summaryrefslogtreecommitdiff
path: root/net/packet
diff options
context:
space:
mode:
authorJason Gunthorpe <jgg@mellanox.com>2019-01-09 02:27:06 +0300
committerDavid S. Miller <davem@davemloft.net>2019-01-09 05:41:40 +0300
commitd972f3dce8d161e2142da0ab1ef25df00e2f21a9 (patch)
tree30b1ba6359a7ec06944d95b9359270a96aa4c82d /net/packet
parent4314b1f68a3f655f75010ab04bb57419eab34ec3 (diff)
downloadlinux-d972f3dce8d161e2142da0ab1ef25df00e2f21a9.tar.xz
packet: Do not leak dev refcounts on error exit
'dev' is non NULL when the addr_len check triggers so it must goto a label that does the dev_put otherwise dev will have a leaked refcount. This bug causes the ib_ipoib module to become unloadable when using systemd-network as it triggers this check on InfiniBand links. Fixes: 99137b7888f4 ("packet: validate address length") Reported-by: Leon Romanovsky <leonro@mellanox.com> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com> Acked-by: Willem de Bruijn <willemb@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/packet')
-rw-r--r--net/packet/af_packet.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index eedacdebcd4c..d0945253f43b 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -2628,7 +2628,7 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
addr = saddr->sll_halen ? saddr->sll_addr : NULL;
dev = dev_get_by_index(sock_net(&po->sk), saddr->sll_ifindex);
if (addr && dev && saddr->sll_halen < dev->addr_len)
- goto out;
+ goto out_put;
}
err = -ENXIO;
@@ -2828,7 +2828,7 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len)
addr = saddr->sll_halen ? saddr->sll_addr : NULL;
dev = dev_get_by_index(sock_net(sk), saddr->sll_ifindex);
if (addr && dev && saddr->sll_halen < dev->addr_len)
- goto out;
+ goto out_unlock;
}
err = -ENXIO;