diff options
author | YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> | 2007-11-20 20:31:23 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2007-11-20 20:31:23 -0500 |
commit | 77adefdc9863d63f8d8bdc6a9adcdf9a6b0e2410 (patch) | |
tree | 4fe2532ad5ab2e9db497cf416acd5db634a4cd6a /net/ipv6 | |
parent | aacbe8c8800adfea42eb754396c6ebcd992cb36a (diff) |
[IPV6] TCPMD5: Fix deleting key operation.
Due to the bug, refcnt for md5sig pool was leaked when
an user try to delete a key if we have more than one key.
In addition to the leakage, we returned incorrect return
result value for userspace.
This fix should close Bug #9418, reported by <ming-baini@163.com>.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/tcp_ipv6.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index b1bfbdd85d3c..93980c3b83e6 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
@@ -637,10 +637,6 @@ static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer) | |||
637 | kfree(tp->md5sig_info->keys6); | 637 | kfree(tp->md5sig_info->keys6); |
638 | tp->md5sig_info->keys6 = NULL; | 638 | tp->md5sig_info->keys6 = NULL; |
639 | tp->md5sig_info->alloced6 = 0; | 639 | tp->md5sig_info->alloced6 = 0; |
640 | |||
641 | tcp_free_md5sig_pool(); | ||
642 | |||
643 | return 0; | ||
644 | } else { | 640 | } else { |
645 | /* shrink the database */ | 641 | /* shrink the database */ |
646 | if (tp->md5sig_info->entries6 != i) | 642 | if (tp->md5sig_info->entries6 != i) |
@@ -649,6 +645,8 @@ static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer) | |||
649 | (tp->md5sig_info->entries6 - i) | 645 | (tp->md5sig_info->entries6 - i) |
650 | * sizeof (tp->md5sig_info->keys6[0])); | 646 | * sizeof (tp->md5sig_info->keys6[0])); |
651 | } | 647 | } |
648 | tcp_free_md5sig_pool(); | ||
649 | return 0; | ||
652 | } | 650 | } |
653 | } | 651 | } |
654 | return -ENOENT; | 652 | return -ENOENT; |