phonet: refcount leak in pep_sock_accep

commit bcd0f93353326954817a4f9fa55ec57fb38acbb0 upstream. sock_hold(sk) is invoked in pep_sock_accept(), but __sock_put(sk) is not invoked in subsequent failure branches(pep_accept_conn() != 0). Signed-off-by: Hangyu Hua <hbh25y@gmail.com> Link: https://lore.kernel.org/r/20211209082839.33985-1-hbh25y@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Aayush Agarwal <aayush.a.agarwal@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Hangyu Hua <hbh25y@gmail.com> 2021-12-09 16:28:39 +0800
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-01-11 15:23:33 +0100
commit: 2a6a811a45fde5acb805ead4d1e942be3875b302 (patch)
tree: a73c9573fdada0c34c070dd4c6f8d172fc6e3e6b
parent: db0c834abbc186bda56b1e13b4eb61f7126c12c5 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/net/phonet/pep.c b/net/phonet/pep.c
index a07e13f63332..0c5d0f7b8b4b 100644
--- a/net/phonet/pep.c
+++ b/net/phonet/pep.c
@@ -868,6 +868,7 @@ static struct sock *pep_sock_accept(struct sock *sk, int flags, int *errp,
 
 	err = pep_accept_conn(newsk, skb);
 	if (err) {
+		__sock_put(sk);
 		sock_put(newsk);
 		newsk = NULL;
 		goto drop;
author	Hangyu Hua <hbh25y@gmail.com>	2021-12-09 16:28:39 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-01-11 15:23:33 +0100
commit	2a6a811a45fde5acb805ead4d1e942be3875b302 (patch)
tree	a73c9573fdada0c34c070dd4c6f8d172fc6e3e6b
parent	db0c834abbc186bda56b1e13b4eb61f7126c12c5 (diff)