summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2011-10-19 15:23:06 +0400
committerPablo Neira Ayuso <pablo@netfilter.org>2011-11-01 12:20:07 +0400
commit2dad81adf2c49aa9f8bb7e7c48dff9261bd58396 (patch)
treecb37d01250683d4114e3ea9e21851447d22128ba
parente23ebf0fa9e1548c94d8277e393be97ba48faa06 (diff)
downloadlinux-2dad81adf2c49aa9f8bb7e7c48dff9261bd58396.tar.xz
netfilter: ipv6: fix afinfo->route refcnt leak on error
Several callers (h323 conntrack, xt_addrtype) assume that the returned **dst only needs to be released if the function returns 0. This is true for the ipv4 implementation, but not for the ipv6 one. Instead of changing the users, change the ipv6 implementation to behave like the ipv4 version by only providing the dst_entry result in the success case. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/ipv6/netfilter.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index 30fcee465448..8992cf6651d4 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -100,9 +100,16 @@ static int nf_ip6_route(struct net *net, struct dst_entry **dst,
.pinet6 = (struct ipv6_pinfo *) &fake_pinfo,
};
const void *sk = strict ? &fake_sk : NULL;
-
- *dst = ip6_route_output(net, sk, &fl->u.ip6);
- return (*dst)->error;
+ struct dst_entry *result;
+ int err;
+
+ result = ip6_route_output(net, sk, &fl->u.ip6);
+ err = result->error;
+ if (err)
+ dst_release(result);
+ else
+ *dst = result;
+ return err;
}
__sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,