dccp: fix a memleak for dccp_feat_init err process
authorXin Long <lucien.xin@gmail.com>
Wed, 26 Jul 2017 06:20:15 +0000 (14:20 +0800)
committerDavid S. Miller <davem@davemloft.net>
Thu, 27 Jul 2017 07:01:05 +0000 (00:01 -0700)
In dccp_feat_init, when ccid_get_builtin_ccids failsto alloc
memory for rx.val, it should free tx.val before returning an
error.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/dccp/feat.c

index 1704948e6a12bc87827c71ccb4e81de8b8c2c9f7..f227f002c73d382fecd98c8857ce4c9139cb7a8a 100644 (file)
@@ -1471,9 +1471,12 @@ int dccp_feat_init(struct sock *sk)
         * singleton values (which always leads to failure).
         * These settings can still (later) be overridden via sockopts.
         */
-       if (ccid_get_builtin_ccids(&tx.val, &tx.len) ||
-           ccid_get_builtin_ccids(&rx.val, &rx.len))
+       if (ccid_get_builtin_ccids(&tx.val, &tx.len))
                return -ENOBUFS;
+       if (ccid_get_builtin_ccids(&rx.val, &rx.len)) {
+               kfree(tx.val);
+               return -ENOBUFS;
+       }
 
        if (!dccp_feat_prefer(sysctl_dccp_tx_ccid, tx.val, tx.len) ||
            !dccp_feat_prefer(sysctl_dccp_rx_ccid, rx.val, rx.len))