mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-28 07:13:34 +00:00
packet: Do not leak dev refcounts on error exit
[ Upstream commitd972f3dce8
] 'dev' is non NULL when the addr_len check triggers so it must goto a label that does the dev_put otherwise dev will have a leaked refcount. This bug causes the ib_ipoib module to become unloadable when using systemd-network as it triggers this check on InfiniBand links. Fixes:99137b7888
("packet: validate address length") Reported-by: Leon Romanovsky <leonro@mellanox.com> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com> Acked-by: Willem de Bruijn <willemb@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
b4683849b9
commit
6740236de3
1 changed files with 2 additions and 2 deletions
|
@ -2666,7 +2666,7 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
|
|||
addr = saddr->sll_halen ? saddr->sll_addr : NULL;
|
||||
dev = dev_get_by_index(sock_net(&po->sk), saddr->sll_ifindex);
|
||||
if (addr && dev && saddr->sll_halen < dev->addr_len)
|
||||
goto out;
|
||||
goto out_put;
|
||||
}
|
||||
|
||||
err = -ENXIO;
|
||||
|
@ -2866,7 +2866,7 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len)
|
|||
addr = saddr->sll_halen ? saddr->sll_addr : NULL;
|
||||
dev = dev_get_by_index(sock_net(sk), saddr->sll_ifindex);
|
||||
if (addr && dev && saddr->sll_halen < dev->addr_len)
|
||||
goto out;
|
||||
goto out_unlock;
|
||||
}
|
||||
|
||||
err = -ENXIO;
|
||||
|
|
Loading…
Reference in a new issue