From 57bf53f9ab68d0914316b8435e9002af18c707e8 Mon Sep 17 00:00:00 2001
From: James Kilts <jameskilts@gmail.com>
Date: Mon, 18 Jan 2010 19:01:42 +0100
Subject: [PATCH 1/4] rtcfg: Prevent usage of freed pointer 'stage_1_cfg' by using 'return'
 rather than 'break' in the error condition where the stage 1 cfg is
 invalid.  Since the call to kfree_rtskb() also cleans up 'rtskb->data'
 the data pointed to by 'stage_1_cfg' is no longer allocated.  This is
 also consistent with the other error conditions in this part of the code.

Signed-off-by: James Kilts <jameskilts@gmail.com>
---
 stack/rtcfg/rtcfg_client_event.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/stack/rtcfg/rtcfg_client_event.c b/stack/rtcfg/rtcfg_client_event.c
index 022b4c5..18a915b 100644
--- a/stack/rtcfg/rtcfg_client_event.c
+++ b/stack/rtcfg/rtcfg_client_event.c
@@ -601,7 +601,7 @@ static void rtcfg_client_recv_stage_1(int ifindex, struct rtskb *rtskb)
                 RTCFG_DEBUG(1, "RTcfg: received invalid stage_1_cfg "
                             "frame\n");
                 kfree_rtskb(rtskb);
-                break;
+                return;
             }
 
             rtdev = rtskb->rtdev;
-- 
1.6.5.1.msysgit.1