[BUG?] dst reference leak possible in ndisc

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [BUG?] dst reference leak possible in ndisc_send
@ 2008-07-20  6:31 Stephen Hemminger
  2008-07-20  6:33 ` Stephen Hemminger
  0 siblings, 1 reply; 2+ messages in thread
From: Stephen Hemminger @ 2008-07-20  6:31 UTC (permalink / raw)
  To: 吉藤英明, David Miller; +Cc: netdev

This code path looks like it leaks the dst_entry  if xfrm_lookup fails:

static void __ndisc_send(struct net_device *dev,
			 struct neighbour *neigh,
			 const struct in6_addr *daddr,
			 const struct in6_addr *saddr,
			 struct icmp6hdr *icmp6h, const struct in6_addr *target,
			 int llinfo)
{
	struct flowi fl;
	struct dst_entry *dst;
	struct net *net = dev_net(dev);
	struct sock *sk = net->ipv6.ndisc_sk;
	struct sk_buff *skb;
	struct icmp6hdr *hdr;
	struct inet6_dev *idev;
	int len;
	int err;
	u8 *opt, type;

	type = icmp6h->icmp6_type;

	icmpv6_flow_init(sk, &fl, type, saddr, daddr, dev->ifindex);

	dst = icmp6_dst_alloc(dev, neigh, daddr);
	if (!dst)
		return;

	err = xfrm_lookup(&dst, &fl, NULL, 0);
	if (err < 0)
		return;

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [BUG?] dst reference leak possible in ndisc_send
  2008-07-20  6:31 [BUG?] dst reference leak possible in ndisc_send Stephen Hemminger
@ 2008-07-20  6:33 ` Stephen Hemminger
  0 siblings, 0 replies; 2+ messages in thread
From: Stephen Hemminger @ 2008-07-20  6:33 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: 吉藤英明, David Miller, netdev

On Sat, 19 Jul 2008 23:31:40 -0700
Stephen Hemminger <shemminger@vyatta.com> wrote:

> This code path looks like it leaks the dst_entry  if xfrm_lookup fails:
> 
> static void __ndisc_send(struct net_device *dev,
> 			 struct neighbour *neigh,
> 			 const struct in6_addr *daddr,
> 			 const struct in6_addr *saddr,
> 			 struct icmp6hdr *icmp6h, const struct in6_addr *target,
> 			 int llinfo)
> {
> 	struct flowi fl;
> 	struct dst_entry *dst;
> 	struct net *net = dev_net(dev);
> 	struct sock *sk = net->ipv6.ndisc_sk;
> 	struct sk_buff *skb;
> 	struct icmp6hdr *hdr;
> 	struct inet6_dev *idev;
> 	int len;
> 	int err;
> 	u8 *opt, type;
> 
> 	type = icmp6h->icmp6_type;
> 
> 	icmpv6_flow_init(sk, &fl, type, saddr, daddr, dev->ifindex);
> 
> 	dst = icmp6_dst_alloc(dev, neigh, daddr);
> 	if (!dst)
> 		return;
> 
> 	err = xfrm_lookup(&dst, &fl, NULL, 0);
> 	if (err < 0)
> 		return;

Never mind xfrm_lookup frees dst on error

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2008-07-20  6:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-07-20  6:31 [BUG?] dst reference leak possible in ndisc_send Stephen Hemminger
2008-07-20  6:33 ` Stephen Hemminger

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).