From: pablo@netfilter.org
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, Florian Westphal <fw@strlen.de>,
Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH 12/14] netfilter: ipv6: fix afinfo->route refcnt leak on error
Date: Tue, 1 Nov 2011 10:11:34 +0100 [thread overview]
Message-ID: <1320138696-28048-13-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1320138696-28048-1-git-send-email-pablo@netfilter.org>
From: Florian Westphal <fw@strlen.de>
Several callers (h323 conntrack, xt_addrtype) assume that the
returned **dst only needs to be released if the function returns 0.
This is true for the ipv4 implementation, but not for the ipv6 one.
Instead of changing the users, change the ipv6 implementation
to behave like the ipv4 version by only providing the dst_entry result
in the success case.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/ipv6/netfilter.c | 13 ++++++++++---
1 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index 30fcee4..8992cf6 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -100,9 +100,16 @@ static int nf_ip6_route(struct net *net, struct dst_entry **dst,
.pinet6 = (struct ipv6_pinfo *) &fake_pinfo,
};
const void *sk = strict ? &fake_sk : NULL;
-
- *dst = ip6_route_output(net, sk, &fl->u.ip6);
- return (*dst)->error;
+ struct dst_entry *result;
+ int err;
+
+ result = ip6_route_output(net, sk, &fl->u.ip6);
+ err = result->error;
+ if (err)
+ dst_release(result);
+ else
+ *dst = result;
+ return err;
}
__sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
--
1.7.2.5
next prev parent reply other threads:[~2011-11-01 9:12 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-01 9:11 [PATCH 00/14] netfilter updates for 3.2 pablo
2011-11-01 9:11 ` [PATCH 01/14] ipvs: Expose ip_vs_ftp module parameters via sysfs pablo
2011-11-01 9:11 ` [PATCH 02/14] ipvs: Add documentation for new sysctl entries pablo
2011-11-01 9:11 ` [PATCH 03/14] ipvs: Remove unused parameter from ip_vs_confirm_conntrack() pablo
2011-11-01 9:11 ` [PATCH 04/14] ipvs: Remove unused return value of protocol state transitions pablo
2011-11-01 9:11 ` [PATCH 05/14] ipvs: Removed unused variables pablo
2011-11-01 9:11 ` [PATCH 06/14] ipvs: secure_tcp does provide alternate state timeouts pablo
2011-11-01 9:11 ` [PATCH 07/14] ipvs: Enhance grammar used to refer to Kconfig options pablo
2011-11-01 9:11 ` [PATCH 08/14] netfilter: Remove unnecessary OOM logging messages pablo
2011-11-01 9:11 ` [PATCH 09/14] netfilter: export NAT definitions through linux/netfilter_ipv4/nf_nat.h pablo
2011-11-01 9:11 ` [PATCH 10/14] ipvs: Remove unused variable "cs" from ip_vs_leave function pablo
2011-11-01 9:11 ` [PATCH 11/14] ipvs: Fix compilation error in ip_vs.h for ip_vs_confirm_conntrack function pablo
2011-11-01 9:11 ` pablo [this message]
2011-11-01 9:11 ` [PATCH 13/14] MAINTAINERS: update netfilter maintainers pablo
2011-11-01 9:11 ` [PATCH 14/14] netfilter: do not propagate nf_queue errors in nf_hook_slow pablo
2011-11-01 9:34 ` [PATCH 00/14] netfilter updates for 3.2 David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1320138696-28048-13-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).