44 lines
1.7 KiB
Diff
44 lines
1.7 KiB
Diff
From dba67bc80fbfe6a28fc3c1141cca1c556ab7e499 Mon Sep 17 00:00:00 2001
|
|
From: Sven Eckelmann <sven@narfation.org>
|
|
Date: Tue, 18 Aug 2015 13:37:01 +0200
|
|
Subject: [PATCH 3/9] batman-adv: Fix memory leak on tt add with invalid vlan
|
|
|
|
The object tt_local is allocated with kmalloc and not initialized when the
|
|
function batadv_tt_local_add checks for the vlan. But this function can
|
|
only cleanup the object when the (not yet initialized) reference counter of
|
|
the object is 1. This is unlikely and thus the object would leak when the
|
|
vlan could not be found.
|
|
|
|
Instead the uninitialized object tt_local has to be freed manually and the
|
|
pointer has to set to NULL to avoid calling the function which would try to
|
|
decrement the reference counter of the not existing object.
|
|
|
|
CID: 1316518
|
|
Fixes: 354136bcc3c4 ("batman-adv: fix kernel crash due to missing NULL checks")
|
|
Signed-off-by: Sven Eckelmann <sven@narfation.org>
|
|
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
|
|
---
|
|
net/batman-adv/translation-table.c | 5 ++++-
|
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
|
|
index 7986ec5..39283ff 100644
|
|
--- a/net/batman-adv/translation-table.c
|
|
+++ b/net/batman-adv/translation-table.c
|
|
@@ -595,8 +595,11 @@ bool batadv_tt_local_add(struct net_device *soft_iface, const uint8_t *addr,
|
|
/* increase the refcounter of the related vlan */
|
|
vlan = batadv_softif_vlan_get(bat_priv, vid);
|
|
if (WARN(!vlan, "adding TT local entry %pM to non-existent VLAN %d",
|
|
- addr, BATADV_PRINT_VID(vid)))
|
|
+ addr, BATADV_PRINT_VID(vid))) {
|
|
+ kfree(tt_local);
|
|
+ tt_local = NULL;
|
|
goto out;
|
|
+ }
|
|
|
|
batadv_dbg(BATADV_DBG_TT, bat_priv,
|
|
"Creating new local tt entry: %pM (vid: %d, ttvn: %d)\n",
|
|
--
|
|
2.5.0
|
|
|