diff options
author | Jason Gunthorpe <jgg@mellanox.com> | 2019-01-08 23:27:06 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2019-01-08 21:41:40 -0500 |
commit | d972f3dce8d161e2142da0ab1ef25df00e2f21a9 (patch) | |
tree | 30b1ba6359a7ec06944d95b9359270a96aa4c82d /net/packet | |
parent | 4314b1f68a3f655f75010ab04bb57419eab34ec3 (diff) | |
download | linux-stable-d972f3dce8d161e2142da0ab1ef25df00e2f21a9.tar.gz linux-stable-d972f3dce8d161e2142da0ab1ef25df00e2f21a9.tar.bz2 linux-stable-d972f3dce8d161e2142da0ab1ef25df00e2f21a9.zip |
packet: Do not leak dev refcounts on error exit
'dev' is non NULL when the addr_len check triggers so it must goto a label
that does the dev_put otherwise dev will have a leaked refcount.
This bug causes the ib_ipoib module to become unloadable when using
systemd-network as it triggers this check on InfiniBand links.
Fixes: 99137b7888f4 ("packet: validate address length")
Reported-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/packet')
-rw-r--r-- | net/packet/af_packet.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index eedacdebcd4c..d0945253f43b 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -2628,7 +2628,7 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg) addr = saddr->sll_halen ? saddr->sll_addr : NULL; dev = dev_get_by_index(sock_net(&po->sk), saddr->sll_ifindex); if (addr && dev && saddr->sll_halen < dev->addr_len) - goto out; + goto out_put; } err = -ENXIO; @@ -2828,7 +2828,7 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len) addr = saddr->sll_halen ? saddr->sll_addr : NULL; dev = dev_get_by_index(sock_net(sk), saddr->sll_ifindex); if (addr && dev && saddr->sll_halen < dev->addr_len) - goto out; + goto out_unlock; } err = -ENXIO; |