From: Arnaldo Carvalho de Melo Date: Wed, 24 Aug 2005 04:50:21 +0000 (-0700) Subject: [DCCP]: Fix skb leak in dccp_sendmsg X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=20472af986569b0615bd77f0fd7ca9e3d33e9895;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git [DCCP]: Fix skb leak in dccp_sendmsg Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: David S. Miller --- diff --git a/net/dccp/proto.c b/net/dccp/proto.c index a3f8a8095f81..2b6db18e607f 100644 --- a/net/dccp/proto.c +++ b/net/dccp/proto.c @@ -206,6 +206,18 @@ int dccp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, goto out_discard; rc = dccp_write_xmit(sk, skb, len); + /* + * XXX we don't use sk_write_queue, so just discard the packet. + * Current plan however is to _use_ sk_write_queue with + * an algorith similar to tcp_sendmsg, where the main difference + * is that in DCCP we have to respect packet boundaries, so + * no coalescing of skbs. + * + * This bug was _quickly_ found & fixed by just looking at an OSTRA + * generated callgraph 8) -acme + */ + if (rc != 0) + goto out_discard; out_release: release_sock(sk); return rc ? : len;