net: ncsi: fix skb leak in error paths (5c3398a5) · Commits · git / linux-nf

net/ncsi/ncsi-aen.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -224,7 +224,8 @@ int ncsi_aen_handler(struct ncsi_dev_priv ndp, struct sk_buff skb)
		if (!nah) {
		netdev_warn(ndp->ndev.dev, "Invalid AEN (0x%x) received\n",
		h->type);
		return -ENOENT;
		ret = -ENOENT;
		goto out;
		}

		ret = ncsi_validate_aen_pkt(h, nah->payload);

+12 −4

Original line number	Diff line number	Diff line
		@@ -1176,8 +1176,10 @@ int ncsi_rcv_rsp(struct sk_buff skb, struct net_device dev,
		/* Find the NCSI device */
		nd = ncsi_find_dev(orig_dev);
		ndp = nd ? TO_NCSI_DEV_PRIV(nd) : NULL;
		if (!ndp)
		return -ENODEV;
		if (!ndp) {
		ret = -ENODEV;
		goto err_free_skb;
		}

		/* Check if it is AEN packet */
		hdr = (struct ncsi_pkt_hdr *)skb_network_header(skb);
		@@ -1199,7 +1201,8 @@ int ncsi_rcv_rsp(struct sk_buff skb, struct net_device dev,
		if (!nrh) {
		netdev_err(nd->dev, "Received unrecognized packet (0x%x)\n",
		hdr->type);
		return -ENOENT;
		ret = -ENOENT;
		goto err_free_skb;
		}

		/* Associate with the request */
		@@ -1207,7 +1210,8 @@ int ncsi_rcv_rsp(struct sk_buff skb, struct net_device dev,
		nr = &ndp->requests[hdr->id];
		if (!nr->used) {
		spin_unlock_irqrestore(&ndp->lock, flags);
		return -ENODEV;
		ret = -ENODEV;
		goto err_free_skb;
		}

		nr->rsp = skb;
		@@ -1261,4 +1265,8 @@ int ncsi_rcv_rsp(struct sk_buff skb, struct net_device dev,
		out:
		ncsi_free_request(nr);
		return ret;

		err_free_skb:
		kfree_skb(skb);
		return ret;
		}