From mboxrd@z Thu Jan 1 00:00:00 1970 From: Cong Wang Subject: [Patch net] tipc: check return value of __tipc_dump_start() Date: Tue, 11 Sep 2018 15:12:17 -0700 Message-ID: <20180911221217.23392-1-xiyou.wangcong@gmail.com> Cc: tipc-discussion@lists.sourceforge.net, Cong Wang , Jon Maloy , Ying Xue To: netdev@vger.kernel.org Return-path: Received: from mail-pf1-f196.google.com ([209.85.210.196]:40366 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727796AbeILDNt (ORCPT ); Tue, 11 Sep 2018 23:13:49 -0400 Received: by mail-pf1-f196.google.com with SMTP id s13-v6so12896960pfi.7 for ; Tue, 11 Sep 2018 15:12:27 -0700 (PDT) Sender: netdev-owner@vger.kernel.org List-ID: When __tipc_dump_start() fails with running out of memory, we have no reason to continue, especially we should avoid calling tipc_dump_done(). Fixes: 8f5c5fcf3533 ("tipc: call start and done ops directly in __tipc_nl_compat_dumpit()") Reported-and-tested-by: syzbot+3f8324abccfbf8c74a9f@syzkaller.appspotmail.com Cc: Jon Maloy Cc: Ying Xue Signed-off-by: Cong Wang --- net/tipc/netlink_compat.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c index 82f665728382..6376467e78f8 100644 --- a/net/tipc/netlink_compat.c +++ b/net/tipc/netlink_compat.c @@ -185,7 +185,10 @@ static int __tipc_nl_compat_dumpit(struct tipc_nl_compat_cmd_dump *cmd, return -ENOMEM; buf->sk = msg->dst_sk; - __tipc_dump_start(&cb, msg->net); + if (__tipc_dump_start(&cb, msg->net)) { + kfree_skb(buf); + return -ENOMEM; + } do { int rem; -- 2.14.4