| Message ID | alpine.LNX.2.00.1201142149250.11547@swampdragon.chaosbits.net |
|---|---|
| State | Not Applicable, archived |
| Delegated to: | David Miller |
| Headers | show |
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index f407427..7514091 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -1979,6 +1979,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx) mesh_path_error_tx(ifmsh->mshcfg.element_ttl, fwd_hdr->addr3, 0, reason, fwd_hdr->addr2, sdata); IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, dropped_frames_no_route); + kfree_skb(fwd_skb); return RX_DROP_MONITOR; }
We may leak the 'fwd_skb' we skb_copy() in ieee80211_rx_h_mesh_fwding() if we take the 'else' branch in the 'if' statement just below. If we take that branch we'll end up returning from the function and since we've not assigned 'fwd_skb' to anything at that point, we leak it when the variable goes out of scope. The simple fix seems to be to just kfree_skb(fwd_skb); just before we return. That is what this patch does. Signed-off-by: Jesper Juhl <jj@chaosbits.net> --- net/mac80211/rx.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) note: patch is only compile tested.