aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJesper Juhl <jesper.juhl@gmail.com>2007-11-11 17:57:49 -0500
committerVlad Yasevich <vladislav.yasevich@hp.com>2007-11-12 10:13:24 -0500
commit9abed245a6dc94c32b2f45a1ecc51a0829d11470 (patch)
tree2eeb675c127afb5b92646f7a27ad434438018994
parent7d54dc6876b83d6bb75b8f7e865b7b9051056d22 (diff)
Fix memory leak in discard case of sctp_sf_abort_violation()
In net/sctp/sm_statefuns.c::sctp_sf_abort_violation() we may leak the storage allocated for 'abort' by returning from the function without using or freeing it. This happens in case "sctp_auth_recv_cid(SCTP_CID_ABORT, asoc)" is true and we jump to the 'discard' label. Spotted by the Coverity checker. The simple fix is to simply move the creation of the "abort chunk" to after the possible jump to the 'discard' label. This way we don't even have to allocate the memory at all in the problem case. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
-rw-r--r--net/sctp/sm_statefuns.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index a66075a70f29..5ebbe808d801 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -4064,11 +4064,6 @@ static sctp_disposition_t sctp_sf_abort_violation(
4064 struct sctp_chunk *chunk = arg; 4064 struct sctp_chunk *chunk = arg;
4065 struct sctp_chunk *abort = NULL; 4065 struct sctp_chunk *abort = NULL;
4066 4066
4067 /* Make the abort chunk. */
4068 abort = sctp_make_abort_violation(asoc, chunk, payload, paylen);
4069 if (!abort)
4070 goto nomem;
4071
4072 /* SCTP-AUTH, Section 6.3: 4067 /* SCTP-AUTH, Section 6.3:
4073 * It should be noted that if the receiver wants to tear 4068 * It should be noted that if the receiver wants to tear
4074 * down an association in an authenticated way only, the 4069 * down an association in an authenticated way only, the
@@ -4083,6 +4078,11 @@ static sctp_disposition_t sctp_sf_abort_violation(
4083 if (sctp_auth_recv_cid(SCTP_CID_ABORT, asoc)) 4078 if (sctp_auth_recv_cid(SCTP_CID_ABORT, asoc))
4084 goto discard; 4079 goto discard;
4085 4080
4081 /* Make the abort chunk. */
4082 abort = sctp_make_abort_violation(asoc, chunk, payload, paylen);
4083 if (!abort)
4084 goto nomem;
4085
4086 if (asoc) { 4086 if (asoc) {
4087 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort)); 4087 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
4088 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); 4088 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);