summaryrefslogtreecommitdiff
path: root/net/dccp/proto.c
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2005-10-16 11:08:46 (GMT)
committerArnaldo Carvalho de Melo <acme@mandriva.com>2005-10-20 16:44:29 (GMT)
commitffa29347dfbc158d1f47f5925324a6f5713659c1 (patch)
tree66c0360d21cc842af830b9c7ffd6e924652e7ce3 /net/dccp/proto.c
parentfda0fd6c5b722cc48e904e0daafedca275d332af (diff)
downloadlinux-fsl-qoriq-ffa29347dfbc158d1f47f5925324a6f5713659c1.tar.xz
[DCCP]: Make dccp_write_xmit always free the packet
icmp_send doesn't use skb->sk at all so even if skb->sk has already been freed it can't cause crash there (it would've crashed somewhere else first, e.g., ip_queue_xmit). I found a double-free on an skb that could explain this though. dccp_sendmsg and dccp_write_xmit are a little confused as to what should free the packet when something goes wrong. Sometimes they both go for the ball and end up in each other's way. This patch makes dccp_write_xmit always free the packet no matter what. This makes sense since dccp_transmit_skb which in turn comes from the fact that ip_queue_xmit always frees the packet. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Diffstat (limited to 'net/dccp/proto.c')
-rw-r--r--net/dccp/proto.c2
1 files changed, 0 insertions, 2 deletions
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index a1cfd0e..a021c34 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -402,8 +402,6 @@ int dccp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
* This bug was _quickly_ found & fixed by just looking at an OSTRA
* generated callgraph 8) -acme
*/
- if (rc != 0)
- goto out_discard;
out_release:
release_sock(sk);
return rc ? : len;