[Linux-kernel-mentees] [PATCH net v2] tipc: Fix memory leak in tipc_group_create_member()

David Miller davem at davemloft.net
Mon Sep 14 23:37:06 UTC 2020


From: Peilin Ye <yepeilin.cs at gmail.com>
Date: Sun, 13 Sep 2020 04:06:05 -0400

> tipc_group_add_to_tree() returns silently if `key` matches `nkey` of an
> existing node, causing tipc_group_create_member() to leak memory. Let
> tipc_group_add_to_tree() return an error in such a case, so that
> tipc_group_create_member() can handle it properly.
> 
> Fixes: 75da2163dbb6 ("tipc: introduce communication groups")
> Reported-and-tested-by: syzbot+f95d90c454864b3b5bc9 at syzkaller.appspotmail.com
> Cc: Hillf Danton <hdanton at sina.com>
> Link: https://syzkaller.appspot.com/bug?id=048390604fe1b60df34150265479202f10e13aff
> Signed-off-by: Peilin Ye <yepeilin.cs at gmail.com>
> ---
> Change in v2:
>     - let tipc_group_add_to_tree() return a real error code instead of -1.
>       (Suggested by David Miller <davem at davemloft.net>)

Applied and queued up for -stable, thank you.


More information about the Linux-kernel-mentees mailing list