From 7629d1eaf33672c9d35ba1e2ad12b459d56ca3b1 Mon Sep 17 00:00:00 2001 From: Martin Townsend Date: Tue, 19 Aug 2014 19:03:28 +0200 Subject: mac802154: fixed potential skb leak with mac802154_parse_frame_start This patch fix a memory leak if received frame was not able to parse. Signed-off-by: Martin Townsend Signed-off-by: Alexander Aring Signed-off-by: Marcel Holtmann --- net/mac802154/wpan.c | 1 + 1 file changed, 1 insertion(+) (limited to 'net/mac802154') diff --git a/net/mac802154/wpan.c b/net/mac802154/wpan.c index 3c3069fd6971..4c133239ad39 100644 --- a/net/mac802154/wpan.c +++ b/net/mac802154/wpan.c @@ -573,6 +573,7 @@ void mac802154_wpans_rx(struct mac802154_priv *priv, struct sk_buff *skb) ret = mac802154_parse_frame_start(skb, &hdr); if (ret) { pr_debug("got invalid frame\n"); + kfree_skb(skb); return; } -- cgit v1.2.3 From 6e361d6ffee322fcd092d97720e05032ffb98ae6 Mon Sep 17 00:00:00 2001 From: Martin Townsend Date: Tue, 19 Aug 2014 19:03:30 +0200 Subject: ieee802154: mac802154: handle the reserved dest mode by dropping the packet If received frame contains the reserved destination address mode. The frame should be dropped and free the skb. Signed-off-by: Martin Townsend Signed-off-by: Alexander Aring Signed-off-by: Marcel Holtmann --- net/mac802154/wpan.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'net/mac802154') diff --git a/net/mac802154/wpan.c b/net/mac802154/wpan.c index 4c133239ad39..547838822d5e 100644 --- a/net/mac802154/wpan.c +++ b/net/mac802154/wpan.c @@ -462,7 +462,10 @@ mac802154_subif_frame(struct mac802154_sub_if_data *sdata, struct sk_buff *skb, skb->pkt_type = PACKET_OTHERHOST; break; default: - break; + spin_unlock_bh(&sdata->mib_lock); + pr_debug("invalid dest mode\n"); + kfree_skb(skb); + return NET_RX_DROP; } spin_unlock_bh(&sdata->mib_lock); -- cgit v1.2.3