redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity

net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments() error flow 

[ Upstream commit eda814b97d ]

tcf_ct_handle_fragments() shouldn't free the skb when ip_defrag() call
fails. Otherwise, we will cause a double-free bug.
In such cases, just return the error to the caller.

Fixes: b57dc7c13e ("net/sched: Introduce action ct")
Signed-off-by: Alaa Hleihel <alaa@mellanox.com>
Reviewed-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
5.4-rM2-2.2.x-imx-squashed
Alaa Hleihel 2020-08-19 18:24:10 +03:00 committed by Greg Kroah-Hartman
parent 97a74349cf
commit e1334c4f4a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
net/sched/act_ct.c
View File

@ -186,7 +186,7 @@ static int tcf_ct_handle_fragments(struct net *net, struct sk_buff *skb,
memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm));
err = nf_ct_frag6_gather(net, skb, user);
if (err && err != -EINPROGRESS)
goto out_free;
return err;
#else
err = -EOPNOTSUPP;
goto out_free;