tipc: check skb_linearize() return value in tipc_disc_rcv()

[ Upstream commit cd0f6421162201e4b22ce757a1966729323185eb ]

If skb_linearize() fails in tipc_disc_rcv(), we need to free the skb instead of
handle it.

Fixes: 25b0b9c4e835 ("tipc: handle collisions of 32-bit node address hash values")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Jon Maloy <jmaloy@redhat.com>
Link: https://lore.kernel.org/r/20221119072832.7896-1-yuehaibing@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/tipc/discover.c b/net/tipc/discover.c
index e8630707901e379b83068df89137e2d7330bed2f..e8dcdf267c0c3f79f43800bcceb4d1767e7704ce 100644 (file)
--- a/net/tipc/discover.c
+++ b/net/tipc/discover.c
@@ -211,7 +211,10 @@ void tipc_disc_rcv(struct net *net, struct sk_buff *skb,
        u32 self;
        int err;
 
-       skb_linearize(skb);
+       if (skb_linearize(skb)) {
+               kfree_skb(skb);
+               return;
+       }
        hdr = buf_msg(skb);
 
        if (caps & TIPC_NODE_ID128)