net/x25: Fix skb leak in x25_lapb_receive_frame()
authorWei Yongjun <weiyongjun1@huawei.com>
Mon, 14 Nov 2022 11:05:19 +0000 (11:05 +0000)
committerJakub Kicinski <kuba@kernel.org>
Wed, 16 Nov 2022 04:22:19 +0000 (20:22 -0800)
x25_lapb_receive_frame() using skb_copy() to get a private copy of
skb, the new skb should be freed in the undersized/fragmented skb
error handling path. Otherwise there is a memory leak.

Fixes: cb101ed2c3c7 ("x25: Handle undersized/fragmented skbs")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Acked-by: Martin Schiller <ms@dev.tdt.de>
Link: https://lore.kernel.org/r/20221114110519.514538-1-weiyongjun@huaweicloud.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
net/x25/x25_dev.c

index 5259ef8f5242f347ab0c2464db1c8f527c840691..748d8630ab58b9ed7937ccbf5e59483aecae1fa2 100644 (file)
@@ -117,7 +117,7 @@ int x25_lapb_receive_frame(struct sk_buff *skb, struct net_device *dev,
 
        if (!pskb_may_pull(skb, 1)) {
                x25_neigh_put(nb);
-               return 0;
+               goto drop;
        }
 
        switch (skb->data[0]) {