From b425df4cdd953a400d814b4474c9d3ec04481858 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Fri, 25 Jan 2013 18:44:57 +0300 Subject: [PATCH] ipvs: freeing uninitialized pointer on error If state != IP_VS_STATE_BACKUP then tinfo->buf is uninitialized. If kthread_run() fails then it means we free random memory resulting in an oops. Signed-off-by: Dan Carpenter Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- net/netfilter/ipvs/ip_vs_sync.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c index effa10c9e4e3..44fd10c539ac 100644 --- a/net/netfilter/ipvs/ip_vs_sync.c +++ b/net/netfilter/ipvs/ip_vs_sync.c @@ -1795,6 +1795,8 @@ int start_sync_thread(struct net *net, int state, char *mcast_ifn, __u8 syncid) GFP_KERNEL); if (!tinfo->buf) goto outtinfo; + } else { + tinfo->buf = NULL; } tinfo->id = id; -- 2.20.1