]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blame - releases/2.6.32.17/netfilter-ip6t_reject-fix-a-dst-leak-in-ipv6-reject.patch
projects / thirdparty / kernel / stable-queue.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
4.9-stable patches
[thirdparty/kernel/stable-queue.git] / releases / 2.6.32.17 / netfilter-ip6t_reject-fix-a-dst-leak-in-ipv6-reject.patch
CommitLineData
45426b3c
GKH		 1From 499031ac8a3df6738f6186ded9da853e8ea18253 Mon Sep 17 00:00:00 2001
2From: Eric Dumazet <eric.dumazet@gmail.com>
3Date: Fri, 2 Jul 2010 10:05:01 +0200
4Subject: netfilter: ip6t_REJECT: fix a dst leak in ipv6 REJECT
5
6From: Eric Dumazet <eric.dumazet@gmail.com>
7
8commit 499031ac8a3df6738f6186ded9da853e8ea18253 upstream.
9
10We should release dst if dst->error is set.
11
12Bug introduced in 2.6.14 by commit e104411b82f5c
13([XFRM]: Always release dst_entry on error in xfrm_lookup)
14
15Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
16Signed-off-by: Patrick McHardy <kaber@trash.net>
17Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18
19---
20 net/ipv6/netfilter/ip6t_REJECT.c | 6 ++++--
21 1 file changed, 4 insertions(+), 2 deletions(-)
22
23--- a/net/ipv6/netfilter/ip6t_REJECT.c
24+++ b/net/ipv6/netfilter/ip6t_REJECT.c
25@@ -95,9 +95,11 @@ static void send_reset(struct net *net,
26 fl.fl_ip_dport = otcph.source;
27 security_skb_classify_flow(oldskb, &fl);
28 dst = ip6_route_output(net, NULL, &fl);
29- if (dst == NULL)
30+ if (dst == NULL || dst->error) {
31+ dst_release(dst);
32 return;
33- if (dst->error || xfrm_lookup(net, &dst, &fl, NULL, 0))
34+ }
35+ if (xfrm_lookup(net, &dst, &fl, NULL, 0))
36 return;
37
38 hh_len = (dst->dev->hard_header_len + 15)&~15;
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git