[PATCH 1/1] staging: gdm72xx: fix an skb memory leak
Javier Martinez Canillas
javier at dowhile0.org
Tue Jun 26 22:22:20 UTC 2012
The NLMSG_PUT() macro contains a hidden goto that jumps to the
nlmsg_failure label. Since the sk_buff was allocated before the macro,
jumping to the nlmsg_failure label leaks the memory allocated for it.
Calling kfree() before returning would fix it, but is better to avoid
using this error prone macro and use nlmsg_put() instead.
Also, use nlmsg_data() instead of NLMSG_DATA() to check type.
Signed-off-by: Javier Martinez Canillas <javier at dowhile0.org>
---
It just was compiled tested since I don't have the hardware
drivers/staging/gdm72xx/netlink_k.c | 10 +++++++---
1 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/gdm72xx/netlink_k.c b/drivers/staging/gdm72xx/netlink_k.c
index 9fa432d..064815b 100644
--- a/drivers/staging/gdm72xx/netlink_k.c
+++ b/drivers/staging/gdm72xx/netlink_k.c
@@ -126,8 +126,13 @@ int netlink_send(struct sock *sock, int group, u16 type, void *msg, int len)
}
seq++;
- nlh = NLMSG_PUT(skb, 0, seq, type, len);
- memcpy(NLMSG_DATA(nlh), msg, len);
+ nlh = nlmsg_put(skb, 0, seq, type, len, 0);
+ if (!nlh) {
+ kfree_skb(skb);
+ return -EMSGSIZE;
+ }
+
+ memcpy(nlmsg_data(nlh), msg, len);
NETLINK_CB(skb).pid = 0;
NETLINK_CB(skb).dst_group = 0;
@@ -144,6 +149,5 @@ int netlink_send(struct sock *sock, int group, u16 type, void *msg, int len)
ret = 0;
}
-nlmsg_failure:
return ret;
}
--
1.7.7.6
More information about the devel
mailing list