From: Patrick McHardy <kaber@trash.net>
Date: Sun, 19 Jun 2005 05:45:31 +0000 (-0700)
Subject: [IPSEC] Fix xfrm_state leaks in error path
X-Git-Tag: v2.6.13-rc1~90^2~583^2~45
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7d6dfe1f5bc4c56e0c31173014a099ec3fa35907;p=pandora-kernel.git

[IPSEC] Fix xfrm_state leaks in error path

Herbert Xu wrote:
> @@ -1254,6 +1326,7 @@ static int pfkey_add(struct sock *sk, st
>       if (IS_ERR(x))
>               return PTR_ERR(x);
>
> +     xfrm_state_hold(x);

This introduces a leak when xfrm_state_add()/xfrm_state_update()
fail. We hold two references (one from xfrm_state_alloc(), one
from xfrm_state_hold()), but only drop one. We need to take the
reference because the reference from xfrm_state_alloc() can
be dropped by __xfrm_state_delete(), so the fix is to drop both
references on error. Same problem in xfrm_user.c.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed