net/netrom: Fix socket locking

upstream commit: cc29c70dd581f85ee7a3e7980fb031f90b90a2ab

Patch "af_rose/x25: Sanity check the maximum user frame size"
(commit 83e0bbcbe2145f160fbaa109b0439dae7f4a38a9) from Alan Cox got
locking wrong. If we bail out due to user frame size being too large,
we must unlock the socket beforehand.

Signed-off-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 24da05040fd69e29d09c3256b878fba4687b4a2f..db9e263fa62e707bc1eec62a160a86ccdf2c6947 100644 (file)
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -1084,8 +1084,10 @@ static int nr_sendmsg(struct kiocb *iocb, struct socket *sock,
 
        /* Build a packet - the conventional user limit is 236 bytes. We can
           do ludicrously large NetROM frames but must not overflow */
-       if (len > 65536)
-               return -EMSGSIZE;
+       if (len > 65536) {
+               err = -EMSGSIZE;
+               goto out;
+       }
 
        SOCK_DEBUG(sk, "NET/ROM: sendto: building packet.\n");
        size = len + NR_NETWORK_LEN + NR_TRANSPORT_LEN;