summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2018-01-10 18:47:05 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2018-01-10 18:47:05 -0500
commitce4bb04cae8924792ed92f4af2793b77fc986f0e (patch)
treef7869235c4c02ef8314231e1a87fcaf3279d6fdf
parent040ee69226f8a96b7943645d68f41d5d44b5ff7d (diff)
Fix a leak in socket(2) when we fail to allocate a file descriptor.
Got broken by "make sock_alloc_file() do sock_release() on failures" - cleanup after sock_map_fd() failure got pulled all the way into sock_alloc_file(), but it used to serve the case when sock_map_fd() failed *before* getting to sock_alloc_file() as well, and that got lost. Trivial to fix, fortunately. Fixes: 8e1611e23579 (make sock_alloc_file() do sock_release() on failures) Reported-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r--net/socket.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/net/socket.c b/net/socket.c
index 42d8e9c9ccd5..82433a2200ec 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -432,8 +432,10 @@ static int sock_map_fd(struct socket *sock, int flags)
{
struct file *newfile;
int fd = get_unused_fd_flags(flags);
- if (unlikely(fd < 0))
+ if (unlikely(fd < 0)) {
+ sock_release(sock);
return fd;
+ }
newfile = sock_alloc_file(sock, flags, NULL);
if (likely(!IS_ERR(newfile))) {