From: Javier Martinez Canillas Date: Tue, 26 Jun 2012 22:22:20 +0000 (+0200) Subject: staging: gdm72xx: fix an skb memory leak X-Git-Tag: firefly_0821_release~3680^2~2356^2~512 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=2da049bd5f9b0dbd688519fdb6688a4895fe8395;p=firefly-linux-kernel-4.4.55.git staging: gdm72xx: fix an skb memory leak The NLMSG_PUT() macro contains a hidden goto that jumps to the nlmsg_failure label. Since the sk_buff was allocated before the macro, jumping to the nlmsg_failure label leaks the memory allocated for it. Calling kfree() before returning would fix it, but is better to avoid using this error prone macro and use nlmsg_put() instead. Also, use nlmsg_data() instead of NLMSG_DATA() to check type. Signed-off-by: Javier Martinez Canillas Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/gdm72xx/netlink_k.c b/drivers/staging/gdm72xx/netlink_k.c index 9fa432d74364..064815bd3f86 100644 --- a/drivers/staging/gdm72xx/netlink_k.c +++ b/drivers/staging/gdm72xx/netlink_k.c @@ -126,8 +126,13 @@ int netlink_send(struct sock *sock, int group, u16 type, void *msg, int len) } seq++; - nlh = NLMSG_PUT(skb, 0, seq, type, len); - memcpy(NLMSG_DATA(nlh), msg, len); + nlh = nlmsg_put(skb, 0, seq, type, len, 0); + if (!nlh) { + kfree_skb(skb); + return -EMSGSIZE; + } + + memcpy(nlmsg_data(nlh), msg, len); NETLINK_CB(skb).pid = 0; NETLINK_CB(skb).dst_group = 0; @@ -144,6 +149,5 @@ int netlink_send(struct sock *sock, int group, u16 type, void *msg, int len) ret = 0; } -nlmsg_failure: return ret; }