From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCH net] batman-adv: Fix memory leak on tt add with invalid vlan Date: Tue, 18 Aug 2015 19:08:40 -0700 (PDT) Message-ID: <20150818.190840.1520518833381816197.davem@davemloft.net> References: <1439897821-7480-1-git-send-email-sven@narfation.org> Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, b.a.t.m.a.n-ZwoEplunGu2X36UT3dwllkB+6BGkLq7r@public.gmane.org, mareklindner-rVWd3aGhH2z5bpWLKbzFeg@public.gmane.org, antonio-x4xJYDvStAgysxA8WJXlww@public.gmane.org To: sven-KaDOiPu9UxWEi8DpZVb4nw@public.gmane.org Return-path: In-Reply-To: <1439897821-7480-1-git-send-email-sven-KaDOiPu9UxWEi8DpZVb4nw@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: b.a.t.m.a.n-bounces-ZwoEplunGu2X36UT3dwllkB+6BGkLq7r@public.gmane.org Sender: "B.A.T.M.A.N" List-Id: netdev.vger.kernel.org From: Sven Eckelmann Date: Tue, 18 Aug 2015 13:37:01 +0200 > The object tt_local is allocated with kmalloc and not initialized when the > function batadv_tt_local_add checks for the vlan. But this function can > only cleanup the object when the (not yet initialized) reference counter of > the object is 1. This is unlikely and thus the object would leak when the > vlan could not be found. > > Instead the uninitialized object tt_local has to be freed manually and the > pointer has to set to NULL to avoid calling the function which would try to > decrement the reference counter of the not existing object. > > CID: 1316518 > Fixes: 354136bcc3c4 ("batman-adv: fix kernel crash due to missing NULL checks") > Signed-off-by: Sven Eckelmann Applied, thanks.