Skip to content

L
linux
Commit 9aaf5660 authored by Hideaki Yoshifuji's avatar Hideaki Yoshifuji
Browse files
Options

[IPV6]: Fix possible dst leakage in ndisc_send_redirect.

parent 949c3645
Hide whitespace changes
Inline Side-by-side
Showing with 5 additions and 6 deletions
net/ipv6/ndisc.c
View file @ 9aaf5660
...@@ -1292,12 +1292,6 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, ...@@ -1292,12 +1292,6 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
int hlen; int hlen;
dev = skb->dev; dev = skb->dev;
rt = rt6_lookup(&skb->nh.ipv6h->saddr, NULL, dev->ifindex, 1);
if (rt == NULL)
return;
dst = (struct dst_entry*)rt;
if (ipv6_get_lladdr(dev, &saddr_buf)) { if (ipv6_get_lladdr(dev, &saddr_buf)) {
ND_PRINTK1("redirect: no link_local addr for dev\n"); ND_PRINTK1("redirect: no link_local addr for dev\n");
...@@ -1306,7 +1300,12 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, ...@@ -1306,7 +1300,12 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &skb->nh.ipv6h->saddr); ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &skb->nh.ipv6h->saddr);
rt = rt6_lookup(&skb->nh.ipv6h->saddr, NULL, dev->ifindex, 1);
if (rt == NULL)
return;
dst = &rt->u.dst;
dst_clone(dst); dst_clone(dst);
err = xfrm_lookup(&dst, &fl, NULL, 0); err = xfrm_lookup(&dst, &fl, NULL, 0);
if (err) { if (err) {
dst_release(dst); dst_release(dst);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7