[SCTP] Fix leak in sctp_getsockopt_local_addrs when copy_to_user fails
authorVlad Yasevich <vladislav.yasevich@hp.com>
Wed, 23 May 2007 15:11:37 +0000 (11:11 -0400)
committerVladislav Yasevich <vxy@hera.kernel.org>
Wed, 13 Jun 2007 20:44:41 +0000 (20:44 +0000)
If the copy_to_user or copy_user calls fail in sctp_getsockopt_local_addrs(),
the function should free locally allocated storage before returning error.
Spotted by Coverity.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Acked-by: Sridhar Samudrala <sri@us.ibm.com>
net/sctp/socket.c

index a5b6e559451ed65bd66556ac82c7a6256add9ce5..45510c46c2232663ecb0cc3af5058490462bb78c 100644 (file)
@@ -4352,11 +4352,12 @@ copy_getaddrs:
                err = -EFAULT;
                goto error;
        }
-       if (put_user(cnt, &((struct sctp_getaddrs __user *)optval)->addr_num))
-               return -EFAULT;
+       if (put_user(cnt, &((struct sctp_getaddrs __user *)optval)->addr_num)) {
+               err = -EFAULT;
+               goto error;
+       }
        if (put_user(bytes_copied, optlen))
-               return -EFAULT;
-
+               err = -EFAULT;
 error:
        kfree(addrs);
        return err;