net/netrom: Fix socket locking

Patch "af_rose/x25: Sanity check the maximum user frame size"
(commit 170077adb80aa1321ced68fac2edd0be3f7e4d5e) from Alan Cox got
locking wrong. If we bail out due to user frame size being too large,
we must unlock the socket beforehand.

Signed-off-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 4e705f87969f332c30939dc8acabd4f8d4d74352..3be0e016ab7df1bd34576816c1ea97232c36c7e8 100644 (file)
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -1084,8 +1084,10 @@ static int nr_sendmsg(struct kiocb *iocb, struct socket *sock,
 
        /* Build a packet - the conventional user limit is 236 bytes. We can
           do ludicrously large NetROM frames but must not overflow */
-       if (len > 65536)
-               return -EMSGSIZE;
+       if (len > 65536) {
+               err = -EMSGSIZE;
+               goto out;
+       }
 
        SOCK_DEBUG(sk, "NET/ROM: sendto: building packet.\n");
        size = len + NR_NETWORK_LEN + NR_TRANSPORT_LEN;