| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Dec 2017 00:28:32 +0000
From: Nikita Shirokov <tehnerd@...com>
To: David Miller <davem@...emloft.net>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"ast@...nel.org" <ast@...nel.org>,
"vnuorval@....hut.fi" <vnuorval@....hut.fi>
Subject: Re: [PATCH net] adding missing rcu_read_unlock in ipxip6_rcv
On 12/6/17, 12:50 PM, "David Miller" <davem@...emloft.net> wrote:
From: "Nikita V. Shirokov" <tehnerd@...com>
Date: Wed, 6 Dec 2017 10:19:33 -0800
> commit 8d79266bc48c ("ip6_tunnel: add collect_md mode to IPv6 tunnels")
> introduced new exit point in ipxip6_rcv. however rcu_read_unlock is
> missing there. this diff is fixing this
>
> Signed-off-by: Nikita V. Shirokov <tehnerd@...com>
...
> @@ -903,8 +903,10 @@ static int ipxip6_rcv(struct sk_buff *skb, u8 ipproto,
> goto drop;
> if (t->parms.collect_md) {
> tun_dst = ipv6_tun_rx_dst(skb, 0, 0, 0);
> - if (!tun_dst)
> + if (!tun_dst) {
> + rcu_read_unlock();
> return 0;
> + }
> }
> ret = __ip6_tnl_rcv(t, skb, tpi, tun_dst, dscp_ecn_decapsulate,
> log_ecn_error);
Shouldn't it branch to 'drop' otherwise we leak the skb?
Fair point, will rework.
--
Nikita
Powered by blists - more mailing lists