From 5a3976828225947d333ff2326d04f8b20e48e072 Mon Sep 17 00:00:00 2001 From: Jonathan Neuschäfer Date: Mon, 15 Aug 2011 22:10:08 +0200 Subject: pfinet/linux-src: fix a memory leak * pfinet/linux-src/net/ipv4/ip_options.c (ip_options_get): calculate the size of opt only once, free opt before returning -EFAULT. --- pfinet/linux-src/net/ipv4/ip_options.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pfinet/linux-src/net/ipv4/ip_options.c b/pfinet/linux-src/net/ipv4/ip_options.c index a3d1f0aa..ec21054d 100644 --- a/pfinet/linux-src/net/ipv4/ip_options.c +++ b/pfinet/linux-src/net/ipv4/ip_options.c @@ -491,15 +491,18 @@ void ip_options_undo(struct ip_options * opt) int ip_options_get(struct ip_options **optp, unsigned char *data, int optlen, int user) { struct ip_options *opt; + size_t opt_size = sizeof(struct ip_options)+((optlen+3)&~3); - opt = kmalloc(sizeof(struct ip_options)+((optlen+3)&~3), GFP_KERNEL); + opt = kmalloc(opt_size, GFP_KERNEL); if (!opt) return -ENOMEM; memset(opt, 0, sizeof(struct ip_options)); if (optlen) { if (user) { - if (copy_from_user(opt->__data, data, optlen)) + if (copy_from_user(opt->__data, data, optlen)) { + kfree_s(opt, opt_size); return -EFAULT; + } } else memcpy(opt->__data, data, optlen); } @@ -509,7 +512,7 @@ int ip_options_get(struct ip_options **optp, unsigned char *data, int optlen, in opt->is_data = 1; opt->is_setbyuser = 1; if (optlen && ip_options_compile(opt, NULL)) { - kfree_s(opt, sizeof(struct ip_options) + optlen); + kfree_s(opt, opt_size); return -EINVAL; } *optp = opt; -- cgit v1.2.3