[PATCH] Fix TCP IPV6 MD5 bug.

[TCPv6] MD5SIG: Ensure to reset allocation count to avoid panic.

After clearing all passwords for IPv6 peers, we need to
set allocation count to zero as well as we free the storage.
Otherwise, we panic when a user trys to (re)add a password.

Discovered and fixed by MIYAJIMA Mitsuharu <miyajima.mitsuharu@anchor.jp>.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index a2d41ba133d310e76083d6c301efde8a6bb6c90b..03f53f57841ecb1de622f5b55ddc8bdbc35455b8 100644 (file)
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -637,6 +637,7 @@ static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
                        if (tp->md5sig_info->entries6 == 0) {
                                kfree(tp->md5sig_info->keys6);
                                tp->md5sig_info->keys6 = NULL;
+                               tp->md5sig_info->alloced6 = 0;
 
                                tcp_free_md5sig_pool();