projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8d73a73)
rxrpc: Fix memory leak in rxkad_verify_response()
authorDinghao Liu <dinghao.liu@zju.edu.cn>
Thu, 27 Aug 2020 15:55:46 +0000 (16:55 +0100)
committerDavid S. Miller <davem@davemloft.net>
Thu, 27 Aug 2020 19:59:45 +0000 (12:59 -0700)
Fix a memory leak in rxkad_verify_response() whereby the response buffer
doesn't get freed if we fail to allocate a ticket buffer.

Fixes: ef68622da9cc ("rxrpc: Handle temporary errors better in rxkad security")
Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/rxrpc/rxkad.c patch | blob | history

diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 52a24d4..e08130e 100644 (file)
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -1137,7 +1137,7 @@ static int rxkad_verify_response(struct rxrpc_connection *conn,
        ret = -ENOMEM;
        ticket = kmalloc(ticket_len, GFP_NOFS);
        if (!ticket)
-               goto temporary_error;
+               goto temporary_error_free_resp;
 
        eproto = tracepoint_string("rxkad_tkt_short");
        abort_code = RXKADPACKETSHORT;
@@ -1230,6 +1230,7 @@ protocol_error:
 
 temporary_error_free_ticket:
        kfree(ticket);
+temporary_error_free_resp:
        kfree(response);
 temporary_error:
        /* Ignore the response packet if we got a temporary error such as
Domain: System / Kernel;