[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20101231.112101.70194518.davem@davemloft.net>
Date: Fri, 31 Dec 2010 11:21:01 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: tilman@...p.cc
Cc: jj@...osbits.net, gigaset307x-common@...ts.sourceforge.net,
hjlipp@....de, isdn@...ux-pingi.de, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ISDN, Gigaset: Fix memory leak in do_disconnect_req()
From: Tilman Schmidt <tilman@...p.cc>
Date: Tue, 28 Dec 2010 18:42:29 +0100
> Quite correct. Thanks for finding and fixing this.
>
> Am 26.12.2010 20:59 schrieb Jesper Juhl:
>> Hi,
>>
>> In drivers/isdn/gigaset/capi.c::do_disconnect_req() we will leak the
>> memory allocated (with kmalloc) to 'b3cmsg' if the call to alloc_skb()
>> fails.
>>
>> ...
>> b3cmsg = kmalloc(sizeof(*b3cmsg), GFP_KERNEL);
>> allocation here ------^
>> if (!b3cmsg) {
>> dev_err(cs->dev, "%s: out of memory\n", __func__);
>> send_conf(iif, ap, skb, CAPI_MSGOSRESOURCEERR);
>> return;
>> }
>> capi_cmsg_header(b3cmsg, ap->id, CAPI_DISCONNECT_B3, CAPI_IND,
>> ap->nextMessageNumber++,
>> cmsg->adr.adrPLCI | (1 << 16));
>> b3cmsg->Reason_B3 = CapiProtocolErrorLayer1;
>> b3skb = alloc_skb(CAPI_DISCONNECT_B3_IND_BASELEN, GFP_KERNEL);
>> if (b3skb == NULL) {
>> dev_err(cs->dev, "%s: out of memory\n", __func__);
>> send_conf(iif, ap, skb, CAPI_MSGOSRESOURCEERR);
>> return;
>> leak here ------^
>> ...
>>
>> This leak is easily fixed by just kfree()'ing the memory allocated to
>> 'b3cmsg' right before we return. The following patch does that.
>>
>>
>> Signed-off-by: Jesper Juhl <jj@...osbits.net>
>
> Acked-by: Tilman Schmidt <tilman@...p.cc>
Applied.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists