summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJesper Juhl <jesper.juhl@gmail.com>2007-11-11 23:57:49 +0100
committerVlad Yasevich <vladislav.yasevich@hp.com>2007-11-12 10:13:24 -0500
commit9abed245a6dc94c32b2f45a1ecc51a0829d11470 (patch)
tree2eeb675c127afb5b92646f7a27ad434438018994 /net
parent7d54dc6876b83d6bb75b8f7e865b7b9051056d22 (diff)
downloadlinux-9abed245a6dc94c32b2f45a1ecc51a0829d11470.tar.bz2
Fix memory leak in discard case of sctp_sf_abort_violation()
In net/sctp/sm_statefuns.c::sctp_sf_abort_violation() we may leak the storage allocated for 'abort' by returning from the function without using or freeing it. This happens in case "sctp_auth_recv_cid(SCTP_CID_ABORT, asoc)" is true and we jump to the 'discard' label. Spotted by the Coverity checker. The simple fix is to simply move the creation of the "abort chunk" to after the possible jump to the 'discard' label. This way we don't even have to allocate the memory at all in the problem case. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Diffstat (limited to 'net')
-rw-r--r--net/sctp/sm_statefuns.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index a66075a70f29..5ebbe808d801 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -4064,11 +4064,6 @@ static sctp_disposition_t sctp_sf_abort_violation(
struct sctp_chunk *chunk = arg;
struct sctp_chunk *abort = NULL;
- /* Make the abort chunk. */
- abort = sctp_make_abort_violation(asoc, chunk, payload, paylen);
- if (!abort)
- goto nomem;
-
/* SCTP-AUTH, Section 6.3:
* It should be noted that if the receiver wants to tear
* down an association in an authenticated way only, the
@@ -4083,6 +4078,11 @@ static sctp_disposition_t sctp_sf_abort_violation(
if (sctp_auth_recv_cid(SCTP_CID_ABORT, asoc))
goto discard;
+ /* Make the abort chunk. */
+ abort = sctp_make_abort_violation(asoc, chunk, payload, paylen);
+ if (!abort)
+ goto nomem;
+
if (asoc) {
sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);