From: Oleksij Rempel o.rempel@pengutronix.de
mainline inclusion from mainline-v5.4-rc7 commit 896daf723c845289a4ea1e68e74a5a5475aa796d category: bugfix bugzilla: 38684 CVE: NA
---------------------------
Filters array is coped from user space and linked to the j1939 socket. On socket release this memory was not freed.
Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol") Signed-off-by: Oleksij Rempel o.rempel@pengutronix.de Signed-off-by: Marc Kleine-Budde mkl@pengutronix.de Signed-off-by: Zhang Changzhong zhangchangzhong@huawei.com Reviewed-by: YueHaibing yuehaibing@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- net/can/j1939/socket.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/net/can/j1939/socket.c b/net/can/j1939/socket.c index 5c6eabcb5df1..4d8ba701e15d 100644 --- a/net/can/j1939/socket.c +++ b/net/can/j1939/socket.c @@ -580,6 +580,7 @@ static int j1939_sk_release(struct socket *sock) j1939_netdev_stop(priv); }
+ kfree(jsk->filters); sock_orphan(sk); sock->sk = NULL;