Home Explore Help
Register Sign In
Apq
/
pve-edge-kernel
mirror of https://github.com/fabianishere/pve-edge-kernel.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: cab40c440e
Branches Tags
pve-edge-kernel
/
patches
/
kernel
/
0006-sctp-fix-dst-refcnt-leak-in-sctp_v6_get_dst.patch

0006-sctp-fix-dst-refcnt-leak-in-sctp_v6_get_dst.patch 2.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 
  1. From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Alexey Kodanev <[email protected]>
    3. 

  3. Date: Mon, 5 Feb 2018 15:10:35 +0300
    4. 

  4. Subject: [PATCH] sctp: fix dst refcnt leak in sctp_v6_get_dst()
    5. 

  5. MIME-Version: 1.0
    6. 

  6. Content-Type: text/plain; charset=UTF-8
    7. 

  7. Content-Transfer-Encoding: 8bit
    8. 

  8. 

  9. When going through the bind address list in sctp_v6_get_dst() and
    10. 

  10. the previously found address is better ('matchlen > bmatchlen'),
    11. 

  11. the code continues to the next iteration without releasing currently
    12. 

  12. held destination.
    13. 

  13. 

  14. Fix it by releasing 'bdst' before continue to the next iteration, and
    15. 

  15. instead of introducing one more '!IS_ERR(bdst)' check for dst_release(),
    16. 

  16. move the already existed one right after ip6_dst_lookup_flow(), i.e. we
    17. 

  17. shouldn't proceed further if we get an error for the route lookup.
    18. 

  18. 

  19. Fixes: dbc2b5e9a09e ("sctp: fix src address selection if using secondary addresses for ipv6")
    20. 

  20. Signed-off-by: Alexey Kodanev <[email protected]>
    21. 

  21. Acked-by: Neil Horman <[email protected]>
    22. 

  22. Acked-by: Marcelo Ricardo Leitner <[email protected]>
    23. 

  23. Signed-off-by: David S. Miller <[email protected]>
    24. 

  24. Signed-off-by: Fabian Grünbichler <[email protected]>
    25. 

  25. ---
    26. 

  26.  net/sctp/ipv6.c | 10 +++++++---
    27. 

  27.  1 file changed, 7 insertions(+), 3 deletions(-)
    28. 

  28. 

  29. diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
    30. 

  30. index 5d4c15bf66d2..e35d4f73d2df 100644
    31. 

  31. --- a/net/sctp/ipv6.c
    32. 

  32. +++ b/net/sctp/ipv6.c
    33. 

  33. @@ -326,8 +326,10 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr,
    34. 

  34.  		final_p = fl6_update_dst(fl6, rcu_dereference(np->opt), &final);
    35. 

  35.  		bdst = ip6_dst_lookup_flow(sk, fl6, final_p);
    36. 

  36.  
    37. 

  37. -		if (!IS_ERR(bdst) &&
    38. 

  38. -		    ipv6_chk_addr(dev_net(bdst->dev),
    39. 

  39. +		if (IS_ERR(bdst))
    40. 

  40. +			continue;
    41. 

  41. +
    42. 

  42. +		if (ipv6_chk_addr(dev_net(bdst->dev),
    43. 

  43.  				  &laddr->a.v6.sin6_addr, bdst->dev, 1)) {
    44. 

  44.  			if (!IS_ERR_OR_NULL(dst))
    45. 

  45.  				dst_release(dst);
    46. 

  46. @@ -336,8 +338,10 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr,
    47. 

  47.  		}
    48. 

  48.  
    49. 

  49.  		bmatchlen = sctp_v6_addr_match_len(daddr, &laddr->a);
    50. 

  50. -		if (matchlen > bmatchlen)
    51. 

  51. +		if (matchlen > bmatchlen) {
    52. 

  52. +			dst_release(bdst);
    53. 

  53.  			continue;
    54. 

  54. +		}
    55. 

  55.  
    56. 

  56.  		if (!IS_ERR_OR_NULL(dst))
    57. 

  57.  			dst_release(dst);
    58. 

  58. -- 
    59. 

  59. 2.14.2
    60. 

  60.