From: Jesper Juhl <jesper.juhl@gmail.com>

There's an obvious memory leak in net/ipv4/tcp_probe.c::tcpprobe_read() We
are not freeing 'tbuf' on error.

[akpm@osdl.org: reworked to avoid return-from-middle-of-function]
Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 net/ipv4/tcp_probe.c |   13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff -puN net/ipv4/tcp_probe.c~fix-memory-leak-in-net-ipv4-tcp_probectcpprobe_read net/ipv4/tcp_probe.c
--- a/net/ipv4/tcp_probe.c~fix-memory-leak-in-net-ipv4-tcp_probectcpprobe_read
+++ a/net/ipv4/tcp_probe.c
@@ -114,7 +114,8 @@ static int tcpprobe_open(struct inode * 
 static ssize_t tcpprobe_read(struct file *file, char __user *buf,
 			     size_t len, loff_t *ppos)
 {
-	int error = 0, cnt = 0;
+	int error;
+	int cnt = 0;
 	unsigned char *tbuf;
 
 	if (!buf || len < 0)
@@ -129,12 +130,10 @@ static ssize_t tcpprobe_read(struct file
 
 	error = wait_event_interruptible(tcpw.wait,
 					 __kfifo_len(tcpw.fifo) != 0);
-	if (error)
-		return error;
-
-	cnt = kfifo_get(tcpw.fifo, tbuf, len);
-	error = copy_to_user(buf, tbuf, cnt);
-
+	if (error == 0) {
+		cnt = kfifo_get(tcpw.fifo, tbuf, len);
+		error = copy_to_user(buf, tbuf, cnt);
+	}
 	vfree(tbuf);
 
 	return error ? error : cnt;
_