summaryrefslogtreecommitdiffstats
path: root/net/openvswitch/conntrack.h
diff options
context:
space:
mode:
authorJoe Stringer <joestringer@nicira.com>2015-10-26 04:21:48 +0100
committerDavid S. Miller <davem@davemloft.net>2015-10-28 03:32:14 +0100
commit74c16618137f1505b0a32dea3ec73a2ef6f8f842 (patch)
treea85b6a44ec0f5d8d7ae915968ee88250c323a292 /net/openvswitch/conntrack.h
parentfib_trie: leaf_walk_rcu should not compute key if key is less than pn->key (diff)
downloadlinux-74c16618137f1505b0a32dea3ec73a2ef6f8f842.tar.xz
linux-74c16618137f1505b0a32dea3ec73a2ef6f8f842.zip
openvswitch: Fix double-free on ip_defrag() errors
If ip_defrag() returns an error other than -EINPROGRESS, then the skb is freed. When handle_fragments() passes this back up to do_execute_actions(), it will be freed again. Prevent this double free by never freeing the skb in do_execute_actions() for errors returned by ovs_ct_execute. Always free it in ovs_ct_execute() error paths instead. Fixes: 7f8a436eaa2c ("openvswitch: Add conntrack action") Reported-by: Florian Westphal <fw@strlen.de> Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/openvswitch/conntrack.h')
-rw-r--r--net/openvswitch/conntrack.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/openvswitch/conntrack.h b/net/openvswitch/conntrack.h
index 82e0dfc66028..a7544f405c16 100644
--- a/net/openvswitch/conntrack.h
+++ b/net/openvswitch/conntrack.h
@@ -67,6 +67,7 @@ static inline int ovs_ct_execute(struct net *net, struct sk_buff *skb,
struct sw_flow_key *key,
const struct ovs_conntrack_info *info)
{
+ kfree_skb(skb);
return -ENOTSUPP;
}