[PATCH AUTOSEL for 4.9 085/293] ip_tunnel: fix potential issue in ip_tunnel_rcv
From: Sasha Levin
Date: Sun Apr 08 2018 - 22:27:03 EST
From: Haishuang Yan <yanhaishuang@xxxxxxxxxxxxxxxxxxxx>
[ Upstream commit 469f87e158628fe66dcbbce9dd5e7b7acfe934a9 ]
When ip_tunnel_rcv fails, the tun_dst won't be freed, so call
dst_release to free it in error code path.
Fixes: 2e15ea390e6f ("ip_gre: Add support to collect tunnel metadata.")
Acked-by: Eric Dumazet <edumazet@xxxxxxxxxx>
Acked-by: Pravin B Shelar <pshelar@xxxxxxx>
Tested-by: Zhang Shengju <zhangshengju@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Haishuang Yan <yanhaishuang@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxxxx>
---
net/ipv4/ip_tunnel.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index 96536a0d6e2d..a665eaab5db2 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -439,6 +439,8 @@ int ip_tunnel_rcv(struct ip_tunnel *tunnel, struct sk_buff *skb,
return 0;
drop:
+ if (tun_dst)
+ dst_release((struct dst_entry *)tun_dst);
kfree_skb(skb);
return 0;
}
--
2.15.1