The patch titled
IPv6/DCCP: fix memory leak in dccp_v6_do_rcv()
has been removed from the -mm tree. Its filename was
ipv6-dccp-fix-memory-leak-in-dccp_v6_do_rcv.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
Subject: IPv6/DCCP: fix memory leak in dccp_v6_do_rcv()
From: Jesper Juhl <jesper.juhl@xxxxxxxxx>
Coverity found what looks like a real leak in
net/dccp/ipv6.c::dccp_v6_do_rcv()
We may leave via the return inside "if (sk->sk_state == DCCP_OPEN) {" but
at that point we may have allocated opt_skb, but we never free it in that
path before the return.
(akpm: does opt_skb actually do anything?)
Signed-off-by: Jesper Juhl <jesper.juhl@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
net/dccp/ipv6.c | 9 ++++-----
1 files changed, 4 insertions(+), 5 deletions(-)
diff -puN net/dccp/ipv6.c~ipv6-dccp-fix-memory-leak-in-dccp_v6_do_rcv net/dccp/ipv6.c
--- a/net/dccp/ipv6.c~ipv6-dccp-fix-memory-leak-in-dccp_v6_do_rcv
+++ a/net/dccp/ipv6.c
@@ -997,7 +997,7 @@ static int dccp_v6_do_rcv(struct sock *s
if (sk->sk_state == DCCP_OPEN) { /* Fast path */
if (dccp_rcv_established(sk, skb, dccp_hdr(skb), skb->len))
goto reset;
- return 0;
+ goto out;
}
if (sk->sk_state == DCCP_LISTEN) {
@@ -1013,9 +1013,7 @@ static int dccp_v6_do_rcv(struct sock *s
if (nsk != sk) {
if (dccp_child_process(sk, nsk, skb))
goto reset;
- if (opt_skb != NULL)
- __kfree_skb(opt_skb);
- return 0;
+ goto out;
}
}
@@ -1026,9 +1024,10 @@ static int dccp_v6_do_rcv(struct sock *s
reset:
dccp_v6_ctl_send_reset(skb);
discard:
+ kfree_skb(skb);
+out:
if (opt_skb != NULL)
__kfree_skb(opt_skb);
- kfree_skb(skb);
return 0;
}
_
Patches currently in -mm which might be from jesper.juhl@xxxxxxxxx are
origin.patch
nfs-kill-obsolete-nfs_paranoia.patch
debug-shared-irqs.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
