summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2007-01-10 22:06:32 -0800
committerDavid S. Miller <davem@sunset.davemloft.net>2007-01-23 20:25:39 -0800
commite0e8f1c8220c43bdf25cfb5622f6ab6947027fb1 (patch)
tree545e9985c6fc2e9b7e1a9019ce48ce05b848d0d6 /net
parent419dd8378dfa32985672ab7927b4bc827f33b332 (diff)
downloadlinux-stable-e0e8f1c8220c43bdf25cfb5622f6ab6947027fb1.tar.gz
linux-stable-e0e8f1c8220c43bdf25cfb5622f6ab6947027fb1.tar.bz2
linux-stable-e0e8f1c8220c43bdf25cfb5622f6ab6947027fb1.zip
[IPSEC] flow: Fix potential memory leak
When old flow cache entries that are not at the head of their chain trigger a transient security error they get unlinked along with all the entries preceding them in the chain. The preceding entries are not freed correctly. This patch fixes this by simply leaving the entry around. It's based on a suggestion by Venkat Yekkirala. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/core/flow.c26
1 files changed, 10 insertions, 16 deletions
diff --git a/net/core/flow.c b/net/core/flow.c
index d137f971f97d..5d25697920b1 100644
--- a/net/core/flow.c
+++ b/net/core/flow.c
@@ -231,22 +231,16 @@ nocache:
err = resolver(key, family, dir, &obj, &obj_ref);
- if (fle) {
- if (err) {
- /* Force security policy check on next lookup */
- *head = fle->next;
- flow_entry_kill(cpu, fle);
- } else {
- fle->genid = atomic_read(&flow_cache_genid);
-
- if (fle->object)
- atomic_dec(fle->object_ref);
-
- fle->object = obj;
- fle->object_ref = obj_ref;
- if (obj)
- atomic_inc(fle->object_ref);
- }
+ if (fle && !err) {
+ fle->genid = atomic_read(&flow_cache_genid);
+
+ if (fle->object)
+ atomic_dec(fle->object_ref);
+
+ fle->object = obj;
+ fle->object_ref = obj_ref;
+ if (obj)
+ atomic_inc(fle->object_ref);
}
local_bh_enable();