[KJ] [Patch] fix skb leak in isdn_common.c

Karsten Keil kkeil at suse.de
Thu Sep 7 08:22:16 PDT 2006


On Thu, Sep 07, 2006 at 11:56:25AM +1000, Darren Jenkins" wrote:
> G'day list,
> 
> Coverity CID 1356,
> 
> There looks to be a small leak in isdn_writebuf_stub() in isdn_common.c,
> when copy_from_user() returns an un-copied data length (length != 0).
> The below patch should be a minimally invasive fix.
> 
> compile tested on allyesconfig
> 

Yes this is obvious correct.

Acked-by: Karsten Keil <kkeil at suse.de>

> 
> Fix skb leak in isdn_common.c
> 
> Signed-off-by: Darren Jenkins <darrenrjenkins at gmail.com>
> --- drivers/isdn/i4l/isdn_common.c.orig	2006-09-07 10:14:32.000000000 +1000
> +++ drivers/isdn/i4l/isdn_common.c	2006-09-07 10:28:39.000000000 +1000
> @@ -1967,8 +1967,10 @@ isdn_writebuf_stub(int drvidx, int chan,
>  	if (!skb)
>  		return -ENOMEM;
>  	skb_reserve(skb, hl);
> -	if (copy_from_user(skb_put(skb, len), buf, len))
> +	if (copy_from_user(skb_put(skb, len), buf, len)) {
> +		dev_kfree_skb(skb);
>  		return -EFAULT;
> +	}
>  	ret = dev->drv[drvidx]->interface->writebuf_skb(drvidx, chan, 1, skb);
>  	if (ret <= 0)
>  		dev_kfree_skb(skb);
> 

-- 
Karsten Keil
SuSE Labs
ISDN development



More information about the Kernel-janitors mailing list