caif: Plug memory leak for checksum error
authorsjur.brandeland@stericsson.com <sjur.brandeland@stericsson.com>
Sun, 22 May 2011 11:18:54 +0000 (11:18 +0000)
committerDavid S. Miller <davem@davemloft.net>
Mon, 23 May 2011 00:11:49 +0000 (20:11 -0400)
In case of checksum error, the framing layer returns -EILSEQ, but
does not free the packet. Plug this hole by freeing the packet if
-EILSEQ is returned.

Signed-off-by: Sjur Brændeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/caif/caif_dev.c

index 366ca0f..682c0fe 100644 (file)
@@ -142,6 +142,7 @@ static int receive(struct sk_buff *skb, struct net_device *dev,
 {
        struct cfpkt *pkt;
        struct caif_device_entry *caifd;
+       int err;
 
        pkt = cfpkt_fromnative(CAIF_DIR_IN, skb);
 
@@ -159,7 +160,11 @@ static int receive(struct sk_buff *skb, struct net_device *dev,
        caifd_hold(caifd);
        rcu_read_unlock();
 
-       caifd->layer.up->receive(caifd->layer.up, pkt);
+       err = caifd->layer.up->receive(caifd->layer.up, pkt);
+
+       /* For -EILSEQ the packet is not freed so so it now */
+       if (err == -EILSEQ)
+               cfpkt_destroy(pkt);
 
        /* Release reference to stack upwards */
        caifd_put(caifd);