]> git.neil.brown.name Git - history.git/commitdiff
projects / history.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3078add)
[PATCH] fix memleak in sys_mq_timedsend
authorChris Wright <chrisw@osdl.org>
Tue, 4 May 2004 11:10:25 +0000 (04:10 -0700)
committerLinus Torvalds <torvalds@ppc970.osdl.org>
Tue, 4 May 2004 11:10:25 +0000 (04:10 -0700)
Move error handling to capture all three possible error conditions on
sending to a full queue.  Without this fix any unprivileged user can
leak arbitrary amounts of kernel memory.

ipc/mqueue.c patch | blob | history

diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index 8c54e3e81d229a4d1bd1301976b53df31b83e18a..d13a9f37e1450a886bb097a66bd440fd9e1f2184 100644 (file)
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -811,9 +811,9 @@ asmlinkage long sys_mq_timedsend(mqd_t mqdes, const char __user *u_msg_ptr,
                        wait.msg = (void *) msg_ptr;
                        wait.state = STATE_NONE;
                        ret = wq_sleep(info, SEND, timeout, &wait);
-                       if (ret < 0)
-                               free_msg(msg_ptr);
                }
+               if (ret < 0)
+                       free_msg(msg_ptr);
        } else {
                receiver = wq_get_first_waiter(info, RECV);
                if (receiver) {
Unnamed repository; edit this file 'description' to name the repository.