From: Xin Long <lucien.xin@gmail.com>
Date: Tue, 30 Apr 2024 14:03:38 +0000 (-0400)
Subject: tipc: fix a possible memleak in tipc_buf_append
X-Git-Tag: archive/raspbian/5.10.218-1+rpi1^2^2~14
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https://%22%22/%22http:/www.example.com/cgi/%22https:/%22%22?a=commitdiff_plain;h=b3bc8fcce13f3eeb6890dcbbd30d4ff6be71adb2;p=linux.git

tipc: fix a possible memleak in tipc_buf_append

Origin: https://git.kernel.org/linus/97bf6f81b29a8efaf5d0983251a7450e5794370d

__skb_linearize() doesn't free the skb when it fails, so move
'*buf = NULL' after __skb_linearize(), so that the skb can be
freed on the err path.

Fixes: b7df21cf1b79 ("tipc: skb_linearize the head skb when reassembling msgs")
Reported-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Tung Nguyen <tung.q.nguyen@dektech.com.au>
Link: https://lore.kernel.org/r/90710748c29a1521efac4f75ea01b3b7e61414cf.1714485818.git.lucien.xin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tipc-fix-a-possible-memleak-in-tipc_buf_append.patch
---

diff --git a/net/tipc/msg.c b/net/tipc/msg.c
index 28fd19c6c41..1fcd676133e 100644
--- a/net/tipc/msg.c
+++ b/net/tipc/msg.c
@@ -148,9 +148,9 @@ int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf)
 	if (fragid == FIRST_FRAGMENT) {
 		if (unlikely(head))
 			goto err;
-		*buf = NULL;
 		if (skb_has_frag_list(frag) && __skb_linearize(frag))
 			goto err;
+		*buf = NULL;
 		frag = skb_unshare(frag, GFP_ATOMIC);
 		if (unlikely(!frag))
 			goto err;