From: Hangyu Hua <hbh25y@gmail.com>
Date: Thu, 9 Dec 2021 08:28:39 +0000 (+0800)
Subject: phonet: refcount leak in pep_sock_accep
X-Git-Tag: v4.19.225~8
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=4dece2760af408ad91d6e43afc485d20386c2885;p=users%2Fdwmw2%2Flinux.git

phonet: refcount leak in pep_sock_accep

commit bcd0f93353326954817a4f9fa55ec57fb38acbb0 upstream.

sock_hold(sk) is invoked in pep_sock_accept(), but __sock_put(sk) is not
invoked in subsequent failure branches(pep_accept_conn() != 0).

Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Link: https://lore.kernel.org/r/20211209082839.33985-1-hbh25y@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Aayush Agarwal <aayush.a.agarwal@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/net/phonet/pep.c b/net/phonet/pep.c
index c0b4cc1e108b3..fe01cc788448a 100644
--- a/net/phonet/pep.c
+++ b/net/phonet/pep.c
@@ -881,6 +881,7 @@ static struct sock *pep_sock_accept(struct sock *sk, int flags, int *errp,
 
 	err = pep_accept_conn(newsk, skb);
 	if (err) {
+		__sock_put(sk);
 		sock_put(newsk);
 		newsk = NULL;
 		goto drop;