From: Chris Wright <chrisw@sous-sol.org>
Date: Thu, 7 Dec 2006 19:34:13 +0000 (-0800)
Subject: inetpeer lead fix from DaveM
X-Git-Tag: v2.6.19.1~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=42ba5c443711296a74a208d1772f344888558119;p=thirdparty%2Fkernel%2Fstable-queue.git

inetpeer lead fix from DaveM
---

diff --git a/queue-2.6.18/ipsec-fix-inetpeer-leak-in-ipv4-xfrm-dst-entries.patch b/queue-2.6.18/ipsec-fix-inetpeer-leak-in-ipv4-xfrm-dst-entries.patch
new file mode 100644
index 00000000000..4fefa62d2d0
--- /dev/null
+++ b/queue-2.6.18/ipsec-fix-inetpeer-leak-in-ipv4-xfrm-dst-entries.patch
@@ -0,0 +1,35 @@
+From stable-bounces@linux.kernel.org  Thu Dec  7 00:45:48 2006
+Date: Thu, 07 Dec 2006 00:40:36 -0800 (PST)
+Message-Id: <20061207.004036.27798861.davem@davemloft.net>
+To: stable@kernel.org
+From: David Miller <davem@davemloft.net>
+Cc: bunk@stusta.de
+Subject: IPSEC: Fix inetpeer leak in ipv4 xfrm dst entries.
+
+We grab a reference to the route's inetpeer entry but
+forget to release it in xfrm4_dst_destroy().
+
+Bug discovered by Kazunori MIYAZAWA <kazunori@miyazawa.org>
+
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+commit 26db167702756d0022f8ea5f1f30cad3018cfe31
+Author: David S. Miller <davem@sunset.davemloft.net>
+Date:   Wed Dec 6 23:45:15 2006 -0800
+
+---
+ net/ipv4/xfrm4_policy.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- linux-2.6.18.5.orig/net/ipv4/xfrm4_policy.c
++++ linux-2.6.18.5/net/ipv4/xfrm4_policy.c
+@@ -252,6 +252,8 @@ static void xfrm4_dst_destroy(struct dst
+ 
+ 	if (likely(xdst->u.rt.idev))
+ 		in_dev_put(xdst->u.rt.idev);
++	if (likely(xdst->u.rt.peer))
++		inet_putpeer(xdst->u.rt.peer);
+ 	xfrm_dst_destroy(xdst);
+ }
+ 
diff --git a/queue-2.6.18/series b/queue-2.6.18/series
index 5562ad727c7..72e5426f212 100644
--- a/queue-2.6.18/series
+++ b/queue-2.6.18/series
@@ -10,3 +10,4 @@ pkt_sched-act_gact-division-by-zero.patch
 sunhme-fix-for-sunhme-failures-on-x86.patch
 xfrm-use-output-device-disable_xfrm-for-forwarded-packets.patch
 dm-snapshot-fix-freeing-pending-exception.patch
+ipsec-fix-inetpeer-leak-in-ipv4-xfrm-dst-entries.patch
diff --git a/queue-2.6.19/ipsec-fix-inetpeer-leak-in-ipv4-xfrm-dst-entries.patch b/queue-2.6.19/ipsec-fix-inetpeer-leak-in-ipv4-xfrm-dst-entries.patch
new file mode 100644
index 00000000000..797a41b1502
--- /dev/null
+++ b/queue-2.6.19/ipsec-fix-inetpeer-leak-in-ipv4-xfrm-dst-entries.patch
@@ -0,0 +1,35 @@
+From stable-bounces@linux.kernel.org  Thu Dec  7 00:45:48 2006
+Date: Thu, 07 Dec 2006 00:40:36 -0800 (PST)
+Message-Id: <20061207.004036.27798861.davem@davemloft.net>
+To: stable@kernel.org
+From: David Miller <davem@davemloft.net>
+Cc: bunk@stusta.de
+Subject: IPSEC: Fix inetpeer leak in ipv4 xfrm dst entries.
+
+We grab a reference to the route's inetpeer entry but
+forget to release it in xfrm4_dst_destroy().
+
+Bug discovered by Kazunori MIYAZAWA <kazunori@miyazawa.org>
+
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+commit 26db167702756d0022f8ea5f1f30cad3018cfe31
+Author: David S. Miller <davem@sunset.davemloft.net>
+Date:   Wed Dec 6 23:45:15 2006 -0800
+
+---
+ net/ipv4/xfrm4_policy.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- linux-2.6.19.orig/net/ipv4/xfrm4_policy.c
++++ linux-2.6.19/net/ipv4/xfrm4_policy.c
+@@ -273,6 +273,8 @@ static void xfrm4_dst_destroy(struct dst
+ 
+ 	if (likely(xdst->u.rt.idev))
+ 		in_dev_put(xdst->u.rt.idev);
++	if (likely(xdst->u.rt.peer))
++		inet_putpeer(xdst->u.rt.peer);
+ 	xfrm_dst_destroy(xdst);
+ }
+ 
diff --git a/queue-2.6.19/series b/queue-2.6.19/series
index afcd21de226..8ce1f9ea299 100644
--- a/queue-2.6.19/series
+++ b/queue-2.6.19/series
@@ -18,3 +18,4 @@ do_coredump-and-not-stopping-rewrite-attacks.patch
 tokenring-remote-memory-corruptor-in-ibmtr.c.patch
 xfrm-use-output-device-disable_xfrm-for-forwarded-packets.patch
 usb-fix-oops-in-phidgetservo.patch
+ipsec-fix-inetpeer-leak-in-ipv4-xfrm-dst-entries.patch