Re: [PATCH] ISDN, Gigaset: Fix memory leak in do_disconnect_req()
From: David Miller
Date: Fri Dec 31 2010 - 14:20:35 EST
From: Tilman Schmidt <tilman@xxxxxxx>
Date: Tue, 28 Dec 2010 18:42:29 +0100
> Quite correct. Thanks for finding and fixing this.
>
> Am 26.12.2010 20:59 schrieb Jesper Juhl:
>> Hi,
>>
>> In drivers/isdn/gigaset/capi.c::do_disconnect_req() we will leak the
>> memory allocated (with kmalloc) to 'b3cmsg' if the call to alloc_skb()
>> fails.
>>
>> ...
>> b3cmsg = kmalloc(sizeof(*b3cmsg), GFP_KERNEL);
>> allocation here ------^
>> if (!b3cmsg) {
>> dev_err(cs->dev, "%s: out of memory\n", __func__);
>> send_conf(iif, ap, skb, CAPI_MSGOSRESOURCEERR);
>> return;
>> }
>> capi_cmsg_header(b3cmsg, ap->id, CAPI_DISCONNECT_B3, CAPI_IND,
>> ap->nextMessageNumber++,
>> cmsg->adr.adrPLCI | (1 << 16));
>> b3cmsg->Reason_B3 = CapiProtocolErrorLayer1;
>> b3skb = alloc_skb(CAPI_DISCONNECT_B3_IND_BASELEN, GFP_KERNEL);
>> if (b3skb == NULL) {
>> dev_err(cs->dev, "%s: out of memory\n", __func__);
>> send_conf(iif, ap, skb, CAPI_MSGOSRESOURCEERR);
>> return;
>> leak here ------^
>> ...
>>
>> This leak is easily fixed by just kfree()'ing the memory allocated to
>> 'b3cmsg' right before we return. The following patch does that.
>>
>>
>> Signed-off-by: Jesper Juhl <jj@xxxxxxxxxxxxx>
>
> Acked-by: Tilman Schmidt <tilman@xxxxxxx>
Applied.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/