OpenVZ Forum


Home » Mailing lists » Devel » [PATCH] [IPV6]: dst_entry leak in ip4ip6_err. (resend)
[PATCH] [IPV6]: dst_entry leak in ip4ip6_err. (resend) [message #27457] Mon, 18 February 2008 08:59 Go to next message
den is currently offline  den
Messages: 494
Registered: December 2005
Senior Member
The result of the ip_route_output is not assigned to skb. This means that
- it is leaked
- possible OOPS below dereferrencing skb->dst
- no ICMP message for this case

Signed-off-by: Denis V. Lunev <den@openvz.org>
---
 net/ipv6/ip6_tunnel.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 9031e52..cd94064 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -550,6 +550,7 @@ ip4ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
 			ip_rt_put(rt);
 			goto out;
 		}
+		skb2->dst = (struct dst_entry *)rt;
 	} else {
 		ip_rt_put(rt);
 		if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos,
-- 
1.5.3.rc5

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Re: [PATCH] [IPV6]: dst_entry leak in ip4ip6_err. (resend) [message #27518 is a reply to message #27457] Tue, 19 February 2008 04:49 Go to previous message
davem is currently offline  davem
Messages: 463
Registered: February 2006
Senior Member
From: "Denis V. Lunev" <den@openvz.org>
Date: Mon, 18 Feb 2008 11:59:38 +0300

> The result of the ip_route_output is not assigned to skb. This means that
> - it is leaked
> - possible OOPS below dereferrencing skb->dst
> - no ICMP message for this case
> 
> Signed-off-by: Denis V. Lunev <den@openvz.org>

This bug has been there for a few releases :-)

Applied and I'll queue this up for -stable too.

Thanks!
Previous Topic: [RFC][PATCH 7/7] CGroup API: Update cpusets to use cgroup structured file API
Next Topic: [PATCH 3/7] cgroup: clean up cgroup.h
Goto Forum:
  


Current Time: Mon Feb 26 03:49:37 GMT 2024

Total time taken to generate the page: 0.03002 seconds