netrom: fix a memory leak in nr_rx_frame() [Linux 4.9.187]

This Linux kernel change "netrom: fix a memory leak in nr_rx_frame()" is included in the Linux 4.9.187 release. This change is authored by Cong Wang <xiyou.wangcong [at]> on Thu Jun 27 14:30:58 2019 -0700. The commit for this change in Linux stable tree is cab2e3d (patch) which is from upstream commit c8c8218. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream c8c8218.

netrom: fix a memory leak in nr_rx_frame()

[ Upstream commit c8c8218ec5af5d2598381883acbefbf604e56b5e ]

When the skb is associated with a new sock, just assigning
it to skb->sk is not sufficient, we have to set its destructor
to free the sock properly too.

Signed-off-by: Cong Wang <>
Signed-off-by: David S. Miller <>
Signed-off-by: Greg Kroah-Hartman <>

There are 3 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 net/netrom/af_netrom.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 046ae1c..699fd83 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -870,7 +870,7 @@ int nr_rx_frame(struct sk_buff *skb, struct net_device *dev)
    unsigned short frametype, flags, window, timeout;
    int ret;

-   skb->sk = NULL;     /* Initially we don't know who it's for */
+   skb_orphan(skb);

     *  skb->data points to the netrom frame start
@@ -969,6 +969,7 @@ int nr_rx_frame(struct sk_buff *skb, struct net_device *dev)
    window = skb->data[20];

    skb->sk             = make;
+   skb->destructor     = sock_efree;
    make->sk_state      = TCP_ESTABLISHED;

    /* Fill in his circuit details */

Leave a Reply

Your email address will not be published. Required fields are marked *