mctp: fix use after free

Clang static analysis reports this problem
route.c:425:4: warning: Use of memory after it is freed
  trace_mctp_key_acquire(key);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~
When mctp_key_add() fails, key is freed but then is later
used in trace_mctp_key_acquire().  Add an else statement
to use the key only when mctp_key_add() is successful.

Fixes: 4f9e1ba6de45 ("mctp: Add tracepoints for tag/key handling")
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/mctp/route.c b/net/mctp/route.c
index 8d9f4ff3e285cdf38121f21ce1a1aade23d19491..e52cef7505002616f77b4fe7605b1f7324ccc82b 100644 (file)
--- a/net/mctp/route.c
+++ b/net/mctp/route.c
@@ -412,13 +412,14 @@ static int mctp_route_input(struct mctp_route *route, struct sk_buff *skb)
                         * this function.
                         */
                        rc = mctp_key_add(key, msk);
-                       if (rc)
+                       if (rc) {
                                kfree(key);
+                       } else {
+                               trace_mctp_key_acquire(key);
 
-                       trace_mctp_key_acquire(key);
-
-                       /* we don't need to release key->lock on exit */
-                       mctp_key_unref(key);
+                               /* we don't need to release key->lock on exit */
+                               mctp_key_unref(key);
+                       }
                        key = NULL;
 
                } else {