Re: [PATCH net v2] Check for skb_put_padto return value

David Miller Mon, 08 May 2017 12:04:32 -0700

From: Peter Heise <m...@pheise.de>
Date: Sun, 7 May 2017 17:15:26 +0000


> Return value of skb_put_padto is now checked as
> reported by Dan Carpenter. skb might be freed in
> case of error in skb_put_padto.
> ---
>  net/hsr/hsr_device.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/net/hsr/hsr_device.c b/net/hsr/hsr_device.c
> index c73160fb11e7..a1545d09a3c9 100644
> --- a/net/hsr/hsr_device.c
> +++ b/net/hsr/hsr_device.c
> @@ -314,7 +314,8 @@ static void send_hsr_supervision_frame(struct hsr_port 
> *master,
>       hsr_sp = (typeof(hsr_sp)) skb_put(skb, sizeof(struct hsr_sup_payload));
>       ether_addr_copy(hsr_sp->MacAddressA, master->dev->dev_addr);
>  
> -     skb_put_padto(skb, ETH_ZLEN + HSR_HLEN);
> +     if (skb_put_padto(skb, ETH_ZLEN + HSR_HLEN))
> +             return;
>  
>       hsr_forward_skb(skb, master);
>       return;

You're adding a more serious bug than the one you are fixing.

Now, if skb_put_padto() fails, we leak the SKB.

Re: [PATCH net v2] Check for skb_put_padto return value

Reply via email to