| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20160120232227.606813369@linuxfoundation.org>
Date: Wed, 20 Jan 2016 16:43:38 -0800
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, ying.xue@...driver.com,
"David S. Miller" <davem@...emloft.net>,
Ben Hutchings <ben@...adent.org.uk>
Subject: [PATCH 4.3 03/55] tipc: Fix kfree_skb() of uninitialised pointer
4.3-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@...adent.org.uk>
Commit 7098356baca7 ("tipc: fix error handling of expanding buffer
headroom") added a "goto tx_error". This is fine upstream, but
when backported to 4.3 it results in attempting to free the clone
before it has been allocated. In this early error case, no
cleanup is needed.
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
net/tipc/udp_media.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/tipc/udp_media.c
+++ b/net/tipc/udp_media.c
@@ -162,7 +162,7 @@ static int tipc_udp_send_msg(struct net
if (skb_headroom(skb) < UDP_MIN_HEADROOM) {
err = pskb_expand_head(skb, UDP_MIN_HEADROOM, 0, GFP_ATOMIC);
if (err)
- goto tx_error;
+ return err;
}
clone = skb_clone(skb, GFP_ATOMIC);
Powered by blists - more mailing lists