dccp: Fix memleak in __feat_register_sp [Linux 3.16.72]

This Linux kernel change "dccp: Fix memleak in __feat_register_sp" is included in the Linux 3.16.72 release. This change is authored by YueHaibing <yuehaibing [at] huawei.com> on Mon Apr 1 09:35:54 2019 +0800. The commit for this change in Linux stable tree is 6f5a5f7 (patch) which is from upstream commit 1d3ff09. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream 1d3ff09.

dccp: Fix memleak in __feat_register_sp

commit 1d3ff0950e2b40dc861b1739029649d03f591820 upstream.

If dccp_feat_push_change fails, we forget free the mem
which is alloced by kmemdup in dccp_feat_clone_sp_val.

Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: e8ef967a54f4 ("dccp: Registration routines for changing feature values")
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

There are 7 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 net/dccp/feat.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/net/dccp/feat.c b/net/dccp/feat.c
index 9733ddb..fa99d53 100644
--- a/net/dccp/feat.c
+++ b/net/dccp/feat.c
@@ -738,7 +738,12 @@ static int __feat_register_sp(struct list_head *fn, u8 feat, u8 is_local,
    if (dccp_feat_clone_sp_val(&fval, sp_val, sp_len))
        return -ENOMEM;

-   return dccp_feat_push_change(fn, feat, is_local, mandatory, &fval);
+   if (dccp_feat_push_change(fn, feat, is_local, mandatory, &fval)) {
+       kfree(fval.sp.vec);
+       return -ENOMEM;
+   }
+   return 0;


Leave a Reply

Your email address will not be published. Required fields are marked *