summaryrefslogtreecommitdiffstats
path: root/net/l2tp
diff options
context:
space:
mode:
authorMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>2019-12-20 15:03:44 -0300
committerDavid S. Miller <davem@davemloft.net>2019-12-24 16:07:10 -0800
commit61d5d4062876e21331c3d0ba4b02dbd50c06a658 (patch)
treef0e38ebd703b0f10b9e84746d68ff8347d41a06d /net/l2tp
parentfeed8a4fc9d46c3126fb9fcae0e9248270c6321a (diff)
downloadlinux-61d5d4062876e21331c3d0ba4b02dbd50c06a658.tar.bz2
sctp: fix err handling of stream initialization
The fix on 951c6db954a1 fixed the issued reported there but introduced another. When the allocation fails within sctp_stream_init() it is okay/necessary to free the genradix. But it is also called when adding new streams, from sctp_send_add_streams() and sctp_process_strreset_addstrm_in() and in those situations it cannot just free the genradix because by then it is a fully operational association. The fix here then is to only free the genradix in sctp_stream_init() and on those other call sites move on with what it already had and let the subsequent error handling to handle it. Tested with the reproducers from this report and the previous one, with lksctp-tools and sctp-tests. Reported-by: syzbot+9a1bc632e78a1a98488b@syzkaller.appspotmail.com Fixes: 951c6db954a1 ("sctp: fix memleak on err handling of stream initialization") Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/l2tp')
0 files changed, 0 insertions, 0 deletions