In net/ieee802154/nl-phy.c::ieee802154_nl_fill_phy() I see two small
issues.
1) If the allocation of 'buf' fails we may just as well return -EMSGSIZE
directly rather than jumping to 'out:' and do a pointless kfree(0).
2) We do not free 'buf' unless we jump to one of the error labels and this
leaks memory.
This patch should address both.
Signed-off-by: Jesper Juhl <[email protected]>
---
nl-phy.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
I have no way to properly test this patch, so it's compile tested only.
diff --git a/net/ieee802154/nl-phy.c b/net/ieee802154/nl-phy.c
index ed0eab3..02548b2 100644
--- a/net/ieee802154/nl-phy.c
+++ b/net/ieee802154/nl-phy.c
@@ -44,7 +44,7 @@ static int ieee802154_nl_fill_phy(struct sk_buff *msg, u32 pid,
pr_debug("%s\n", __func__);
if (!buf)
- goto out;
+ return -EMSGSIZE;
hdr = genlmsg_put(msg, 0, seq, &nl802154_family, flags,
IEEE802154_LIST_PHY);
@@ -65,6 +65,7 @@ static int ieee802154_nl_fill_phy(struct sk_buff *msg, u32 pid,
pages * sizeof(uint32_t), buf);
mutex_unlock(&phy->pib_lock);
+ kfree(buf);
return genlmsg_end(msg, hdr);
nla_put_failure:
--
Jesper Juhl <[email protected]> http://www.chaosbits.net/
Don't top-post http://www.catb.org/jargon/html/T/top-post.html
Plain text mails only, please.
On 6/12/11, Jesper Juhl <[email protected]> wrote:
> In net/ieee802154/nl-phy.c::ieee802154_nl_fill_phy() I see two small
> issues.
> 1) If the allocation of 'buf' fails we may just as well return -EMSGSIZE
> directly rather than jumping to 'out:' and do a pointless kfree(0).
> 2) We do not free 'buf' unless we jump to one of the error labels and this
> leaks memory.
> This patch should address both.
>
> Signed-off-by: Jesper Juhl <[email protected]>
Acked-by: Dmitry Eremin-Solenikov <[email protected]>
David, please commit this.
--
With best wishes
Dmitry
From: Dmitry Eremin-Solenikov <[email protected]>
Date: Tue, 14 Jun 2011 00:02:38 +0400
> On 6/12/11, Jesper Juhl <[email protected]> wrote:
>> In net/ieee802154/nl-phy.c::ieee802154_nl_fill_phy() I see two small
>> issues.
>> 1) If the allocation of 'buf' fails we may just as well return -EMSGSIZE
>> directly rather than jumping to 'out:' and do a pointless kfree(0).
>> 2) We do not free 'buf' unless we jump to one of the error labels and this
>> leaks memory.
>> This patch should address both.
>>
>> Signed-off-by: Jesper Juhl <[email protected]>
>
> Acked-by: Dmitry Eremin-Solenikov <[email protected]>
>
> David, please commit this.
Applied, thanks.