[SCTP] Fix leak in sctp_getsockopt_local_addrs when copy_to_user fails
If the copy_to_user or copy_user calls fail in sctp_getsockopt_local_addrs(),
the function should free locally allocated storage before returning error.
Spotted by Coverity.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Acked-by: Sridhar Samudrala <sri@us.ibm.com>
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index a5b6e55..45510c4 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4352,11 +4352,12 @@
err = -EFAULT;
goto error;
}
- if (put_user(cnt, &((struct sctp_getaddrs __user *)optval)->addr_num))
- return -EFAULT;
+ if (put_user(cnt, &((struct sctp_getaddrs __user *)optval)->addr_num)) {
+ err = -EFAULT;
+ goto error;
+ }
if (put_user(bytes_copied, optlen))
- return -EFAULT;
-
+ err = -EFAULT;
error:
kfree(addrs);
return err;