From: Vlad Yasevich Date: Wed, 23 May 2007 15:11:37 +0000 (-0400) Subject: [SCTP] Fix leak in sctp_getsockopt_local_addrs when copy_to_user fails X-Git-Tag: v2.6.22-rc5~39^2^2~3 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fe979ac169970b3d12facd6565766735862395c5;p=linux-2.6 [SCTP] Fix leak in sctp_getsockopt_local_addrs when copy_to_user fails If the copy_to_user or copy_user calls fail in sctp_getsockopt_local_addrs(), the function should free locally allocated storage before returning error. Spotted by Coverity. Signed-off-by: Vlad Yasevich Acked-by: Sridhar Samudrala --- diff --git a/net/sctp/socket.c b/net/sctp/socket.c index a5b6e55945..45510c46c2 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -4352,11 +4352,12 @@ copy_getaddrs: err = -EFAULT; goto error; } - if (put_user(cnt, &((struct sctp_getaddrs __user *)optval)->addr_num)) - return -EFAULT; + if (put_user(cnt, &((struct sctp_getaddrs __user *)optval)->addr_num)) { + err = -EFAULT; + goto error; + } if (put_user(bytes_copied, optlen)) - return -EFAULT; - + err = -EFAULT; error: kfree(addrs); return err;