Commit eda814b9 authored by Alaa Hleihel's avatar Alaa Hleihel Committed by David S. Miller

net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments() error flow

tcf_ct_handle_fragments() shouldn't free the skb when ip_defrag() call
fails. Otherwise, we will cause a double-free bug.
In such cases, just return the error to the caller.

Fixes: b57dc7c1 ("net/sched: Introduce action ct")
Signed-off-by: default avatarAlaa Hleihel <alaa@mellanox.com>
Reviewed-by: default avatarRoi Dayan <roid@mellanox.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent ab921f3c
...@@ -704,7 +704,7 @@ static int tcf_ct_handle_fragments(struct net *net, struct sk_buff *skb, ...@@ -704,7 +704,7 @@ static int tcf_ct_handle_fragments(struct net *net, struct sk_buff *skb,
err = ip_defrag(net, skb, user); err = ip_defrag(net, skb, user);
local_bh_enable(); local_bh_enable();
if (err && err != -EINPROGRESS) if (err && err != -EINPROGRESS)
goto out_free; return err;
if (!err) { if (!err) {
*defrag = true; *defrag = true;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment