+ ipv6-dccp-fix-memory-leak-in-dccp_v6_do_rcv.patch added to -mm tree

akpm@xxxxxxxx · Thu, 28 Sep 2006 23:08:12 -0700

The patch titled

     IPv6/DCCP: fix memory leak in dccp_v6_do_rcv()

has been added to the -mm tree.  Its filename is

     ipv6-dccp-fix-memory-leak-in-dccp_v6_do_rcv.patch

See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this

------------------------------------------------------
Subject: IPv6/DCCP: fix memory leak in dccp_v6_do_rcv()
From: Jesper Juhl <jesper.juhl@xxxxxxxxx>

Coverity found what looks like a real leak in
net/dccp/ipv6.c::dccp_v6_do_rcv()

We may leave via the return inside "if (sk->sk_state == DCCP_OPEN) {" but
at that point we may have allocated opt_skb, but we never free it in that
path before the return.

(akpm: does opt_skb actually do anything?)

Signed-off-by: Jesper Juhl <jesper.juhl@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---

 net/dccp/ipv6.c |    9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff -puN net/dccp/ipv6.c~ipv6-dccp-fix-memory-leak-in-dccp_v6_do_rcv net/dccp/ipv6.c

--- a/net/dccp/ipv6.c~ipv6-dccp-fix-memory-leak-in-dccp_v6_do_rcv
+++ a/net/dccp/ipv6.c
@@ -997,7 +997,7 @@ static int dccp_v6_do_rcv(struct sock *s
 	if (sk->sk_state == DCCP_OPEN) { /* Fast path */
 		if (dccp_rcv_established(sk, skb, dccp_hdr(skb), skb->len))
 			goto reset;
-		return 0;
+		goto out;
 	}
 
 	if (sk->sk_state == DCCP_LISTEN) {
@@ -1013,9 +1013,7 @@ static int dccp_v6_do_rcv(struct sock *s
  		if (nsk != sk) {
 			if (dccp_child_process(sk, nsk, skb))
 				goto reset;
-			if (opt_skb != NULL)
-				__kfree_skb(opt_skb);
-			return 0;
+			goto out;
 		}
 	}
 
@@ -1026,9 +1024,10 @@ static int dccp_v6_do_rcv(struct sock *s
 reset:
 	dccp_v6_ctl_send_reset(skb);
 discard:
+	kfree_skb(skb);
+out:
 	if (opt_skb != NULL)
 		__kfree_skb(opt_skb);
-	kfree_skb(skb);
 	return 0;
 }
 
_

Patches currently in -mm which might be from jesper.juhl@xxxxxxxxx are

origin.patch
ipv6-dccp-fix-memory-leak-in-dccp_v6_do_rcv.patch
nfs-kill-obsolete-nfs_paranoia.patch
small-update-to-credits.patch
debug-shared-irqs.patch

-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




