git.karo-electronics.de Git - karo-tx-linux.git/commit

author	Jesper Nilsson <jesper.nilsson@axis.com>
	Fri, 27 Mar 2009 07:17:45 +0000 (00:17 -0700)
committer	Chris Wright <chrisw@sous-sol.org>
	Thu, 2 Apr 2009 20:55:15 +0000 (13:55 -0700)
commit	c8289b1f3fb7ab89146a29e280c8f64d4f51f53a
tree	34d57fdfd9e775f9c0bd00cbeba4c0087112ed92	tree \| snapshot
parent	ed421a64825501e0bdfe848c9decf05d270a9adb	commit \| diff

ipv6: Plug sk_buff leak in ipv6_rcv (net/ipv6/ip6_input.c)

[ Upstream commit 71f6f6dfdf7c7a67462386d9ea05c1095a89c555 ]

Commit 778d80be52699596bf70e0eb0761cf5e1e46088d
(ipv6: Add disable_ipv6 sysctl to disable IPv6 operaion on specific interface)
seems to have introduced a leak of sk_buff's for ipv6 traffic,
at least in some configurations where idev is NULL, or when ipv6
is disabled via sysctl.

The problem is that if the first condition of the if-statement
returns non-NULL, it returns an skb with only one reference,
and when the other conditions apply, execution jumps to the "out"
label, which does not call kfree_skb for it.

To plug this leak, change to use the "drop" label instead.
(this relies on it being ok to call kfree_skb on NULL)
This also allows us to avoid calling rcu_read_unlock here,
and removes the only user of the "out" label.

Signed-off-by: Jesper Nilsson <jesper.nilsson@axis.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>