From: sjur.brandeland@stericsson.com Date: Sun, 22 May 2011 11:18:54 +0000 (+0000) Subject: caif: Plug memory leak for checksum error X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=69c867c90c7fe0773d9aa4e8bbf777f574be13d2;p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git caif: Plug memory leak for checksum error In case of checksum error, the framing layer returns -EILSEQ, but does not free the packet. Plug this hole by freeing the packet if -EILSEQ is returned. Signed-off-by: Sjur Brændeland Signed-off-by: David S. Miller --- diff --git a/net/caif/caif_dev.c b/net/caif/caif_dev.c index 366ca0fb7a2..682c0fedf36 100644 --- a/net/caif/caif_dev.c +++ b/net/caif/caif_dev.c @@ -142,6 +142,7 @@ static int receive(struct sk_buff *skb, struct net_device *dev, { struct cfpkt *pkt; struct caif_device_entry *caifd; + int err; pkt = cfpkt_fromnative(CAIF_DIR_IN, skb); @@ -159,7 +160,11 @@ static int receive(struct sk_buff *skb, struct net_device *dev, caifd_hold(caifd); rcu_read_unlock(); - caifd->layer.up->receive(caifd->layer.up, pkt); + err = caifd->layer.up->receive(caifd->layer.up, pkt); + + /* For -EILSEQ the packet is not freed so so it now */ + if (err == -EILSEQ) + cfpkt_destroy(pkt); /* Release reference to stack upwards */ caifd_put(caifd);