in_pcb: don't leak credential refcounts on error

In the error path during allocating an in_pcb, the credentials
associated with the new struct get their reference count
increased early on, but not decremented when the allocation
fails.

Reported by:		cmiller_netapp.com
MFC after:		3 days
Reviewed by:		jhb, tuexen
Sponsored by:		NetApp, Inc.
Differential Revision:	https://reviews.freebsd.org/D45033
This commit is contained in:
Richard Scheffenegger 2024-05-01 08:40:40 +02:00
parent b07689d1f2
commit 30cf0fbf26

View File

@ -655,6 +655,10 @@ in_pcballoc(struct socket *so, struct inpcbinfo *pcbinfo)
#if defined(IPSEC) || defined(IPSEC_SUPPORT) || defined(MAC) #if defined(IPSEC) || defined(IPSEC_SUPPORT) || defined(MAC)
out: out:
crfree(inp->inp_cred);
#ifdef INVARIANTS
inp->inp_cred = NULL;
#endif
uma_zfree_smr(pcbinfo->ipi_zone, inp); uma_zfree_smr(pcbinfo->ipi_zone, inp);
return (error); return (error);
#endif #endif