From patchwork Tue Jun 14 15:58:27 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <ordex@autistici.org>
X-Patchwork-Id: 1179
Return-Path: <ordex@autistici.org>
Received: from confino.investici.org (investici.nine.ch [217.150.252.179])
	by open-mesh.org (Postfix) with ESMTPS id 79A16154133
	for <b.a.t.m.a.n@lists.open-mesh.org>;
	Tue, 14 Jun 2011 17:58:37 +0200 (CEST)
Authentication-Results: open-mesh.org; dkim=pass (1024-bit key)
	header.i=@autistici.org; dkim-adsp=pass
Received: from [217.150.252.179] (confino [217.150.252.179]) (Authenticated
	sender: ordex@autistici.org) by localhost (Postfix) with
	ESMTPSA id A8940C864D; Tue, 14 Jun 2011 15:58:36 +0000 (UTC)
X-DKIM: Sendmail DKIM Filter v2.8.2 confino.investici.org A8940C864D
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org;
	s=stigmate; t=1308067117;
	bh=kMVUj5WV3VnSiVlciULd3WEG+POZtPvuv8gzOVAu8xs=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References;
	b=BeODaXxXEZiqc22w0E6fqFcRFw6OZem7P/+/1uDXYlF09n6sQSgKrCr5bhcks20LB
	O3Y/0y/Oqjcu8RAsKoNUBm4VXzeUh9z3JKNSI8qSFIcDELDmdIZNwZMo5QMNP22bsx
	wXL5QUZt/BDsxxa/eZ7ZBmMV3vc5OyEDHnVBC7+8=
From: Antonio Quartulli <ordex@autistici.org>
To: "B.A.T.M.A.N" <b.a.t.m.a.n@lists.open-mesh.org>
Date: Tue, 14 Jun 2011 17:58:27 +0200
Message-Id: <1308067107-32399-1-git-send-email-ordex@autistici.org>
X-Mailer: git-send-email 1.7.3.4
In-Reply-To: <1308066869-29254-1-git-send-email-ordex@autistici.org>
References: <1308066869-29254-1-git-send-email-ordex@autistici.org>
Subject: [B.A.T.M.A.N.] [PATCHv2] batman-adv: the skb has not to be freed in
	recv_tt_query()
X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org
X-Mailman-Version: 2.1.13
Precedence: list
Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking
	<b.a.t.m.a.n@lists.open-mesh.org>
List-Id: The list for a Better Approach To Mobile Ad-hoc Networking
	<b.a.t.m.a.n.lists.open-mesh.org>
List-Unsubscribe: <https://lists.open-mesh.org/mm/options/b.a.t.m.a.n>,
	<mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=unsubscribe>
List-Archive: <http://lists.open-mesh.org/pipermail/b.a.t.m.a.n>
List-Post: <mailto:b.a.t.m.a.n@lists.open-mesh.org>
List-Help: <mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=help>
List-Subscribe: <https://lists.open-mesh.org/mm/listinfo/b.a.t.m.a.n>,
	<mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 15:58:37 -0000

In recv_tt_query(), in case of error the skb is freed and then
NET_RX_DROP is returned. This makes the caller function wrongly invoke
kfree_skb() again. To avoid this double free recv_tt_query() has to
always return NET_RX_DROP and not to free the skb.

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---

Corrected comment. Sorry

 routing.c |    6 ++----
 1 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/routing.c b/routing.c
index 3a3cfb8..30d0f73 100644
--- a/routing.c
+++ b/routing.c
@@ -1194,7 +1194,6 @@ int recv_tt_query(struct sk_buff *skb, struct hard_iface *recv_if)
 	struct bat_priv *bat_priv = netdev_priv(recv_if->soft_iface);
 	struct tt_query_packet *tt_query;
 	struct ethhdr *ethhdr;
-	int ret = NET_RX_DROP;
 
 	/* drop packet if it has not necessary minimum size */
 	if (unlikely(!pskb_may_pull(skb, sizeof(struct tt_query_packet))))
@@ -1248,11 +1247,10 @@ int recv_tt_query(struct sk_buff *skb, struct hard_iface *recv_if)
 		}
 		break;
 	}
-	ret = NET_RX_SUCCESS;
 
 out:
-	kfree_skb(skb);
-	return ret;
+	/* returning NET_RX_DROP will make the caller function kfree the skb */
+	return NET_RX_DROP;
 }
 
 int recv_roam_adv(struct sk_buff *skb, struct hard_iface *recv_if)