[PATCH] [bridge] Fix double-free in br_add_if.

From: Jeff Hansen
Date: Fri Sep 25 2009 - 18:58:17 EST

There is a potential double-kfree in net/bridge/br_if.c. If br_fdb_insert
fails, then the kobject is put back (which calls kfree due to the kobject
release), and then kfree is called again on the net_bridge_port. This
patch fixes the crash.

Thanks to Stephen Hemminger for the one-line fix.

Signed-off-by: Jeff Hansen <x@xxxxxxxxxxxxxx>
net/bridge/br_if.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index eb404dc..60726e5 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -425,6 +425,7 @@ err2:
br_fdb_delete_by_port(br, p, 1);
+ p = NULL; /* kobject_put frees */
dev_set_promiscuity(dev, -1);

To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html