Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 69c867c9 authored by sjur.brandeland@stericsson.com's avatar sjur.brandeland@stericsson.com Committed by David S. Miller
Browse files

caif: Plug memory leak for checksum error 



In case of checksum error, the framing layer returns -EILSEQ, but
does not free the packet. Plug this hole by freeing the packet if
-EILSEQ is returned.

Signed-off-by: default avatarSjur Brændeland <sjur.brandeland@stericsson.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 138eded8

net/caif/caif_dev.c

+6 −1
Original line number Original line Diff line number Diff line
@@ -142,6 +142,7 @@ static int receive(struct sk_buff *skb, struct net_device *dev, 
{

{

	struct cfpkt *pkt;

	struct cfpkt *pkt;

	struct caif_device_entry *caifd;

	struct caif_device_entry *caifd;

	int err;





	pkt = cfpkt_fromnative(CAIF_DIR_IN, skb);

	pkt = cfpkt_fromnative(CAIF_DIR_IN, skb);
@@ -159,7 +160,11 @@ static int receive(struct sk_buff *skb, struct net_device *dev, 
	caifd_hold(caifd);

	caifd_hold(caifd);

	rcu_read_unlock();

	rcu_read_unlock();





	caifd->layer.up->receive(caifd->layer.up, pkt);

	err = caifd->layer.up->receive(caifd->layer.up, pkt);



	/* For -EILSEQ the packet is not freed so so it now */

	if (err == -EILSEQ)

		cfpkt_destroy(pkt);





	/* Release reference to stack upwards */

	/* Release reference to stack upwards */

	caifd_put(caifd);

	caifd_put(caifd);