aboutsummaryrefslogtreecommitdiff
path: root/sys/dev/an
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2006-01-15 12:09:03 +0000
committerRobert Watson <rwatson@FreeBSD.org>2006-01-15 12:09:03 +0000
commitf0ee42d0f1e9cb421999a7641eafd06cfbf1fc25 (patch)
tree7b9e64bbe82d5aa4ebbc43f413e20781be107171 /sys/dev/an
parent63e0298298484d4eb6c200364d3201e5028f1666 (diff)
downloadsrc-f0ee42d0f1e9cb421999a7641eafd06cfbf1fc25.tar.gz
src-f0ee42d0f1e9cb421999a7641eafd06cfbf1fc25.zip
Don't leak mbufs and mbuf clusters in several error-handling situations
in the if_an receive routine. Found with: Coverity Prevent (tm) MFC after: 1 week
Notes
Notes: svn path=/head/; revision=154394
Diffstat (limited to 'sys/dev/an')
-rw-r--r--sys/dev/an/if_an.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/dev/an/if_an.c b/sys/dev/an/if_an.c
index 3824913ac0df..fd34900575ab 100644
--- a/sys/dev/an/if_an.c
+++ b/sys/dev/an/if_an.c
@@ -937,6 +937,7 @@ an_rxeof(struct an_softc *sc)
/* Read NIC frame header */
if (an_read_data(sc, id, 0, (caddr_t)&rx_frame,
sizeof(rx_frame))) {
+ m_freem(m);
ifp->if_ierrors++;
return;
}
@@ -945,16 +946,19 @@ an_rxeof(struct an_softc *sc)
if (an_read_data(sc, id, 0x34,
(caddr_t)&rx_frame_802_3,
sizeof(rx_frame_802_3))) {
+ m_freem(m);
ifp->if_ierrors++;
return;
}
if (rx_frame_802_3.an_rx_802_3_status != 0) {
+ m_freem(m);
ifp->if_ierrors++;
return;
}
/* Check for insane frame length */
len = rx_frame_802_3.an_rx_802_3_payload_len;
if (len > sizeof(sc->buf_802_11)) {
+ m_freem(m);
printf("an%d: oversized packet "
"received (%d, %d)\n",
sc->an_unit, len, MCLBYTES);