Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 27922b4260f65d317aabda37e42bbbff > files > 2791

kernel-2.6.18-238.el5.src.rpm

From: Thomas Graf <tgraf@redhat.com>
Date: Wed, 25 Aug 2010 20:49:11 -0400
Subject: [net] ipv6: Plug sk_buff leak in ipv6_rcv
Message-id: <20100825204911.GA14555@lsx.localdomain>
Patchwork-id: 27819
O-Subject: [RHEL5.6 PATCH] ipv6: Plug sk_buff leak in ipv6_rcv (BZ574913)
Bugzilla: 574913
RH-Acked-by: David S. Miller <davem@redhat.com>
RH-Acked-by: Jiri Pirko <jpirko@redhat.com>

ipv6_rcv() leaks an skb if skb_share_check() succeeded but ipv6 has
been disabled via sysctl. This patch addresses the issue by freeing
the skb properly. The patch is identical to the corresponding
upstream commit 71f6f6dfdf7c7a67462386d9ea05c1095a89c555.

Resolves BZ574913

Signed-off-by: Jarod Wilson <jarod@redhat.com>

diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index 7c02a9c..ffe05ea 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -77,8 +77,7 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
 	if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL ||
 	    (ext && unlikely(ext->ipv6_devconf_ext.disable_ipv6))) {
 		IP6_INC_STATS_BH(idev, IPSTATS_MIB_INDISCARDS);
-		rcu_read_unlock();
-		goto out;
+		goto drop;
 	}
 
 	memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm));
@@ -147,7 +146,6 @@ err:
 drop:
 	rcu_read_unlock();
 	kfree_skb(skb);
-out:
 	return 0;
 }