drivers/isdn/i4l/isdn_common.c fix small resource leak
authorDarren Jenkins <darrenrjenkins@gmail.com>
Sat, 12 Jul 2008 20:47:50 +0000 (13:47 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Sat, 12 Jul 2008 21:33:41 +0000 (14:33 -0700)
Coverity CID: 1356 RESOURCE_LEAK

I found a very old patch for this that was Acked but did not get applied
https://lists.linux-foundation.org/pipermail/kernel-janitors/2006-September/016362.html

There looks to be a small leak in isdn_writebuf_stub() in isdn_common.c, when
copy_from_user() returns an un-copied data length (length != 0).  The below
patch should be a minimally invasive fix.

Signed-off-by: Darren Jenkins <darrenrjenkins@gmailcom>
Acked-by: Karsten Keil <kkeil@suse.de>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/isdn/i4l/isdn_common.c

index 0f3c66de69bcec511b89b9c72265ada93b2bc3c2..8d8c6b736167c63427e5c013c6ae81aae3744589 100644 (file)
@@ -1977,8 +1977,10 @@ isdn_writebuf_stub(int drvidx, int chan, const u_char __user * buf, int len)
        if (!skb)
                return -ENOMEM;
        skb_reserve(skb, hl);
-       if (copy_from_user(skb_put(skb, len), buf, len))
+       if (copy_from_user(skb_put(skb, len), buf, len)) {
+               dev_kfree_skb(skb);
                return -EFAULT;
+       }
        ret = dev->drv[drvidx]->interface->writebuf_skb(drvidx, chan, 1, skb);
        if (ret <= 0)
                dev_kfree_skb(skb);