From a447e5c6e294997147e59a8dd766c8047ae24da8 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Sun, 15 Jan 2006 12:09:03 +0000
Subject: Don't leak mbufs and mbuf clusters in several error-handling
 situations in the if_an receive routine.

Found with:	Coverity Prevent (tm)
MFC after:	1 week
---
 sys/dev/an/if_an.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'sys/dev/an')

diff --git a/sys/dev/an/if_an.c b/sys/dev/an/if_an.c
index 3824913..fd34900 100644
--- a/sys/dev/an/if_an.c
+++ b/sys/dev/an/if_an.c
@@ -937,6 +937,7 @@ an_rxeof(struct an_softc *sc)
 			/* Read NIC frame header */
 			if (an_read_data(sc, id, 0, (caddr_t)&rx_frame, 
 					 sizeof(rx_frame))) {
+				m_freem(m);
 				ifp->if_ierrors++;
 				return;
 			}
@@ -945,16 +946,19 @@ an_rxeof(struct an_softc *sc)
 			if (an_read_data(sc, id, 0x34, 
 					 (caddr_t)&rx_frame_802_3,
 					 sizeof(rx_frame_802_3))) {
+				m_freem(m);
 				ifp->if_ierrors++;
 				return;
 			}
 			if (rx_frame_802_3.an_rx_802_3_status != 0) {
+				m_freem(m);
 				ifp->if_ierrors++;
 				return;
 			}
 			/* Check for insane frame length */
 			len = rx_frame_802_3.an_rx_802_3_payload_len;
 			if (len > sizeof(sc->buf_802_11)) {
+				m_freem(m);
 				printf("an%d: oversized packet "
 				       "received (%d, %d)\n",
 				       sc->an_unit, len, MCLBYTES);
-- 
cgit v1.1