcong@gmail.com>
Date: Wed, 10 Jan 2018 12:50:25 -0800
> When tipc_node_find_by_name() fails, the nlmsg is not
> freed.
>
> While on it, switch to a goto label to properly
> free it.
>
> Fixes: be9c086715c ("tipc: narrow down exposure of struct tipc_node")
> Reported-by: Dmitry Vyukov <dvyukov@google.com>
> Cc: Jon Maloy <jon.maloy@ericsson.com>
> Cc: Ying Xue <ying.xue@windriver.com>
> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Applied, thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-01-15 18:46 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-10 20:50 [Patch net] tipc: fix a memory leak in tipc_nl_node_get_link() Cong Wang
2018-01-11 10:21 ` Ying Xue
2018-01-15 18:46 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.