dccp: Fix memleak in __feat_register_sp

commit 1d3ff0950e2b40dc861b1739029649d03f591820 upstream. If dccp_feat_push_change fails, we forget free the mem which is alloced by kmemdup in dccp_feat_clone_sp_val. Change-Id: Ic25864978afcc0ad49b5580b62a6030a866e9efa Reported-by: Hulk Robot <hulkci@huawei.com> Fixes: e8ef967a54f4 ("dccp: Registration routines for changing feature values") Reviewed-by: Mukesh Ojha <mojha@codeaurora.org> Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
author: YueHaibing <yuehaibing@huawei.com> 2019-04-01 09:35:54 +0800
committer: Moyster <oysterized@gmail.com> 2019-09-11 14:26:37 +0200
commit: 8d58ab53449e49583dc373031da924602863f04f (patch)
tree: 122e9c581d202805f22a1216309ad9587422dafe
parent: 88349bad009d706991fc3ae477605566f9db7cce (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/net/dccp/feat.c b/net/dccp/feat.c
index 9733ddbc9..fa99d53f2 100644
--- a/net/dccp/feat.c
+++ b/net/dccp/feat.c
@@ -738,7 +738,12 @@ static int __feat_register_sp(struct list_head *fn, u8 feat, u8 is_local,
 	if (dccp_feat_clone_sp_val(&fval, sp_val, sp_len))
 		return -ENOMEM;
 
-	return dccp_feat_push_change(fn, feat, is_local, mandatory, &fval);
+	if (dccp_feat_push_change(fn, feat, is_local, mandatory, &fval)) {
+		kfree(fval.sp.vec);
+		return -ENOMEM;
+	}
+
+	return 0;
 }
 
 /**
author	YueHaibing <yuehaibing@huawei.com>	2019-04-01 09:35:54 +0800
committer	Moyster <oysterized@gmail.com>	2019-09-11 14:26:37 +0200
commit	8d58ab53449e49583dc373031da924602863f04f (patch)
tree	122e9c581d202805f22a1216309ad9587422dafe
parent	88349bad009d706991fc3ae477605566f9db7cce (diff)