nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity

netrom: fix a memory leak in nr_rx_frame()

Browse source 
When the skb is associated with a new sock, just assigning
it to skb->sk is not sufficient, we have to set its destructor
to free the sock properly too.

Reported-by: syzbot+d6636a36d3c34bd88938@syzkaller.appspotmail.com
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Cong Wang 2019-06-27 14:30:58 -07:00 committed by David S. Miller
parent 2e60546368
commit c8c8218ec5
1 changed files with 2 additions and 1 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

3
net/netrom/af_netrom.c
View file

@ -869,7 +869,7 @@ int nr_rx_frame(struct sk_buff *skb, struct net_device *dev)
unsigned short frametype, flags, window, timeout; unsigned short frametype, flags, window, timeout;
int ret; int ret;
skb->sk = NULL; /* Initially we don't know who it's for */ skb_orphan(skb);
/* /*
* skb->data points to the netrom frame start * skb->data points to the netrom frame start
@ -968,6 +968,7 @@ int nr_rx_frame(struct sk_buff *skb, struct net_device *dev)
window = skb->data[20]; window = skb->data[20];
skb->sk = make; skb->sk = make;
skb->destructor = sock_efree;
make->sk_state = TCP_ESTABLISHED; make->sk_state = TCP_ESTABLISHED;
/* Fill in his circuit details */ /* Fill in his circuit details */