tipc: fix skb may be leaky in tipc_link_input
authorHoang Le <hoang.h.le@dektech.com.au>
Mon, 11 Feb 2019 02:18:28 +0000 (09:18 +0700)
committerDavid S. Miller <davem@davemloft.net>
Tue, 12 Feb 2019 02:35:52 +0000 (18:35 -0800)
When we free skb at tipc_data_input, we return a 'false' boolean.
Then, skb passed to subcalling tipc_link_input in tipc_link_rcv,

<snip>
1303 int tipc_link_rcv:
...
1354    if (!tipc_data_input(l, skb, l->inputq))
1355        rc |= tipc_link_input(l, skb, l->inputq);
</snip>

Fix it by simple changing to a 'true' boolean when skb is being free-ed.
Then, tipc_link_rcv will bypassed to subcalling tipc_link_input as above
condition.

Acked-by: Ying Xue <ying.xue@windriver.com>
Acked-by: Jon Maloy <maloy@donjonn.com>
Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/tipc/link.c

index 2792a3cae682205970046d51de55e6ae0e5ab772..7c70034b1073e1cef8e58d3041a872745bd065ef 100644 (file)
@@ -1145,7 +1145,7 @@ static bool tipc_data_input(struct tipc_link *l, struct sk_buff *skb,
        default:
                pr_warn("Dropping received illegal msg type\n");
                kfree_skb(skb);
-               return false;
+               return true;
        };
 }