diff mbox

batman-adv: fix cleanup in send_tt_request()

Message ID	1308220627-27164-1-git-send-email-lindner_marek@yahoo.de (mailing list archive)
State	Accepted, archived
Commit	74db0801dd491805b1cfcbf3b0f35aaf8c3ada38
Headers	From: Marek Lindner <lindner_marek@yahoo.de> To: b.a.t.m.a.n@lists.open-mesh.org Date: Thu, 16 Jun 2011 12:37:07 +0200 Message-Id: <1308220627-27164-1-git-send-email-lindner_marek@yahoo.de> Cc: Marek Lindner <lindner_marek@yahoo.de> Subject: [B.A.T.M.A.N.] [PATCH] batman-adv: fix cleanup in send_tt_request() Precedence: list Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking <b.a.t.m.a.n@lists.open-mesh.org>

Commit Message

Marek Lindner June 16, 2011, 10:37 a.m. UTC

  The ret variable was never set to any value other than 0, therefore
the skb and tt_req_node would not be freed in case of an error.
Furthermore, the code assumed tt_req_node being always a valid
pointer by dereferencing it in the cleanup part.

Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
---
 translation-table.c |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

Comments

Antonio Quartulli June 16, 2011, 1:21 p.m. UTC | #1

On gio, giu 16, 2011 at 12:37:07 +0200, Marek Lindner wrote:
> The ret variable was never set to any value other than 0, therefore
> the skb and tt_req_node would not be freed in case of an error.
> Furthermore, the code assumed tt_req_node being always a valid
> pointer by dereferencing it in the cleanup part.
> 
> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>

Acked-by: Antonio Quartulli <ordex@autistici.org>

Marek Lindner June 17, 2011, 5:55 a.m. UTC | #2

On Thursday, June 16, 2011 03:21:49 PM Antonio Quartulli wrote:
> On gio, giu 16, 2011 at 12:37:07 +0200, Marek Lindner wrote:
> > The ret variable was never set to any value other than 0, therefore
> > the skb and tt_req_node would not be freed in case of an error.
> > Furthermore, the code assumed tt_req_node being always a valid
> > pointer by dereferencing it in the cleanup part.
> >
> > 
> >
> > Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
> 
> Acked-by: Antonio Quartulli <ordex@autistici.org>

Applied in revision 74db080.

Thanks,
Marek

diff mbox

Patch

diff --git a/translation-table.c b/translation-table.c
index 373ee81..5f1fcd5 100644
--- a/translation-table.c
+++ b/translation-table.c
@@ -1012,12 +1012,12 @@  out:
 int send_tt_request(struct bat_priv *bat_priv, struct orig_node *dst_orig_node,
 		    uint8_t ttvn, uint16_t tt_crc, bool full_table)
 {
-	struct sk_buff *skb;
+	struct sk_buff *skb = NULL;
 	struct tt_query_packet *tt_request;
 	struct neigh_node *neigh_node = NULL;
 	struct hard_iface *primary_if;
-	struct tt_req_node *tt_req_node;
-	int ret = 0;
+	struct tt_req_node *tt_req_node = NULL;
+	int ret = 1;
 
 	primary_if = primary_if_get_selected(bat_priv);
 	if (!primary_if)
@@ -1066,8 +1066,9 @@  out:
 		neigh_node_free_ref(neigh_node);
 	if (primary_if)
 		hardif_free_ref(primary_if);
-	if (ret) {
+	if (ret)
 		kfree_skb(skb);
+	if (ret && tt_req_node) {
 		spin_lock_bh(&bat_priv->tt_req_list_lock);
 		list_del(&tt_req_node->list);
 		spin_unlock_bh(&bat_priv->tt_req_list_lock);