[PATCH v4 2/2] ip6_tunnel: fix potential issue in __ip6_tnl_rcv

From: Haishuang Yan
Date: Wed Jun 14 2017 - 22:30:06 EST

Next message: Haishuang Yan: "[PATCH v2] ip6_tunnel: Correct tos value in collect_md mode"
Previous message: Haishuang Yan: "[PATCH v4 1/2] ip_tunnel: fix potential issue in ip_tunnel_rcv"
In reply to: Haishuang Yan: "[PATCH v4 1/2] ip_tunnel: fix potential issue in ip_tunnel_rcv"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When __ip6_tnl_rcv fails, the tun_dst won't be freed, so call
dst_release to free it in error code path.

Fixes: 8d79266bc48c ("ip6_tunnel: add collect_md mode to IPv6 tunnels")
CC: Alexei Starovoitov <ast@xxxxxx>
Tested-by: Zhang Shengju <zhangshengju@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Haishuang Yan <yanhaishuang@xxxxxxxxxxxxxxxxxxxx>

---
Changes since v4:
* Add the the missing Fixes information
* Free tun_dst from error code path
* Add tester information
---
net/ipv6/ip6_tunnel.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 9b37f97..ef99d59 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -859,6 +859,8 @@ static int __ip6_tnl_rcv(struct ip6_tnl *tunnel, struct sk_buff *skb,
return 0;

drop:
+ if (tun_dst)
+ dst_release((struct dst_entry *)tun_dst);
kfree_skb(skb);
return 0;
}
--
1.8.3.1

Next message: Haishuang Yan: "[PATCH v2] ip6_tunnel: Correct tos value in collect_md mode"
Previous message: Haishuang Yan: "[PATCH v4 1/2] ip_tunnel: fix potential issue in ip_tunnel_rcv"
In reply to: Haishuang Yan: "[PATCH v4 1/2] ip_tunnel: fix potential issue in ip_tunnel_rcv"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]