Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756214AbdLTS5f (ORCPT ); Wed, 20 Dec 2017 13:57:35 -0500 Received: from shards.monkeyblade.net ([184.105.139.130]:42306 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756034AbdLTS5c (ORCPT ); Wed, 20 Dec 2017 13:57:32 -0500 Date: Wed, 20 Dec 2017 13:57:30 -0500 (EST) Message-Id: <20171220.135730.2027041954619642787.davem@davemloft.net> To: yanhaishuang@cmss.chinamobile.com Cc: kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, u9012063@gmail.com Subject: Re: [PATCH v3,net-next 2/2] ip6_gre: fix potential memory leak in ip6erspan_rcv From: David Miller In-Reply-To: <1513735621-21913-3-git-send-email-yanhaishuang@cmss.chinamobile.com> References: <1513735621-21913-1-git-send-email-yanhaishuang@cmss.chinamobile.com> <1513735621-21913-3-git-send-email-yanhaishuang@cmss.chinamobile.com> X-Mailer: Mew version 6.7 on Emacs 25.3 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Wed, 20 Dec 2017 10:57:32 -0800 (PST) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 833 Lines: 26 From: Haishuang Yan Date: Wed, 20 Dec 2017 10:07:01 +0800 > If md is NULL, tun_dst must be freed, otherwise it will cause memory > leak. > > Fixes: ef7baf5e083c ("ip6_gre: add ip6 erspan collect_md mode") > Cc: William Tu > Signed-off-by: Haishuang Yan Applied. > @@ -550,8 +550,10 @@ static int ip6erspan_rcv(struct sk_buff *skb, int gre_hdr_len, > > info = &tun_dst->u.tun_info; > md = ip_tunnel_info_opts(info); > - if (!md) > + if (!md) { > + dst_release((struct dst_entry *)tun_dst); > return PACKET_REJECT; > + } > > memcpy(md, pkt_md, sizeof(*md)); I agree with William that 'md' should never be NULL here, but that check existing before your changes so removing it is a separate patch altogether.