kernel-fxtec-pro1x/net/xfrm
Patrick McHardy 7d6dfe1f5b [IPSEC] Fix xfrm_state leaks in error path
Herbert Xu wrote:
> @@ -1254,6 +1326,7 @@ static int pfkey_add(struct sock *sk, st
>       if (IS_ERR(x))
>               return PTR_ERR(x);
>
> +     xfrm_state_hold(x);

This introduces a leak when xfrm_state_add()/xfrm_state_update()
fail. We hold two references (one from xfrm_state_alloc(), one
from xfrm_state_hold()), but only drop one. We need to take the
reference because the reference from xfrm_state_alloc() can
be dropped by __xfrm_state_delete(), so the fix is to drop both
references on error. Same problem in xfrm_user.c.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-06-18 22:45:31 -07:00
..
Kconfig Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
Makefile Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xfrm_algo.c [XFRM]: skb_cow_data() does not set proper owner for new skbs. 2005-05-18 22:51:45 -07:00
xfrm_input.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xfrm_policy.c [IPSEC] Kill spurious hard expire messages 2005-06-18 22:43:22 -07:00
xfrm_state.c [IPSEC] Use XFRM_MSG_* instead of XFRM_SAP_* 2005-06-18 22:44:37 -07:00
xfrm_user.c [IPSEC] Fix xfrm_state leaks in error path 2005-06-18 22:45:31 -07:00