• Jon Paul Maloy's avatar
    tipc: eliminate buffer leak in bearer layer · 4e801fa1
    Jon Paul Maloy authored
    When enabling a bearer we create a 'neigbor discoverer' instance by
    calling the function tipc_disc_create() before the bearer is actually
    registered in the list of enabled bearers. Because of this, the very
    first discovery broadcast message, created by the mentioned function,
    is lost, since it cannot find any valid bearer to use. Furthermore,
    the used send function, tipc_bearer_xmit_skb() does not free the given
    buffer when it cannot find a  bearer, resulting in the leak of exactly
    one send buffer each time a bearer is enabled.
    
    This commit fixes this problem by introducing two changes:
    
    1) Instead of attemting to send the discovery message directly, we let
       tipc_disc_create() return the discovery buffer to the calling
       function, tipc_enable_bearer(), so that the latter can send it
       when the enabling sequence is finished.
    
    2) In tipc_bearer_xmit_skb(), as well as in the two other transmit
       functions at the bearer layer, we now free the indicated buffer or
       buffer chain when a valid bearer cannot be found.
    Acked-by: default avatarYing Xue <ying.xue@windriver.com>
    Signed-off-by: default avatarJon Maloy <jon.maloy@ericsson.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    4e801fa1
discover.c 10.1 KB