summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJulia Lawall <julia@diku.dk>2010-08-24 06:39:49 +0200
committerDavid S. Miller <davem@davemloft.net>2010-08-26 01:36:50 +0200
commitb2aff96327545aa5ceb25e3116be69c8b06de703 (patch)
tree144aa0ed207b68e163d1d8f4f13971d1fb01edcd
parentdrivers/net/irda: Eliminate memory leak (diff)
downloadlinux-b2aff96327545aa5ceb25e3116be69c8b06de703.tar.xz
linux-b2aff96327545aa5ceb25e3116be69c8b06de703.zip
net/netfilter/ipvs: Eliminate memory leak
__ip_vs_service_get and __ip_vs_svc_fwm_get increment a reference count, so that reference count should be decremented before leaving the function in an error case. A simplified version of the semantic match that finds this problem is: (http://coccinelle.lip6.fr/) // <smpl> @r exists@ local idexpression x; expression E; identifier f1; iterator I; @@ x = __ip_vs_service_get(...); <... when != x when != true (x == NULL || ...) when != if (...) { <+...x...+> } when != I (...) { <+...x...+> } ( x == NULL | x == E | x->f1 ) ...> * return ...; // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/netfilter/ipvs/ip_vs_ctl.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 0f0c079c422a..53a88af22503 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2155,7 +2155,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
if (cmd != IP_VS_SO_SET_ADD
&& (svc == NULL || svc->protocol != usvc.protocol)) {
ret = -ESRCH;
- goto out_unlock;
+ goto out_drop_service;
}
switch (cmd) {
@@ -2189,6 +2189,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
ret = -EINVAL;
}
+out_drop_service:
if (svc)
ip_vs_service_put(svc);