Fix memory leak in discard case of sctp_sf_abort_violation()

Tue, 13 Nov 2007 10:05:17 -0800 

Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9abed245a6dc94c32b2f45a1ecc51a0829d11470
Commit:     9abed245a6dc94c32b2f45a1ecc51a0829d11470
Parent:     7d54dc6876b83d6bb75b8f7e865b7b9051056d22
Author:     Jesper Juhl <[EMAIL PROTECTED]>
AuthorDate: Sun Nov 11 23:57:49 2007 +0100
Committer:  Vlad Yasevich <[EMAIL PROTECTED]>
CommitDate: Mon Nov 12 10:13:24 2007 -0500

    Fix memory leak in discard case of sctp_sf_abort_violation()
    
    In net/sctp/sm_statefuns.c::sctp_sf_abort_violation() we may leak
    the storage allocated for 'abort' by returning from the function
    without using or freeing it. This happens in case
    "sctp_auth_recv_cid(SCTP_CID_ABORT, asoc)" is true and we jump to
    the 'discard' label.
    Spotted by the Coverity checker.
    
    The simple fix is to simply move the creation of the "abort chunk"
    to after the possible jump to the 'discard' label. This way we don't
    even have to allocate the memory at all in the problem case.
    
    Signed-off-by: Jesper Juhl <[EMAIL PROTECTED]>
    Signed-off-by: Vlad Yasevich <[EMAIL PROTECTED]>
---
 net/sctp/sm_statefuns.c |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index a66075a..5ebbe80 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -4064,11 +4064,6 @@ static sctp_disposition_t sctp_sf_abort_violation(
        struct sctp_chunk *chunk =  arg;
        struct sctp_chunk *abort = NULL;
 
-       /* Make the abort chunk. */
-       abort = sctp_make_abort_violation(asoc, chunk, payload, paylen);
-       if (!abort)
-               goto nomem;
-
        /* SCTP-AUTH, Section 6.3:
         *    It should be noted that if the receiver wants to tear
         *    down an association in an authenticated way only, the
@@ -4083,6 +4078,11 @@ static sctp_disposition_t sctp_sf_abort_violation(
        if (sctp_auth_recv_cid(SCTP_CID_ABORT, asoc))
                goto discard;
 
+       /* Make the abort chunk. */
+       abort = sctp_make_abort_violation(asoc, chunk, payload, paylen);
+       if (!abort)
+               goto nomem;
+
        if (asoc) {
                sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
                SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to