Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / kernel / msm / 69c867c90c7fe0773d9aa4e8bbf777f574be13d2^! / .
commit69c867c90c7fe0773d9aa4e8bbf777f574be13d2[log] [tgz]
authorsjur.brandeland@stericsson.com <sjur.brandeland@stericsson.com>Sun May 22 11:18:54 2011 +0000
committerDavid S. Miller <davem@davemloft.net>Sun May 22 20:11:49 2011 -0400
treeb67c6269246eb32f6826d590ed6067c5ab87e9a2
parent138eded8ba1227261a297b32b7940664c14d193e [diff]
caif: Plug memory leak for checksum error

In case of checksum error, the framing layer returns -EILSEQ, but
does not free the packet. Plug this hole by freeing the packet if
-EILSEQ is returned.

Signed-off-by: Sjur Brændeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/caif/caif_dev.c b/net/caif/caif_dev.c
index 366ca0f..682c0fe 100644
--- a/net/caif/caif_dev.c
+++ b/net/caif/caif_dev.c

@@ -142,6 +142,7 @@
 {
 	struct cfpkt *pkt;
 	struct caif_device_entry *caifd;
+	int err;
 
 	pkt = cfpkt_fromnative(CAIF_DIR_IN, skb);
 
@@ -159,7 +160,11 @@
 	caifd_hold(caifd);
 	rcu_read_unlock();
 
-	caifd->layer.up->receive(caifd->layer.up, pkt);
+	err = caifd->layer.up->receive(caifd->layer.up, pkt);
+
+	/* For -EILSEQ the packet is not freed so so it now */
+	if (err == -EILSEQ)
+		cfpkt_destroy(pkt);
 
 	/* Release reference to stack upwards */
 	caifd_put(caifd);